Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Moneypak removed, now no start menu, icons or right click


  • Please log in to reply
5 replies to this topic

#1 ChronStar

ChronStar

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 07 August 2013 - 09:55 PM

Hi-

 

I really hope I'm just missing something obvious here.

I've been working on this one for HOURS, and the I can't think of new ways to phrase this question to search engines...

 

This started with a particularly nasty version of the FBI Moneypak malware.

This one would not even allow access in safe mode, or safe w/command prompt..

 

After many "low impact" attempts failed, eventually I removed the infected HD and attached it via a USB device to a working computer.

Once the drive initialized, I scanned it with virus/malware programs and removed the FBI Moneypak.

 

However, upon returning the "cleaned" HD to its original computer, it started up just fine but then... no icons, blank desktop, no start menu, no right click...

 

I am able to access programs normally through the task manager, etc..

But the whole, run "explorer.exe" fix doesn't do anything.

 

I also tried creating new user account, and guess what?! Same issue with brand new account... no icons, no R-click, etc.

 

At this point, it occured to me that the problem was likely system wide... perhaps explorer.exe was damaged during the removal of the FBI malware? or maybe the registry paths were jacked up by the recovery efforts somehow??

 

(I have also run SFC /SCANNOW.. found nothing... tried startup repair w Win7 DVD, no luck... )

 

In any case, I can't seem to figure this one out.

Have tried many, many fixes from the internet, none have worked :(

 

Any help or advice would be greatly appreciated.

 

-T

 



BC AdBot (Login to Remove)

 


#2 ChronStar

ChronStar
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 07 August 2013 - 10:15 PM

UPDATE: Tried ComboFix again, just to see what would happen, and it appears to have fixed this issue.

Didn't expect that, but I'll take it.... Will post a confirmation after more testing, but I wanted to stop any pros from wasting their time on this for now :)

 

-T



#3 gabbysmom

gabbysmom

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 07 August 2013 - 11:15 PM

So you connected a non infected computer to the infected one via usb?



#4 ChronStar

ChronStar
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 07 August 2013 - 11:31 PM

Hi-

 

I didn't directly connect the two machines: I opened the infected PC's case, removed its hard drive, and then used a special USB connection device to connect the disembodied hard drive with a different working computer.

 

Then, on the working computer I could see the infected HD as an additional disk drive in 'My Computer.'

I ran a spyware scan on the working PC, specifying the infected HD as the target.

 

Cleaned out everything, then popped the cleaned HD back into its original machine.

 

 

Also: UPDATE: after testing thoroughly, it is confirmed that combofix has somehow resolved this issue (no desktop, no right click, no start menu, etc...)

...this is odd, because i ran it once earlier... but i'll take it!

 

-T



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,865 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:37 PM

Posted 08 August 2013 - 09:49 AM

Thanks for posting your self-resolution...happy computing :).

 

Louis



#6 xiannow

xiannow

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 08 August 2013 - 06:19 PM

Hi, I'm glad that this worked for you, but I too have ran into this issue multiple times (i am a computer consultant/technician) and I'd just like to put my 2cents in (in case your method doesnt work for someone.)

I boot the pc into windows safe mode with command prompt enabled (hit F8 while computer boots up and select the command prompt option)

The computer boots into the safe mode with command prompt and the screen should only be displaying a black command prompt window.

 

in this window enter "explorer.exe" (this will start windows but without the virus.)

 

from there I just plug in a flash drive that has combofix and malwarebytes on it and copy over the setup files and go into RAMPAGE MODE on the virus :D

 

I hope this helps someone as yours did!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users