Desktop problem following malware infection

R

Ringeck

Member
Hi Guys, scored myself a beaut little program called Windows Recovery, it's awesome, like being boiled in acid.

Anyway after a day of stuffing around I'm pretty sure I've killed it for the most part, but I still can't boot up in Normal mode. Everything is fine up till the desktop loads and it seems to be a screenshot, i.e. nothing works, it looks like a screenshot overlayed on the actual desktop, with only one problem, the new antivirus stuff is also on the screenshot.

From normal mode I can't use right click, left click start button or task manager.

Has anyone else had this problem? How did you resolve it?

Alex.
 

My Computer

System One

My Computer

System One

  • Manufacturer/Model
    Hewlett-Packard SR5019UK
    CPU
    AMD Athlon 64 processor 3800 + 2.40GHz
    Motherboard
    M2N68-LA (Narra)
    Memory
    2.50GB
    Graphics Card(s)
    nVidia GeForce
    Sound Card
    Realtec ALC888 Audio
    Monitor(s) Displays
    17" LCD Monitor
    Hard Drives
    160 Gb Usable Hard Drive
    Other Info
    HP G56 Laptop Win 7 64bit. 4Gb Ram DDR2's. Hitachi 450Gb Hard Drive. Pentium(R) Duel-Core CPU.
Thanks, and no, not sure at all, I've used several programs which claim to kill Windows Recovery, between them they killed about 15 files.

There is damage done though, and I've fixed a bit of it, but the desktop is killing me at the moment. Honestly, at this point, if I could figure a way to format the drive and start over I would, but I have a Dell and no disks.
 

My Computer

System One

I'm still unsure to actually what you can do on your computer?
What is the model number of your computer?
Dell machines generally have a built in System recovery partitions built in to the HD.
Please click on the link & the info contained is of Dell recovery.
How To Restore or Reinstall Microsoft® Windows® on a Dell
Hope this helps.
 

My Computer

System One

  • Manufacturer/Model
    Hewlett-Packard SR5019UK
    CPU
    AMD Athlon 64 processor 3800 + 2.40GHz
    Motherboard
    M2N68-LA (Narra)
    Memory
    2.50GB
    Graphics Card(s)
    nVidia GeForce
    Sound Card
    Realtec ALC888 Audio
    Monitor(s) Displays
    17" LCD Monitor
    Hard Drives
    160 Gb Usable Hard Drive
    Other Info
    HP G56 Laptop Win 7 64bit. 4Gb Ram DDR2's. Hitachi 450Gb Hard Drive. Pentium(R) Duel-Core CPU.
Ringeck said:
Hi Guys, scored myself a beaut little program called Windows Recovery, it's awesome, like being boiled in acid.

Anyway after a day of stuffing around I'm pretty sure I've killed it for the most part, but I still can't boot up in Normal mode. Everything is fine up till the desktop loads and it seems to be a screenshot, i.e. nothing works, it looks like a screenshot overlayed on the actual desktop, with only one problem, the new antivirus stuff is also on the screenshot.

From normal mode I can't use right click, left click start button or task manager.

Has anyone else had this problem? How did you resolve it?

Alex.
Click to expand...

What is the name of the new anti-virus you're talking about?
 

My Computer

System One

  • Manufacturer/Model
    Self Built
    CPU
    Intel I5-2500K @3.3GHz
    Motherboard
    Asrock P67 Extreme4
    Memory
    16GB G.Skill Ripjaws X (4x4GB)
    Graphics Card(s)
    EVGA GeForce 750 Ti SC 2GB
    Sound Card
    ASUS Xonar DG 5.1 Channels 24-bit 96KHz PCI Interface Sound
    Monitor(s) Displays
    auria eq2367
    Screen Resolution
    1920 x 1080
    Hard Drives
    250GB Samsung 850 EVO SSD
    1TB WD Blue
    1TB Hitachi
    PSU
    SeaSonic X 650W 80 Plus Gold
    Case
    Corsair Obsidian 750D
    Cooling
    Corsair H60, Three 140mm case fans
    Keyboard
    Logitech Wireless Keyboard K520
    Mouse
    Logitech Wireless Mouse M310
    Internet Speed
    Wave Broadband ~ 100 down 5 Up
    Other Info
    Laptop specs: HP g7-1365dx /
    CPU: AMD A6-3420M APU with Radeon(tm) HD Graphics /
    RAM: Crucial 8Gb (2x4Gb) /
    SSD: Crucial M4-CT128M4SSD2 ATA Device/ FW 000F /
    GFX: AMD Radeon HD 6520G /
    OS: Windows 10 Pro x64
Yeah, I can start in safe mode without any problems, that's how I've achieved everything so far.

