Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop icons and taskbar constantly disappearing...


  • Please log in to reply
5 replies to this topic

#1 ccmetz

ccmetz

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 07 January 2009 - 08:47 PM

Hey guys! I'll first start off with explaining the situation: One day, I was online just looking at my normal sites and all of a sudden, norton starts telling me about all these viruses that its blocking/quarantining/removing. A few hours later, my taskbar and desktop icons completely disappear. After searching online, I found out that the program that runs these things is explorer.exe. In task manager I have to manually run explorer.exe, and even when I do that, it continuously shuts on and off. I now open all my programs with task manager because my icons and taskbar keep disappearing on me. I've run scans on norton antivirus, spysweeper, and superantispyware. So far...nothing. I have no idea what to do and I really don't want to spend like $300 to have Best Buy's geek squad to come and fix it for me. Does anyone have any idea about what I can do to fix this? Thanks for reading and I hope you can help me solve my problem!

EDIT: Sorry, there was another topic made about my same problem, just use this thread instead of the other. I'm guessing one of you guys are gonna say to download MBAM and give you a log right?

Edited by ccmetz, 07 January 2009 - 10:12 PM.


BC AdBot (Login to Remove)

 


#2 ccmetz

ccmetz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 07 January 2009 - 10:18 PM

Sorry to double post, but another problem that have been noticing is my internet going out every once in awhile. It could possibly be linked to the same spyware/virus that is causing my explorer.exe to go wacky.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,946 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:38 AM

Posted 07 January 2009 - 10:27 PM

What is your operating system: Window XP, Vista, etc.?

What security programs do you have installed?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 ccmetz

ccmetz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 07 January 2009 - 10:51 PM

Windows XP, security programs: Norton Antivirus, Spysweeper, Superantispyware.
I just installed and did a quick scan on MBAM, it seems to have fixed the problem with explorer.exe because my desktop icons are no longer disappearing. Here's the log:

Malwarebytes' Anti-Malware 1.32
Database version: 1629
Windows 5.1.2600 Service Pack 2

1/7/2009 9:41:47 PM
mbam-log-2009-01-07 (21-41-47).txt

Scan type: Quick Scan
Objects scanned: 72668
Time elapsed: 11 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 22
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\tuvWnmLd.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975a7466-6890-41a4-89cb-d82f5e613e5a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{975a7466-6890-41a4-89cb-d82f5e613e5a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{975a7466-6890-41a4-89cb-d82f5e613e5a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\powervideo.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f627a939-3f63-42e2-b77b-f733cb2439c9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{fadc335e-6a47-47ef-97b8-704c72d1e725} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{66d69cc1-5373-4730-ab8e-24d2ab7ff95f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{66d69cc1-5373-4730-ab8e-24d2ab7ff95f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\PowerVideo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvwnmld -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvwnmld -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tuvWnmLd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dLmnWvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dLmnWvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCrSiI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-456224759-3140140941-1525113839-1008\Dc3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Is there anything else I can do to make sure that my computer is completely clean? I want to be 100% sure that my computer is running smoothly so another problem doesn't come up again. Also, that MBAM program seems very good for freeware especially, should I run it like once a week to keep my computer clean? Should I even bother keeping Norton or spysweeper around because they didn't really do their jobs to keep my computer protected!

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,946 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:38 AM

Posted 07 January 2009 - 11:10 PM

Did you allow your computer to reboot? If not, please do so and run MBAM again.

Should I even bother keeping Norton or spysweeper around because they didn't really do their jobs to keep my computer protected!


To quote from quietman7,
No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection.

Also, that MBAM program seems very good for freeware especially


Yes, MBAM is a very good program. Please be certain to update it each time before scanning with it.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 ccmetz

ccmetz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 07 January 2009 - 11:18 PM

Ah yes, thanks for the help orange blossom! I'll probably keep norton because it's my only true antivirus and i believe the only one provides realtime protection. I don't know if I should keep paying for spysweeper when I have all of these free spyware programs like: superantispyware and MBAM. I might look into using firefox instead of internet explorer because they are more susceptible to viruses and such. Well, anyway, thanks for the help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users