Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer possibly corrupted?


  • Please log in to reply
1 reply to this topic

#1 MysticDragon

MysticDragon

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:00 PM

Posted 25 November 2011 - 04:07 PM

First off I want to give kudos to EVERYONE of the "helpers" here that take the time out of their busy schedules to help all us who need it. You save us money and time... so thanks!

Now, to my problem.

OS: Windows 7 (32bit)
Browser: IE8

I was browsing through a forum that I frequent and while reading a thread my AVG 2012 free version blocked an intrusion. I didn't write down the name of the file it blocked nor the location but rather just clicked "quarantine" and continued to browse that forum. However, a short time later I received a pop-up window from AVG (I think) that Windows Explorer was requesting permission to change things on my HDD. Due to this happening right after I received the block warning I clicked on the "NO" button and didn't answer my admin password. (NOTE: I wasn't using my Admin user when this happened nor was the Admin user logged in) After I clicked on the "NO" button on the permission request the whole desktop went blank! All except my wallpaper image. I pressed Ctrl+Alt+del and went to task manager and noticed that there was nothing on the applications tab but there were still processes running as well as services running. I also noticed that my CPU usage was at 100% for quite a while.
I then restarted my computer and logged into the same user to see if the problem might of been in RAM but nope, same problem happened. As the computer boots into that user account the desktop starts to populate with all the icons as usual but shortly after that and while still starting up that stupid window pops up again telling me that Windows Explorer is requesting permission to make changes to my HDD and needs my Admin password to continue. I NEVER entered the password and I always pressed no but my desktop continues to go blank except for my wallpaper.

I logged into my Admin user account and it doesn't seem to be affected by this "virus" though so I ran MBAM and it found the infection. I'm sorry, but I didn't save the log.txt file nor did I write down the infection name but I do remember it having *.exploit.4 in the name. Sorry I can't be anymore help on the name. It was 4am and I honestly figured that once MBAM deleted the file that it would solve my issue. It didn't. I also ran SAS and it found nothing. I then ran my AVG scanner, both in rootkit mode and complete scan and neither resulted in finding anything. I tried going back to MBAM this morning once I woke up but there were no logs!? Same with my AVG. No logs.

BTW, I can still run programs from the task manager by hitting the "new process" button.. or something like that and finding the program with the "Browse" button. I am assuming by this that this infection didn't affect any of the actual programs and how they run it just made my desktop go poof! :-)

One last thing, while I was logged into my Admin account I got a notice about updating Windows. I went ahead with the update which installed Windows 7 SP1 which apparently had been waiting for me to install for about a month! This didn't change anything though.

I think that's all the information I can give. If you need anything else please let me know.

I am using my admin user account as I type this as it doesn't seem to be affected by this infection but I would prefer to be using my other user account, the one that doesn't have Admin priviledges.

TIA for any help or advice given.
MD

BC AdBot (Login to Remove)

 


#2 MysticDragon

MysticDragon
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:00 PM

Posted 25 November 2011 - 06:27 PM

I just ran the online scanner from eset.com and it showed one threat: variant of Win32/Kryptik.WBF

I selected to remove it but I haven't yet restarted my computer. Hopefully that helps solve my issue. I won't do anything else though until told to do so.

Thanks,
MD

ETA: It seems to have worked as the original problem seems to have been solved. We'll see how long it lasts though.

I do want to know though what that trojan is exactly? I tried a google search on it and it didn't really show much on it.

Thanks for reading though.

Edited by MysticDragon, 25 November 2011 - 07:34 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users