Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus w/ google redirect and missing desktop icons


  • Please log in to reply
40 replies to this topic

#31 mjdennis

mjdennis
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 12 July 2011 - 10:01 PM

I hate to be this vague, but...
In the very beginning of my search for a solution to this problem, I stumbled across a forum entry (here on bleeping computer, I believe) where the solution involved a registry key change that hid the icons. I cannot find that article again.

Any thoughts that we can look a little deeper into the registry for a solution -- especially as we haven't tackled the missing items on the Start Menu -- and that is a lot of items.

Thanks, Mike

BC AdBot (Login to Remove)

 


#32 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:02 AM

Posted 12 July 2011 - 10:15 PM

Re-run SL with this code (it may take a while):

:regfind
*desktop*

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#33 mjdennis

mjdennis
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 13 July 2011 - 04:14 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 07:33 on 13/07/2011 by Mike
Administrator - Elevation successful

========== regfind ==========

Searching for "*desktop*"
No data found.

-= EOF =-

#34 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:02 AM

Posted 13 July 2011 - 07:19 PM

Login to your wife account and re-run same SL as in my reply #28

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#35 mjdennis

mjdennis
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 13 July 2011 - 09:10 PM

OK, duh, I should have seen that coming.

#36 mjdennis

mjdennis
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 14 July 2011 - 06:14 AM

Good news... I developed a wild hair last night, and ran UnHide from the Susan desktop.
Start Menu items and desktop icons all appear to be back -- pretty sure that is all of them.

Ran SL next, with negative results [logically]
=====
SystemLook 04.09.10 by jpshortstuff
Log created at 06:53 on 14/07/2011 by Susan
Administrator - Elevation successful

========== regfind ==========

Searching for "*desktop*"
No data found.

-= EOF =-

=====
Any idea why my desktop picture does not appear? That's the last thing to fix, but fixing that is icing on the cake

#37 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:02 AM

Posted 14 July 2011 - 01:38 PM

Good news indeed :)

Any idea why my desktop picture does not appear?

Can't you change it through display properties?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#38 mjdennis

mjdennis
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 15 July 2011 - 05:10 AM

OK, got the background back. It had become disconnected from the properties somehow, although it showed as a valid choice. Once I found where the file was kept, and reconnected it, it works.

Looks like that's it for the problems. Any clean-up left to do?

#39 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:02 AM

Posted 15 July 2011 - 11:06 AM

Very good :)

Couple more steps....

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#40 mjdennis

mjdennis
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 16 July 2011 - 05:39 AM

C:\Documents and Settings\Mike\Desktop\[4] Organize\registrybooster.exe Win32/RegistryBooster application
C:\RECYCLER\S-1-5-21-3602600986-1351049935-893349815-500\Dc4853.pdf PDF/Exploit.Pidief.PDS.Gen trojan
C:\RECYCLER\S-1-5-21-3602600986-1351049935-893349815-500\Dc103.IE5\4PANWHMV\control[1].html Win32/Adware.SpywareProtect2009 application
C:\RECYCLER\S-1-5-21-3602600986-1351049935-893349815-500\Dc4830.IE5\UKJRPLJF\index-functions[1].js Win32/RegistryBooster application
C:\RECYCLER\S-1-5-21-3602600986-1351049935-893349815-500\Dc88.IE5\ZXWE2V6G\index-functions[1].js Win32/RegistryBooster application

#41 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:02 AM

Posted 16 July 2011 - 10:37 AM

Uninstall:
Java™ SE Runtime Environment 6 Update 1
Java™ SE Development Kit 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Java DB 10.3.1.4

===============================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users