Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus hiding desktop, affecting google links


  • Please log in to reply
27 replies to this topic

#1 swfcrob

swfcrob

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 27 November 2009 - 04:14 AM

I've got some messed up virus on my computer and its driving me insane. when i start up my pc it logs in, but only the desktop wallpaper appears, and none of the icons.

i can start programs, open stuff by pressing ctrl alt delete and starting a new task. there's something called a.exe in the processes that ive looked up and seems to be some kind of worm.

i have installed a fair few anti virus, syware, malware programs like spybot s+d, hijackthis, ad aware, avira etc etc, but the virus blocks all of them from working properly. some of them will scan and then shut down before i can delete the problems, and some of them wont work because they are being blocked from accessing the internet for updates

and to top it all off, i cant even seem to start the pc in safe mode. when i try i get a screen full of white text, then it just resets back to the startup menu.

I have downloaded the combofix program on somebody elses advice, is this the best way to sort it out?

AAARRRRGGGHHHHHHH.

If anyone has had the patience to read all this drivel, any advice would be appreciated

BC AdBot (Login to Remove)

 


#2 petewills

petewills

  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:09:40 AM

Posted 27 November 2009 - 08:14 AM

Read this topic:

http://www.bleepingcomputer.com/forums/ind...amp;hl=combofix

Edited by Orange Blossom, 27 November 2009 - 08:30 AM.
Remove now irrelevant instructions. ~ OB


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:40 AM

Posted 27 November 2009 - 08:28 AM

Moving topic from the Windows XP forum to the Am I Infected forum. ~ OB

Edited by Orange Blossom, 27 November 2009 - 08:30 AM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 swfcrob

swfcrob
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 27 November 2009 - 08:37 AM

cheers ob, didnt see that forum

#5 braddock

braddock

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 27 November 2009 - 09:42 PM

:thumbsup:

I've got some messed up virus on my computer and its driving me insane. when i start up my pc it logs in, but only the desktop wallpaper appears, and none of the icons.

i can start programs, open stuff by pressing ctrl alt delete and starting a new task. there's something called a.exe in the processes that ive looked up and seems to be some kind of worm.

i have installed a fair few anti virus, syware, malware programs like spybot s+d, hijackthis, ad aware, avira etc etc, but the virus blocks all of them from working properly. some of them will scan and then shut down before i can delete the problems, and some of them wont work because they are being blocked from accessing the internet for updates

and to top it all off, i cant even seem to start the pc in safe mode. when i try i get a screen full of white text, then it just resets back to the startup menu.

I have downloaded the combofix program on somebody elses advice, is this the best way to sort it out?

AAARRRRGGGHHHHHHH.

If anyone has had the patience to read all this drivel, any advice would be appreciated




The Best way to Remove all kind of Virus,Trojans,Malware,Spyware, Worm,Pop Up,Hijack Web browser and all Rogue Fake
Anti-virus in you Computer is Restart You Computer Safe Mode with Networking:

1. Log out and reboot your machine.
2. When the machine starts the reboot sequence, press the F8 key repeatedly.
3. Select Safe Mode with Networking from the resulting menu.
4. Login. If the malware has changed your password, try logging in as Administrator. By default, Administrator has no password.
5. The machine will continue booting, but the Windows desktop will look different.
Then in The Safe With Networking .Download and Scan By Using Malwarebytes’ Anti-Malware http://www.download.com/Malwarebytes-Anti-...cdlPid=10997763
Download and Scan By Using Super Anti-Spyware Press here http://www.superantispyware.com/

Download and Scan By using Norman Malware Cleaner Press here http://majorgeeks.com/downloadget.php?id=5...0e991265b3250e7

Download ATF is a new, freeware, temporary file cleaner for Windows, IE, Firefox and Opera with a simple, easy-to-use interface.

The main screen allows the user to either clean all temporary files, or select files for cleaning. The program also knows if Firefox and or Opera is being used, and gives the option of cleaning the temporary files associated with those applications.

ATF Cleaner provides the user with a window showing the total bytes freed upon completion. The program is small (36kb), quick to run and no installation required. to Download ATF Cleaner press this link http://majorgeeks.com/ATF_Cleaner_d4949.html

6. When you're finished Remove Virus, Malware, Trojan, Worm, rogue virus and Spyware log out and reboot back into normal mode

#6 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:40 PM

Posted 28 November 2009 - 06:49 AM

In the event that you have more than one antivirus installed ... ?
Firstly, you should only ever have one antivirus installed and running real-time protection. If you have more than one antivirus running, please uninstall all but one.

I am not sure whether or not you can actually use Windows Explorer?
Ctrl+Alt+Del > Task Manager window > Applications tab > "New Task" > type "explorer.exe" and press
What happens when you do this?

