Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

explorer.exe and no icons


  • Please log in to reply
5 replies to this topic

#1 amose13

amose13

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 15 February 2014 - 03:47 PM

Hello:

 

I believe my computer is infected with a virus.  When I boot up, no icons appear although I still have my start menu.  I can only access programs from task manager, although explorer.exe will not open from task manager.  I ran a lot of scans, and it appears that my computer found Savings Bull and AlexaTB.A.  Below are the results of malware scan.  I've also ran rkiller,TDSSKiller, and MiniToolBox.  I've corrected all issues but I still have no icons and cannot access my files. Any help would be great!! 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.15.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
123 :: 123-PC [administrator]

Protection: Disabled

2/15/2014 2:51:14 PM
mbam-log-2014-02-15 (14-51-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235503
Time elapsed: 10 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> No action taken.
HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> No action taken.
HKLM\SOFTWARE\Savings Bull (PUP.Optional.SavingsBull.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> No action taken.

Files Detected: 4
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Adpeak) -> No action taken.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Adpeak) -> No action taken.
C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> No action taken.
C:\Temp\InstallFilter32.msi (PUP.Optional.SavingsBull.A) -> No action taken.

(end)


Edited by hamluis, 15 February 2014 - 04:41 PM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 15 February 2014 - 10:46 PM

Hello amose13
 
Did you click "Remove Selected" after the MBAM scan as the log says  No action taken.
Did TDSSKiller find and remove anything?


Try this
Press CTL+ALT+DEL then click File and New Task. then type, explorer.exe and press OK


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 amose13

amose13
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 17 February 2014 - 07:08 AM

Thank you!  Yes, I did click remove selected.  Below is the log from when it deleted some of the files.  When I try to run explorer.exe from the task manager, it looks like it tries to load and then disappears.  In the processes list in the task manager, explorer.exe is listed.  I tried to end process and then run explorer.exe from the task manager, but the same thing happened.  I ran TDSSKiller and it did find and remove some things, but I can't seem to find the log.  Should I run it again?  Thanks so much for the help!

 

alwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.15.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
123 :: 123-PC [administrator]

Protection: Enabled

2/15/2014 5:16:26 PM
mbam-log-2014-02-15 (17-16-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235300
Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.

Files Detected: 4
C:\Temp\InstallFilter32.msi (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.

(end)



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 17 February 2014 - 10:21 AM

Ok. TdssKiler..report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 amose13

amose13
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 17 February 2014 - 11:07 AM

Thanks!  Unfortunately, the only way  I can navigate my files is by executing cmd from task manager.  I see the TDSKiller file on the c: drive.  When I tried to copy it to a usb drive and open on another computer, it appears with some text and a lot of foreign characters.  This forum says it's too long to post.  Any other ideas on how I can share this file with you.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 17 February 2014 - 02:56 PM

Just get me the last say 20 lines that show what the infection was.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users