Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Removed - but after effects remain


  • Please log in to reply
2 replies to this topic

#1 whftherb

whftherb

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 AM

Posted 20 February 2012 - 10:24 AM

Hello -

System basics: Dell Optiplex GX280, XP Pro SP3, 60 gB HDD about 25% full. Used for browsing 95% of the time. No system discs, only have the recovery partition.

I was hit with a trojan called UltraDefragger!Fraud last week. Symnatec Endpoint Protection (SEP) caught it and cleaned but not before it exploded. With the help of SEP staff, we've eliminated it. But there are several UI issues which Symantec now says are up to me to clear (reinstall XP) and frankly, I don't think they know how to recover the UI.

Symptoms: On the Admin acct - the desktop looks baren with only IE and My Computer shortcuts plus other objects used in the cleaning process. I have the traditional 2-col Start menu - looks filled out. Start > All Programs shows the folders though they're all reporting <empty>. On the User acct, the desktop also looks baren. The Start Menu is devoid of icons - I have the only top and bottom row plus IE and My Comp on the left pane. Prior to the infection, I could not see any folders on any acct in Windows Explorer's right pane. Now I can. Prior to the infection, I could not use Windows update, now I can. So everything put on it after the infection seems to work, I need to try to recover these UI elements that were squashed.

Unhide.exe looks like a good candidate for restoring but the infection that it recovers from isn't mine. There are scripts created by Grinler which look awfully tempting that apprear to be close to what I need.

But obviously measures such as thse are not something to just go blindly crashing into. 3 questions then:

1) Am I in for more trouble by running Unhide.exe against the after effects of an infection that Unhide is not specified for?

2) If unhide isn't recommended, how about those nifty scripts, Grinler? Am I at risk running those on my system?

3) What can I do to restore my UI on both accts? Post somewhere else here at BC?

Thanks all. Hope to hear back. I know this is a busy place.

H

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:16 AM

Posted 20 February 2012 - 12:58 PM

Go ahead and run UnHide.
It won't cause any harm.
In worst case scenario it simply won't fix anything.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 shipoffools

shipoffools

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 21 February 2012 - 02:16 PM

Sounds like the same, or similar, after-affects I had back on the 14th.
Broni, who responded to you, gave me some good tips on clean-up and ensuring that the virus
wasn't still there. My post started on the 14th--'Windows 7 Win32-FakeSys Trojan--goes over
much of that.

Here's what I did to get rid of some of the nastiness...

--to recover the start menu: if you type 'start menu' in the search box it should bring
up a 'Taskbar and Start Menu Properties.' If you click on 'customize' then you can check
off the items you want in the start menu. If they are not listed there then you may have
to track them down and use the 'pin to start menu' function.

--if your 'all programs' (from the start menu) are gone and/or empty (mine were), then you
should be able to recover them by right-clicking (either item-by-item or in the 'all programs'
pan) and choosing 'properties' and then 'previous versions.' I had several earlier versions
available for each item but only one for each from before the 14th, when my troubles started.
I clicked on properties just to make sure they were an improvement on what I was left with and
then chose restore. It worked well but wasn't perfect, e.g. my calculator didn't get put into
my accesories folder (I'm pretty sure it was there before) but I wanted it back pinned to the
start menu anyways so I did that manually.

--somehow I recovered some of the icons that were on the desktop (sorry, I honestly can't recall
how), but most I had just add manually. If you've lost the ability to change your background
wallpaper, as I did, then here's an account of how I restored it, after trying a number of
unsuccessful remedies. I actually found this by just doing a google search for things like
'restoring background wallpaper.' I tried to find it before this reply and can't do so,
at least without a lengthy search. Regardless, I went to a folder, as directed, and deleted
a jpg file (that was, in fact, my old wallpaper). After I did so I tried the right-click on
desktop, then 'presonalize,' and bringing back my wallpaper was no problem. I'm not sure if the
jpg was corrupt or hidden or what--I just followed a poster's tip and it worked. I've tried to
find the the folder I was directed to, both manually and with a google search for info, and for
the life of me I can't find it.

Just trying to give something back for some of the help I got.
Hope you can recover it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users