Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer infected with "XP HOME SECURITY 2012"


  • Please log in to reply
6 replies to this topic

#1 smhz_leo

smhz_leo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 14 January 2012 - 11:29 AM

Hi There,

My computer was infected with "XP HOME SECURITY 2012", I tried to remove it by following the instructions on BC forums, i only had partial success, the problem was though that my computer was more severely infected than the instruction was posted, for example, i could not find what to do when the files are not visible OR when you point to your C OR D your drive shows 0 bytes available and i could't see any of my programs in start-up i couldn't see my contents in my C and D drive, although i took care of those problems, the problem now i face is when i go to START>ALLPROGRAMS>MICROSOFT OFFICE>(Empty), the other way i open WORD OR EXCEL is by going to the folder and open the word file,

I am not able to see any of the program in the program list is shows as "EMPTY"

I would like somebody to help me find an solution to the problem.

Thanks

Edited by hamluis, 14 January 2012 - 03:26 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:23 AM

Posted 14 January 2012 - 11:56 AM

Press Windows+R key and type

%temp% and click ok

Do you have a folder called smtmp?

Did you run a scan with tdsskiller?

#3 smhz_leo

smhz_leo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 15 January 2012 - 02:53 PM

Thanks for your help, I followed the step you showed, and I have a folder "SMTMP" in temp folder, but what do i do now - In SMTMP folder i have 3 more folders and i have all the shortcuts for the programs in those folders, how do i restore those, or what do i do to reflect those in my programs>..., where i still can't see that shortcuts.

Plz help

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:23 AM

Posted 15 January 2012 - 07:54 PM

I hope you ran the UNHIDE fix

Backup SMTMP folder to safe location


Copy the entire content of this folder:
c:\users\username\appdata\local\temp\smtmp\1
and paste it to this folder:
C:\Documents and Settings\All Users\Start Menu


c:\users\username\appdata\local\temp\smtmp\2
and paste it to this folder:
C:\Documents and Settings\Username\Application Data\Microsoft\Internet Explorer\Quick Launch.

Copy the entire content of this folder:

c:\users\username\appdata\local\temp\smtmp\4
and paste it to this folder:
C:\Documents and Settings\All Users\Desktop.

You did not post the TDSSKILLER log.This rogue usually drops a ROOTKIT.

Good luck

Edited by narenxp, 15 January 2012 - 07:54 PM.


#5 smhz_leo

smhz_leo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 20 January 2012 - 07:49 PM

Thanks for your help, I am able to see my shortcuts now, but my computer runs relatively slow compared prior to spyware infection, could you please advise how to enhance the speed of my computer.

Thanks agian

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:23 AM

Posted 20 January 2012 - 11:19 PM

Can you post the your TDSSkiller log ?

Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 20 January 2012 - 11:19 PM.


#7 benderkour

benderkour

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 24 February 2012 - 07:56 AM

It is not a really easy infection to remove but i would suggest you to follow the procedure here exactly. Go through the following link, i hope this helps, thanks.

bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

home security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users