IfOnlyIBoughtaMac wrote:
> Well, to start off, three days ago I logged onto my computer. To my
> surprise it took much longer than normal to log onto the profile.
> Once it finally loaded I was shocked to find a completely empty
> desktop other than the wallpaper. The mouse cursor still responded,
> but clicking did nothing. Ctrl + alt + delete still worked
> thankfully, allowing me to access and research the problem...very
> slowly. My first suspicion was that it was a vundo trojan. I used
> Spyware doctor to scan and delete anything it found on my computer
> in safe mode. It removed some viruses, but nothing changed. After
> that I found that it could simply be the user profile being
> corrupted. I made a new one, logged on, same deal. After trying
> some crazy solutions to no avail I finally got somewhere.
> Explorer.exe is not the shell value...with a flicker of hope I
> changed the value to what it should be, loaded explorer.exe from
> the task manager, and there it was fixed! I thought my problem was
> solved, but it wasn't. With each restart the shell value in
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon persists to reset to C:\\F5MdG.exe. I've
> searched for a solution but have failed to find one. Any help would
> be greatly appreciated, thanks!
If you had bought a mac - you'd have spent 40% more, had fewer options on
what you could/could not do like everyone else and be paying someone else to
fix it (you may still do the latter, but let's give a few things a go, shall
we?)
First - you are still infested.
Fix it your manualy way as many times as you have to to get through these
procedures - however - my guess is that it will be fixed after the run
through with Malwarebytes. *DO NOT JUST SKIP TO THAT STEP*
Uninstall Spyware Doctor.
Uninstall any and all third-party antivirus software (Zone Alarm, etc.)
- Ensure the Windows Firewall is enabled!
What AntiVirus software are you currently running?
First - getting some information from you is vital:
Press and hold down the Windows key on your keyboard and then press the
"Pause/Break" key. Let go of both. This is equivalent in Windows XP to
having right-clicked on the "My Computer" icon and chosen "Properties"
from the menu that appears. When the new window appears - ensure you are
under the "General" tab. Is there *anything* in there to indicate you
have a 64-bit version of Windows XP, like the words, "Windows XP
Professional x64 Edition Version"?
Next we will get the edition and version information...
Start button --> RUN
(no "RUN"? Press the "Windows Key" + R on your keyboard)
--> type in:
winver
--> Click OK.
The picture at the top of the window that opens will give you the general
(Operating System name and edition) while the line starting with the word
"version" will give you the rest of the story. Post _both_ in response
to this message verbatim. No paraphrasing - instead - ensure
character-for-character copying.
What version of Internet Explorer are you currently using? Easy to find
out. Open Internet Explorer and while that is in-focus, press and hold
the "ALT" key on your keyboard. With the "ALT" key still pressed, press
(just once, no holding) the "H" key. Now, with the "ALT" key still
pressed, press (just once, no holding) the "A" key. That will bring up
the "About Internet Explorer" window. It will give you the exact version
you are using - repeat what you see there in response to this message.
Now that we have some base information, let's cleanup some, beyond
the removal of the Spyware Doctor and any third party firewall
software you might have had.
Reboot so you start with a fresh machine. For everything here you will
need to logon as an user with administrative (installation) priviledges.
You will first be running (one at a time with reboots in-between each)
three different anti-spyware/anti-malware applications to ensure you
come up clean.
Download, install, run, update and perform a full scan with the following
(freeware version):
SuperAntiSpyware
[URL="http://www.superantispyware.com/"]http://www.superantispyware.com/[/URL]
Reboot and logon as administrative user.
Download, install, run, update and perform a full scan with the following
(freeware version):
MalwareBytes
[URL="http://www.malwarebytes.com/"]http://www.malwarebytes.com/[/URL]
Reboot and logon as administrative user.
Download and run the MSRT manually:
[URL="http://www.microsoft.com/security/malwareremove/default.mspx"]http://www.microsoft.com/security/malwareremove/default.mspx[/URL]
You may find nothing, you may find only cookies, you may think it is a
waste of time - but if you do all this and report back here with what you
do/don't find as you are doing all of it - you are adding more pieces to
the puzzle and the entire picture just may become clearer and your
problem resolved.
Next - we want to fix your file/registry permissions...
Ignore the title and follow the sub-section under
"Advanced Troubleshooting" titled,
"Method 1: Reset the registry and the file permissions"
[URL="http://support.microsoft.com/kb/949377"]http://support.microsoft.com/kb/949377[/URL]
*will take time
** Ignore the last step (6) - you'll should have SP3 if you have 32-bit
Windows XP - but not now during this process.
