Am working on a machine and have tried everything I can think of and nothing has worked.
Is windows XP, SP3
The taskbar and start button are gone, the desktop icons and wallpaper are fine. Did try extracting explorer.exe file from disk, this did nothing in case this file was corrupt is why I tried this.
Can not install anything. The windows installer will not run and neither do many services (services.msc)
There is no system restore, am told "system restore will not work for you this time, please reboot and try again" or similar message. The copy and paste do not work and can not move desktop icons. They do work when clicked. The search function will not work. Gpedit will not work. Msconfig works to a point. Does boot up slow also
Have had no problems getting on internet and using keyboard, task manager is fine, the 'run' function works when bringing up using keyboard, regedit opens and works fine, using keyboard the start button still does not work and taskbar is not on autohide. That was first thing I tried
Malware-bytes will not run. SUPERAntispyware runs and finds nothing. Spybot search & destroy runs and finds nothing. SFC /scannow finds nothing. Can not install anti-virus either from online or using flash drive. CCleaner does run. Ran esent online scanner which finds nothing. Have tried dunno how many other programs and none have found anything
Did use combofix after trying other programs but before posting here, can not install it but did run from flash drive. Is the only thing that found anything and says rootkit found and it reboots and also says regedit.exe is infected but has not been able to remove either. Have tried in normal, safe mode, as "run as" admin., safe mode admin.
I do know may just have to wipe and re-install but not sure if just wiping the disk gets rid of whatever is in this machine or if would re-appear again.
Thank you in advance for any help / suggestions and have unplugged the infected machine and will do nothing else until / unless advised. Thank you. Hope this is enough info. Thank you
Am adding this part later.
I used another computer with 'autoplay' disabled and scanned the flash drive have used on the infected computer as I can not download & install directly on infected machine and Adware found 2 variants of Win32.Hoax.Renos in the flash drive used on the infected computer. I do not know if this is helpful, thought I would add it in here
Edited by croakingfrogs, 29 March 2011 - 12:12 AM.