Please follow the steps in post #2 by garmanma, to run RKill, MBAM & RR ....
http://www.bleepingcomputer.com/forums/ind...t&p=1472154

explorer.exe peek
Start > Run ..... or ...... Ctrl+Shift+Esc > (Task Manager) > "Applications" tab > "New task" >
In the "Run" box, type "cmd" and press
Type cd C:\ and press
so that the command prompt is now C:\>
Copy and paste (or type) the following at the command prompt and press
DIR /a/s %windir%\explorer.exe >Log001.txt & START notepad Log001.txt
A text file will open.
Please copy/paste the whole text in your next post.

Export SafeBoot key for diagnosis
Let's have a look at your SafeBoot registry key.

* Click Start > Run
* Copy and paste the following code in the open Run box (Do not copy the word "code")
regedit /e C:\SafeBootK.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot"
* Now click OK
* Double-click/Open My Computer and then navigate to C:\ drive
* In there, you should see a file called SafeBootK.txt
* Double-click it to open the file with Notepad.
* Copy and paste the whole contents of SafeBootK.txt in your next reply please.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#7 swfcrob

swfcrob
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 28 November 2009 - 09:14 AM

Malwarebytes' Anti-Malware 1.41
Database version: 3250
Windows 5.1.2600 Service Pack 3 (Safe Mode)

28/11/2009 13:14:54
mbam-log-2009-11-28 (13-14-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 140455
Time elapsed: 17 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wab (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\addins\addins (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\igfxtray.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Windows user\Application Data\Macromedia\Common\b818001019.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\b818001019.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Windows user\Application Data\Macromedia\Common\b81800101.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Windows user\My Documents\rob\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Adware Professional\Adware Professional.exe.vir (Rogue.AdwarePro) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Adware Professional\nutilities.dll.vir (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\msb.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\msc.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\msd.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP348\A0037347.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP348\A0038306.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP348\A0038471.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP349\A0038472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP349\A0038488.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP349\A0038494.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP350\A0038498.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP350\A0039894.exe (Rogue.AdwarePro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP350\A0039895.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP350\A0039898.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP350\A0039900.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP350\A0039901.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP350\A0039902.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP350\A0039907.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dccd.mro (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Windows user\Desktop\Adware Professional.lnk (Rogue.AdwarePro) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.






ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/28 13:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE8C6000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BB4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE1D7000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\Minidump\Minidump
Status: Locked to the Windows API!

Path: C:\WINDOWS\mui\mui
Status: Locked to the Windows API!

Path: C:\WINDOWS\Config\Config
Status: Locked to the Windows API!

Path: C:\WINDOWS\Connection Wizard\Connection Wizard
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp98\imejp98
Status: Locked to the Windows API!

Path: C:\WINDOWS\Registration\CRMLog\CRMLog
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs
Status: Locked to the Windows API!

Path: C:\WINDOWS\security\logs\logs
Status: Locked to the Windows API!

Path: C:\WINDOWS\msapps\msinfo\msinfo
Status: Locked to the Windows API!

Path: C:\WINDOWS\Debug\UserMode\UserMode
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\temp\temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\tmp\tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Status: Locked to the Windows API!

Path: C:\WINDOWS\Sun\Java\Deployment\Deployment
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Temp\Temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\5760d4b301d053a8878e2025a64e5970\backup\backup
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\backup\backup
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Status: Locked to the Windows API!

Path: C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz
Status: Locked to the Windows API!

Path: C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib
Status: Locked to the Windows API!

Path: C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Status: Locked to the Windows API!

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0xe1dfc698

#: 041 Function Name: NtCreateKey
Status: Hooked by "TfSysMon.sys" at address 0xf7538a1c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "TfSysMon.sys" at address 0xf7538c10

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "TfSysMon.sys" at address 0xf7538cb6

#: 119 Function Name: NtOpenKey
Status: Hooked by "TfSysMon.sys" at address 0xf753890c

#: 247 Function Name: NtSetValueKey
Status: Hooked by "TfSysMon.sys" at address 0xf7538e52

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "TfSysMon.sys" at address 0xf753ab30

==EOF==



Volume in drive C is HDD
Volume Serial Number is 4C43-071E

Directory of C:\WINDOWS

14/04/2008 00:12 1,033,728 explorer.exe
1 File(s) 1,033,728 bytes

Directory of C:\WINDOWS\$hf_mig$\KB938828\SP2QFE

13/06/2007 11:26 1,033,216 explorer.exe
1 File(s) 1,033,216 bytes

Directory of C:\WINDOWS\$NtServicePackUninstall$

13/06/2007 10:23 1,033,216 explorer.exe
1 File(s) 1,033,216 bytes

Directory of C:\WINDOWS\$NtUninstallKB938828$

04/08/2004 13:00 1,032,192 explorer.exe
1 File(s) 1,032,192 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

14/04/2008 00:12 1,033,728 explorer.exe
1 File(s) 1,033,728 bytes

Total Files Listed:
5 File(s) 5,166,080 bytes
0 Dir(s) 22,090,833,920 bytes free



Thanks for helping out guys. I can start internet explorer by ctrl alt delete and 'new task'.

