Hey guys. Right in the middle of the most hectic part of the year for me, I got some form of malware, which made every one of my startup icons become .EXE files, including the ones in program files. This is a problem, because when I try to launch system restore, it asks what file to open it with. I don't remember what it was called, or how the hell it got on my computer (I haven't downloaded or done anything different on my laptop in months), but I know there are at least 2 different files that have come up on AVG. Pretty much, is there any way to use system restore without the item in the start menu? I checked the BIOS and couldn't find anything there. Is the only option a reformat? I"m using Vista 32 (mobile, if that makes any difference). Thanks in advance
Try this: http://www.malwarebytes.org/ or this: http://www.lavasoft.com/products/ad_aware_free.php or this: http://www.safer-networking.org/en/download/ and get this (recommended by Mebard): http://usa.kaspersky.com/ Sounds like some of your system files for Windows were deleted.
I don't @Enigma: I was going to use malwarebytes after the system restore. My problem is that if I were to use malwarebytes, all the problems I'm having now will probably still be there (as I don't think it'll restore my startup files), but I'll give it a shot. Thanks for the quick responses EDIT: When I try to run file I get C:\Users\Alex\Downloads\mbam-setup.exe application not found. This is what I get every time I try to run something (except firefox for some reason....)
I hate to say it but it sounds like you are gona have to reload windows bud me and enigma were talking about that also if you couldnt get anything else to work.
Yeah, I went to the help desk at DAL and that's what they told me... I could give my laptop to them to fix, but it costs $4... and it'll take about 2 weeks, because there's another virus going around and there are a lot of arts students who don't know how to do anything on a computer other than internet and 'microsoft office'...
That really sucks bud i hate having to do things like that its a real pain in the butt. another route you may go if you dont want to do it your self is take it to something like bestbuy or something along those lines.
Try running it in safe mode, this makes it so that that it will only load files that are crucial for windows functioning. (thus not running anything that the malware may have put there) However if it did indeed modify windows system files, which is highly unlikely since any file that is required for the functioning of your computer you must restart for the changes to work - this is why windows update restarts your computer, you'll have a huge problem. My suggestion to you is run your computer in safe mode do this by repeatedly pressing F8 while your computer boots. Then download a program called hijackthis. If the malware you downloaded is decent by any means it will have injected itself into your web traffic preventing you from going to websites that would help remove it. http://free.antivirus.com/hijackthis/ Run the program and click "do a system scan and save a logfile". Paste all of the info it gives you here and I'll look it over. If possible run this while NOT in safe mode. However a log while in safe mode is still helpful it'll make finding the problem much harder. It honestly sounds to me like they screwed over your registry which is a pain to fix. Here's an example log file from my computer. Code: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:14:57 AM, on 4/9/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\Lexmark 5000 Series\lxdmamon.exe C:\Users\Arimil\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files (x86)\Pidgin\pidgin.exe C:\Users\Arimil\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe C:\putty.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Nexon\Vindictus\en-US\Vindictus.exe C:\Nexon\Vindictus\en-US\NMService.exe C:\Users\Arimil\Downloads\HijackThis.exe F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Lexmark 5000 Series] "C:\Program Files (x86)\Lexmark 5000 Series\fm3032.exe" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKCU\..\Run: [Google Update] "C:\Users\Arimil\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Spark] C:\Program Files (x86)\Spark\Spark.exe O4 - HKCU\..\Run: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe -update plugin O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: CurseClientStartup.ccip O4 - Startup: Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe O4 - Startup: Dropbox.lnk = C:\Users\Arimil\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe O4 - Global Startup: myRemote Startup.lnk = ? O4 - Global Startup: UltraMon.lnk = ? O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} (CN°OAOA¢?OCA・I±×・\) - http://cdn.hangame.com/hangame/messenger/hani/webmsg/HanWebMsg.cab O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://tetris.hangame.com/common/activex/HanSetup1040.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} (PubPlugin Class) - http://hancdn.hangame.com/pub/plii/real/PubPlugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: lxdmCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdmserv.exe O23 - Service: lxdm_device - - C:\Windows\system32\lxdmcoms.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11516 bytes
If safe mode doesn't work, try this. Upon booting up your PC, press: Up, Up, Down, Down, Left, Right, Left, Right, A, B, select, start. It should boot into God mode and clean things up, as well as auto-upgrade your graphics card and processor at no cost to you.
malwarebytes in safe mode.......should solve everything its a beast of a program and has been the only one known to stop certain threats.
This just made my night lol. I'm going to try malwarebytes in safe mode when I next get a chance (in research paper mode now, and can't justify that kind of time to repair it).