So my PC is infected with one of those trojans that sends a million "Your computer has serious Hard Drive Errors" etc etcc popups. Before I can even try to figure out how to deal with that issue, though, there is also something else. My desktop is completely black; I can't see my wallpaper or any icons. Now someone on Youtube posted a posssible solution where I select explorer.exe from New Task in the task manager.
I have nothing to lose by trying that...or do I? I have no idea if this kid is pulling my leg and this is a bad thing to do or whether it's worth a shot.
Signed: Anxious PC user.
PS: The only good thing is that the trojan only infected one of the user accounts...the other user account seems, so far, to be OK, except my virus protection can't seem to connect to the Internet and doesn't open when I log on.
Combofix from bleepingcomputer.com
Given that I don't know what I'm doing this message on Combofix scares me:
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.
Also because my desktop is black and it wants to install it there, I won't be able to see it.
Use it anyway.
Do it from safe mode.
Yeah, GF's suggestion is probably easier. As a backup, here's my usual process:
- Restart in Safe Mode
- Run HijackThis, fix known bad entries and anything with "file missing"
- Run msconfig, remove bad services
- Find and nuke any files associated with the given malware
- Restart, update antivirus in Safe Mode with Networking if possible
- Restart to normal, check for normal operation
- Update antivirus, if it wasn't possible in SMWN
Takes me about 40 minutes to do a virus removal, but I also keep good track of files and have gotten good at reading HJT logs.
Here's my solution:
* back all your important shit up if you aren't already doing that regularly like you should be
* wipe hard drive
* reinstall OS
* reinstall programs
Quote from: Caliga on June 24, 2011, 01:12:40 PM
Here's my solution:
* back all your important shit up if you aren't already doing that regularly like you should be
* wipe hard drive
* reinstall OS
* reinstall programs
Maybe.
See here's the thing...the computer works fine, as I said, when using a secondary user account..so I'm just using that for now.
I've just found that it's often not much more work to wipe the drive, and it has the secondary bonus of forcing you to reevaluate what apps you really need installed right now vs. stuff you haven't used in months and probably should have uninstalled a while ago.
Quote from: Caliga on June 24, 2011, 01:24:11 PM
I've just found that it's often not much more work to wipe the drive, and it has the secondary bonus of forcing you to reevaluate what apps you really need installed right now vs. stuff you haven't used in months and probably should have uninstalled a while ago.
That was true with XP and Vista; the licensing restrictions on 7 don't really support it, though (the severely limited number of activations). Microsoft also has a large enough percentage of tools linked to activation that I don't recommend throwing a customer under the bus with a hot copy of the OS.
(https://languish.org/forums/proxy.php?request=http%3A%2F%2Fwww.nasoma.com%2Fcondoms%2F2.jpg&hash=5c5c2d076e39a5cab58eb36779226ec16bd65c91)
Thanks, Slargos. :rolleyes:
Is that what they mean by "safe mode"? :lol:
I will admit, I only read the thread title. :sleep:
Quote from: Caliga on June 24, 2011, 01:24:11 PM
I've just found that it's often not much more work to wipe the drive, and it has the secondary bonus of forcing you to reevaluate what apps you really need installed right now vs. stuff you haven't used in months and probably should have uninstalled a while ago.
Data could be infected too.
Quote from: Darth Wagtaros on July 14, 2011, 05:33:47 AM
Quote from: Caliga on June 24, 2011, 01:24:11 PM
I've just found that it's often not much more work to wipe the drive, and it has the secondary bonus of forcing you to reevaluate what apps you really need installed right now vs. stuff you haven't used in months and probably should have uninstalled a while ago.
Data could be infected too.
Good point. Didn't think of that, but I'm also one of those paranoid types that scans each file as it's downloaded and cleans all executable files out of the download folder at least weekly.
FWIW, i didn't do any of this stuff. Using my secondary account I downloaded a different anti-virus program becuase the one I had installed was deactivated by the trojan. With this new one I scanned my computer, it found the trojans and ostensibly deleted them. I logged back onto my primary account, the infected one, and while I was no longer getting the annoying "Your computer is fucked" pop ups, I still was unable to access the desktop which was black. I did an explorer exe command but that didn't seem to do much, but at least I was back in control.
Except the next time I logged on it seemed to be taking its time and it said "preparing desktop". Turns out I lost, or it lost, my primary account and I could only log onto to it as a "temporary user". I am no longer able to log onto the primary account. I can still work on my secondary account which is what I'm using for now.
Sounds like a one-two punch of registry hooks and on-startup services. The problem with those sorts of malware is that you have to neuter both the hooks and the services, or they'll just reactivate themselves on the next startup/login.
Needs verification, but I've heard in a couple of places that antivirus treatment of services is touch-and-go in Win7 because it puts services outside the reach of typical executable programs.
Quote from: Josephus on July 14, 2011, 02:29:04 PM
FWIW, i didn't do any of this stuff. Using my secondary account I downloaded a different anti-virus program becuase the one I had installed was deactivated by the trojan. With this new one I scanned my computer, it found the trojans and ostensibly deleted them. I logged back onto my primary account, the infected one, and while I was no longer getting the annoying "Your computer is fucked" pop ups, I still was unable to access the desktop which was black. I did an explorer exe command but that didn't seem to do much, but at least I was back in control.
Except the next time I logged on it seemed to be taking its time and it said "preparing desktop". Turns out I lost, or it lost, my primary account and I could only log onto to it as a "temporary user". I am no longer able to log onto the primary account. I can still work on my secondary account which is what I'm using for now.
It could be a registry issue. Run ccleaner. There's a tab called registry, click on it and then scan for issues.
It also might be worth running a full scan with Malwarebytes and/or Superantispyware, to make sure you've got rid of the trojan completely.