Those are the malwarebyts and rootrepeal reports. I typed that comand in for the safe boot key thing, but after pressing enter i cant find the safebootK.txt file in the c drive

#8 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:40 PM

Posted 28 November 2009 - 10:28 AM

when i start up my pc it logs in, but only the desktop wallpaper appears

So, how then do you navigate around your system?
I wrote:

I am not sure whether or not you can actually use Windows Explorer?
Ctrl+Alt+Del > Task Manager window > Applications tab > "New Task" > type "explorer.exe" and press <ENTER>
What happens when you do this?

You wrote: "I can start internet explorer by ctrl alt delete and 'new task'."
I was asking about Windows Explorer, not Internet Explorer. I gather from the data you have just supplied that you can use Windows Explorer without a problem, as normal, with your Desktop, Desktop icons, Taskbar and Start button all displaying normally. Is that correct?

You wrote: "i cant find the safebootK.txt file in the c drive"
Try this: Show hidden and system files and folders by doing the following ....
Using Windows Explorer, go to Tools > Folder Options > and click on the "View" tab
Using the scroll bar at the side of the dialog box, find and check-mark "Show hidden files and folders", UNcheck "Hide protected operating system files (Recommended)", and also UNcheck "Hide extensions for known file types".
Click "Apply to All Folders", click "Apply" and click "OK".
Can you find C:\safebootK.txt now?
----------------------
If not, please try the following alternative ....
Malware has most likely removed the SafeBoot key or sub-key(s) (there should be two sub-keys, "Minimal" and "Network") from the Windows registry. To check this, please do the following ...

WARNING:
(The information provided requires using the Windows Registry Editor.)
Improper changes to the registry could render your computer inoperable.
Do NOT make any changes while using the Registry Editor to obtain the necessary information.

Start > Run and type "regedit" and press <ENTER>
Navigate to the following key ..
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot <<< key
(Do the key/sub-keys exist? If not, please let us know.)
Right-click on the "SafeBoot" key in the left window pane and choose "Export".
Choose to save it to your Desktop, and type in a name for the saved file (say "sbkey"), and click on "Save".
Close the Registry Editor window.

On your Desktop, locate the saved file "sbkey.reg", and right-click on it, and choose "Rename".
Add ".txt" to the end of the file name so that it now looks like this "sbkey.reg.txt".
Select the file "sbkey.reg.txt".
Right-click > Send to > compressed (zipped) folder.
Now, attach the zipped file with your next post.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#9 swfcrob

swfcrob
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 28 November 2009 - 10:50 AM

I gather from the data you have just supplied that you can use Windows Explorer without a problem, as normal, with your Desktop, Desktop icons, Taskbar and Start button all displaying normally. Is that correct?


no, i cannot see my desktop icons, taskbar, start button etc. all i have is the background wallpaper, and i am pressing ctrl alt delete to bring up the task manager so i can open internet explorer, and run programs.

how do i find 'tools' from the task manager?

I followed the second process you gave me. i have found the safeboot key in reg editor and exported it to my desktop, but i cant access it when i go to task manager, new task, desktop. it doesnt show up

#10 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:40 PM

Posted 28 November 2009 - 01:26 PM

Ctrl+Alt+Del > Task Manager window > Applications tab > "New Task" > type "explorer.exe" and press <ENTER>
What happens when you do this?


AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#11 swfcrob

swfcrob
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 28 November 2009 - 02:37 PM

ah sorry, forgot to do that.

'windows cannot access the specified device, path, or file. you may not have the appropriate permissions to access the item'

i am currently in safe mode with networking if that makes a difference

#12 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:40 PM

Posted 28 November 2009 - 03:04 PM

i am currently in safe mode with networking

Good!
Navigate to
C:\Windows\explorer.exe
Copy the file "explorer.exe" and paste a copy in the same (Windows) folder, and rename it "aaa.exe".

Start the system normally, and when you arrive at your blank Desktop, do the following ...
Ctrl+Shift+Esc > Task Manager window > Applications tab > "New Task" > and type "aaa.exe" and press <ENTER>
What happens?
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#13 swfcrob

swfcrob
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 28 November 2009 - 03:40 PM

when i try and paste explorer into the same window its telling me 'access is denied'

edit: i can copy and rename 'shortcut to explorer' but i guess thats not going to achieve the same thing?

Edited by swfcrob, 28 November 2009 - 03:54 PM.


#14 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:40 PM

Posted 28 November 2009 - 03:48 PM

when i try and paste explorer into the same window its telling me 'access is denied'

Please try this ...
Right-click on the file "explorer.exe" and choose "Properties"
If the "Read only" box is marked (maybe with a green square?), un-check it by clicking in the little box, until the little box is empty.
Try copy/paste again.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#15 swfcrob

swfcrob
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 29 November 2009 - 11:20 AM

the read only box was already empty




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users