Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Icons, No Taskbar, No "start" Menu... Clearly, It Is A Virus.


  • Please log in to reply
6 replies to this topic

#1 kleopat

kleopat

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 20 October 2006 - 01:22 PM

hy. my friend has a problem, and she doesn't have access to her internet, so she asked me to tell you her problem:

HISTORY
in the background of desktop, there was that annoying message "Your computer is infected. Very high risk...". Then popup from Norton appears: "You have a problem". She clicked on "fix now", and the program started doing sth (but never finished), and each 10 secs, new popup appeared from Norton.

Next, she installed AVG and the program found several trojans. She chose to fix them, but system asked for restart. So, she restarted the computer, and after that she has this situation:

CURRENT SITUATION
Desktop is visible (without that warning). There is no icons, no "start" menu, no taskbar, nothing.

Task manager\Processes:
wdfmgr.exe
NPFmntor.exe
navapsvc.exe
MDM.exe
avgemc.exe
avgupsvc.exe
avgamsvr.exe
accoca.exe
acautoreg.exe
scardsvr.exe
spoolsv.exe
fymlcsvc.exe
spbbcsvc.exe
ccevtmgr.exe
ccsetmgr.exe
svchost.exe (4x)
ati2evxx.exe
isass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
nscsrvce.exe
ati2evxx.exe
system
system_idle_program

She can't access internet anymore, nor she can start anything (can't do hijack log also).

So, what should she do?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,082 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:58 PM

Posted 20 October 2006 - 07:19 PM

Hello kleopat

First off, your friend is running two anti-virus programs Norton and AVG which is not good. You can have more than one anti-virus program installed on your system as long as only one of them is actively running and providing real time protection. The other should only be used as an on demand scanner. However, even when one of them is not running, problems can still arise when the active anti-virus detects the non-active one's definitions or quarantined files.

The concern with using more than one anti-virus program is due to conflicts that can arise from them both running together at the same time in real-time protection mode. Anti-virus software componets insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their defintion databases are the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance.

While operating in real-time mode, each program will often interpret the activity of the other as a virus and there is a greater chance of them alerting you to "False Positives". Further, if one AV finds a virus and then the other also finds the same virus, then both programs will be competing over exclusive rights on dealing with that virus. Each piece of AV software will attempt to seize the offending file and quarantine it. If one AV finds and quarantines the file before the other one does, then you encounter the problem of both AV's wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetivite cycle of endless alerts that continually warn you that a virus has been found.

Symantec strongly recommends that you run only one antivirus program at a time. See here.

Your friend can try running an anti-virus scan in "SAFE MODE" but other tools are probably going to be needed to resolve this issue.

If your friend is using Win XP or 2000, then do this:

She is going to need access to another computer (family, friend) with Internet access to download the following programs and save to a USB stick or CD:
DrWeb-CureIt.
AVG Anti-Spyware 7.5. Be sure to print out the AVG Anti-Spyware Install-Scan Instructions.
HijackThis 1.99.1. This is a self-extracting version (HJTsetup.exe) which will automatically install HJT in the proper location if we need to use it.
SmitfraudFix.

Go here and print out the instructions for using SmitfraudFix. Later you will have to extract the zip file.
(Click here for information on how to do this if not sure. Win 9x/2000 users click here. If you need an unzipping utility, download 7zip (its free).

Transfer all these programs to the infected computer. Install AVG Anti-Spyware following the instructions you printed out but do not perform a scan yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware, following the instructions you printed out for scanning in safe mode.

Scan with DrWeb-CureIt as follows:
1. Double-click on drweb-cureit.exe to start the program.
2. An "Express Scan of your PC" notice will appear. Under "Start the Express Scan Now", Click "OK" to start.
3. Click "Select drives" and then click the "Start/Stop Scanning" button (green arrow on the right) to start.
4. When done a message will be displayed at the bottom advising if any viruses were found.
5. A log file will be created in C:\Documents and Settings\username\DoctorWeb\CureIt.log
6. Any quarantined files will be sent to C:\Documents and Settings\username\DoctorWeb\Quarantine.
7. Exit the program and reboot normally.

Then follow the instructions you printed out for running smitfraudfix.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 kleopat

kleopat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 21 October 2006 - 04:58 PM

she's stuck at this point:

INSTRUCTIONS FOR USING AVG ANTI-SPYWARE in "SAFE MODE"
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\



she said that viruses were found, but there were no option "Apply all actions". But, eventually she clicked on some option to send files into Quarantine, but there were no files in Quarantine folder (C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine) after that.

Also, no report was created. In report section, it said sth like "no report was created" and in the folder, there were no files.

she did that 2 times and nothing happened.
so, what she's asking: is this step 100% precise? or is there some other option?

And 1 more problem: she can't adjust the resolution in the safe mode (can't click on the background to change it), so some windows are partially seen. How can she change the resolution in the Safe Mode?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,082 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:58 PM

Posted 21 October 2006 - 07:51 PM

The instructions I provided are the best recommendations for doing a scan. Have her continue with the DrWeb-CureIt scan, reboot and then scan again with AVG Anti-Spyware in normal mode.

When done with that, see if she can create a hijackthis log using the instructions that are provided in How to post a HijackThis Log.

Let me know if she was able to create a log and how the computer is running.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,082 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:58 PM

Posted 22 October 2006 - 12:11 PM

She says big "thank you". You've helped her a lot.
And I say "thank you" also. smile.gif

Situation:
She followed the steps (including the AVG) and deleted Norton and Spybot.
She can access internet and computer speed is now fine,
but Firewall informes her that she is unprotected.
And she receives messages from Ultimate cleaner and Spyware removal wizard about infections every now and then.

Question: Should she delete all antivirus programs and then install the new ones? (because you said she should have only one)

Your making progress here but there still is a ways to go. By all means she needs to keep AVG Anti-virus on her system and not re-install Norton.

I have split your friends HJT log away from this thread and moved it into the HJT forum.

You can find it here: http://www.bleepingcomputer.com/forums/t/69336/no-icons-no-taskbar-no-start-menu/

There are still malware files present that need to be dealth with but the HJT forum is the proper venue for continuing with this.

Please be patient and wait for a response from an HJT Team member. It may take a while to get a response because team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. While waiting, please DO NOT make another reply to your log until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have no replies as this makes it easier for them to identify those who have not been helped. If you post another response, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 kleopat

kleopat
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 22 October 2006 - 01:03 PM

yup, yup. we'll be patient.
thank you very much.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,082 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:58 PM

Posted 23 October 2006 - 09:13 AM

Your welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users