Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Signs: Black Background - Hidden Desktop Icons - Hidden User Files


  • Please log in to reply
4 replies to this topic

#1 jbounce

jbounce

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 20 May 2011 - 02:21 PM

Hi all,

Can anybody please help me with this one. I see a lot of computers lately with the same type of malware infection. I am able to remove the infection with Kaspersky Virus Removal Tool, Hitman Pro and MBAM; however, the changes do not revert back. All computers are either Windows Vista or Windows 7. All of the computers have the following symptoms before and after the clean-up: Black background screen which cannot be changed via Personalize option, hidden desktop and user files, hidden or white quick launch icons, disabled system restore.

Is this a new type of infection? I haven't seen this type of infection before. Is there a good solution guide for removing this malware and reverting back the changes?

BC AdBot (Login to Remove)

 


#2 Jugger

Jugger

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 20 May 2011 - 03:01 PM

I had this infection yesterday. I used the procedure for "Windows XP Recovery" removal, which first requires the use of a program called rkill, before using Malwarer Bytes. This sounds exactly like what happened to me. Look on this site for Windows XP Recovery removal for the link to rkill and this will probably work for you.

Edited by Jugger, 20 May 2011 - 03:02 PM.


#3 bdelp2

bdelp2

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 20 May 2011 - 03:02 PM

Hello All ~
I am having the same problem with windows XP. Any help would be much appreciated.

Thanks ~
Bryan

#4 bdelp2

bdelp2

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 20 May 2011 - 03:05 PM

I used rkill and got a desk top back but no icons or programs.

#5 Oopazy

Oopazy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 20 May 2011 - 03:14 PM

Had the same issue today at a job site as well, only one client was affected on a network of about 20 users however. All icons, files, and folders were hidden, processes like ie8 were being terminated immediately when started, black background. Numerous "you're computer is infected, click here" traps were popping up. The machine reboot itself the first time I remotely connected into it from another job site, so I quickly headed onsite to see if I could do anything. I'm still learning this field so I'm assuming the way I handled this infection was atrocious, but I did my best and it seemed to have worked. I booted the Windows XP Pro SP3 up in safe mode, verified all of the warnings and complaints the user had told me earlier on the phone. I changed the view options to display hidden files and folders which brought back everytihng in explorer, but not the desktop. I tried to manually path to ie8.exe and run it, however the program would not start. I then downloaded combofix onto an external and moved it to the root of C: and ran it. Combofix ended up deleting a few files such as 15785764.exe and azip32.dll and a few others which I cannot say because the combofix log file was not saved due to a HDD write error caused by whatever virus or malware. Combofix seemed to be stuck in a loop of trying to save the log file so I manually restarted the PC and brought it back up in safemode, desktop icons were back, files and folders were being shown again and not transparent/hidden. I ran malwarebytes which detected 4 more items related to the HDD issue, they were deleted. Sadly I am of no use other than telling you guys how I dealt with it, I do not have the MBAM log as I am offsite now. But I can say that I left a Vipre Enterprise deep scan running and it immediately found a Exploit.PDF-JS.Gen (v) and quarantined it. Can anyone say outright if that was the cause? The customer does use Adobe reader, and downloads PDF's from outlook multiple times a day. I know that it's a JavaScript exploit of Adobe PDF reader. Sorry this post is very long and more of me getting my thoughts down than anything else, I hope it helps.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users