You will likely see errors pass by if you watching, even count up. No
worries *at this time*.
*After* that is done, continue on to the next part where you clean off
some excess (unnecessary) files. It only removes those you definitely
do not need, if you follow the directions *as given* and do not deviate.
So reboot (for each of these steps, it is just best to reboot right
before - but I will continue to point that out) and logon as an user with
administrative priviledges.
Download/install the "Windows Installer CleanUp Utility":
[URL="http://support.microsoft.com/kb/290301"]http://support.microsoft.com/kb/290301[/URL]
After installing, do the following:
Start button --> RUN
(no "RUN"? Press the "Windows Key" + R on your keyboard)
--> type in:
"%ProgramFiles%\Windows Installer Clean Up\msizap.exe" g!
--> Click OK.
(The quotation marks and percentage signs and spacing should be exact.)
It will flash by *quick*, don't expect much out of this step to get
excited about. But the cleaner your machine is to start with, the
better your luck will be later (not really luck - more like preparedness,
but that's not as fun to think about, eh?)
Reboot and logon as administrative user.
Download/Install the latest Windows Installer (for your OS):
( Windows XP 32-bit : WindowsXP-KB942288-v3-x86.exe )
[URL="http://www.microsoft.com/downloadS/details.aspx?familyid=5A58B56F-60B6-4412-95B9-54D056D6F9F4&displaylang=en"]http://www.microsoft.com/downloadS/details.aspx?familyid=5A58B56F-60B6-4412-95B9-54D056D6F9F4&displaylang=en[/URL]
Reboot and logon as administrative user.
Download the latest version of the Windows Update agent from here (x86):
[URL="http://go.microsoft.com/fwlink/?LinkID=91237"]http://go.microsoft.com/fwlink/?LinkID=91237[/URL]
.... and save it to the root of your C:\ drive. After saving it to the
root of the C:\ drive, do the following:
Close all Internet Explorer windows and other applications.
Start button --> RUN and type in:
%SystemDrive%\windowsupdateagent30-x86.exe /WUFORCE
--> Click OK.
(If asked, select "Run.) --> Click on NEXT --> Select "I agree" and click on
NEXT --> When it finishes installing, click on "Finish"...
Reboot and logon as administrative user.
Visit this web page:
How do I reset Windows Update components?
[URL="http://support.microsoft.com/kb/971058"]http://support.microsoft.com/kb/971058[/URL]
.... and click on the "Microsoft Fix it" icon. When asked, select "RUN",
both times. Check the "I agree" box and click on "Next". Check the box
for "Run aggressive options (not recommended)" and click "Next". Let
it finish up and follow the prompts until it is done. Close/exit and
reboot when it is.
You should now perform a full CHKDSK on your system drive (C
...
How to scan your disks for errors
[URL="http://support.microsoft.com/kb/315265"]http://support.microsoft.com/kb/315265[/URL]
* will take time and a reboot
You should now perform a full Defragment on your system drive (C
...
How to Defragment your hard drives
[URL="http://support.microsoft.com/kb/314848"]http://support.microsoft.com/kb/314848[/URL]
* will take time
Reboot.
Log on as an user with administrative rights and open Internet Explorer
and visit [URL="http://windowsupdate.microsoft.com/"]http://windowsupdate.microsoft.com/[/URL] and select to do a
CUSTOM scan...
Every time you are about to click on something while at these web pages -
first press and hold down the CTRL key while you click on it. You can
release the CTRL key after clicking each time.
Once the scan is done, select just _ONE_ of the high priority updates
(deselect any others) and install it.
Reboot again.
If it did work - try the web page again - selecting no more than 3-5 at a
time. Rebooting as needed.
The Optional Software updates are generally safe - although I recommend
against the "Windows Search" one and any of the "Office Live" ones or
"Windows Live" ones for now. I would completely avoid the
Optional Hardware updates. Also - I do not see any urgent need to
install Internet Explorer 8 at this time.
Seriously - do all that. This is like antibiotics - don't skip a single
step, don't quit because you think things will be okay now - go through
until the end, until you have done everything given in the order given. If
you have a problem with a step come ask and let someone here get you
through that step. If you don't understand how to do a step, come back
and ask here about that step and let someone walk you through it.
Then - when done - let everyone here know if it worked for you - or if
you have more issues.
As for your antivirus situation - I don't know what you have currently - but
I suggest either the freeware Avira AntiVirus or the cost eSet Nod32
(antivirus only) - and if you want an extra layer of actual protection
without the overhead of some of the others - purchase and activate that copy
of MalwareBytes.
FAQ
Search
Profile
Private Messages
Log in