Think it's just going to be easier and quicker to reinstall Windows, do you know if it's possible to format C before reinstalling from the partition on Dells?
 

My Computer

System One

My Computer

System One

  • Manufacturer/Model
    Hewlett-Packard SR5019UK
    CPU
    AMD Athlon 64 processor 3800 + 2.40GHz
    Motherboard
    M2N68-LA (Narra)
    Memory
    2.50GB
    Graphics Card(s)
    nVidia GeForce
    Sound Card
    Realtec ALC888 Audio
    Monitor(s) Displays
    17" LCD Monitor
    Hard Drives
    160 Gb Usable Hard Drive
    Other Info
    HP G56 Laptop Win 7 64bit. 4Gb Ram DDR2's. Hitachi 450Gb Hard Drive. Pentium(R) Duel-Core CPU.
Ringeck said:
Hi Guys, scored myself a beaut little program called Windows Recovery, it's awesome, like being boiled in acid.

Anyway after a day of stuffing around I'm pretty sure I've killed it for the most part, but I still can't boot up in Normal mode. Everything is fine up till the desktop loads and it seems to be a screenshot, i.e. nothing works, it looks like a screenshot overlayed on the actual desktop, with only one problem, the new antivirus stuff is also on the screenshot.

From normal mode I can't use right click, left click start button or task manager.

Has anyone else had this problem? How did you resolve it?

Alex.
Click to expand...

I am having problem understanding what you had written.
For example....
You were asked : " What is the name of the new anti-virus you're talking about? "
You replied : " Malwarebytes and Spybot S&D, had to reinstall Spybot and it reappeared on the desktop too. "

Why is Spybot S&D reaapearnace on desktop a problem in your eyes ?

So far I can understand is...
You can't do anything in normal mode. Yes ?
You are ok in safe mode. Yes ?

Then, please do the followings, if you have not done so .....

1. In safe mode, run the Malwarebytes. It if catches any, remove what it catches.

2. Return to noraml mode > press Ctrl+Alt+Del keys together > select Task Manager > Processes tab > right click on explorer.exe > click End Process > click File > click New Task (Run...)
> Type explorer.exe in the box > OK

Does your desktop go back to normal ?
 

My Computer

System One

Hi t-4-2,

Sorry about the short and nasty replies, I'm working off of other people's laptops mostly so haven't had time to really write properly.

I've run a few different programs over the drives, they've caught several files and dealt with them, the problem is no longer the infection, it's the damage that has been done. Booting up in safe mode presents no problems, booting up normally brings up a non-functioning desktop that looks like the malware took a screen shot and has overlaid it on the desktop, the mouse works but nothing else does, the clock doesn't change, icons can't be clicked on, the start button has that dotted box around it that you get if you left click, but it's there all the time. I was quite happy to accept that the malware had somehow laid this screenshot over the desktop but recently I've noticed that a) the time does change, if I boot up at 11:00 it shows 11:00 but won't progress to 11:01, and b) I had to reinstall spybot and that shortcut appeared in the new desktop, as did combofix, which I have't yet used, and the malwarebytes icon. I can't use the new icons in normal mode but they work in safe mode. The task manager will not load in normal mode either, or maybe it does but behind the fake desktop, I don't know, but when you press Ctl-Alt-Del the pointer turns into a circle for a couple of seconds, just like normal, only the screen doesn't change like it normally doesn when using the task manager.

I have a Dell Inspiron with a partitioned hard drive, can I reinstall from the partition with no risk of infection? Will that properly format C: so that no virus/trojan/malware/backdoor continue on the new system?

Thanks for the help guys.
 

My Computer

System One

Sorry my friend if you had virus's or malware on your system DO NOT use your old restore points as you will re-infect your computer.
 

My Computer

System One

  • Manufacturer/Model
    a6530f Desktop
    CPU
    HP-PAVILION
    Motherboard
    M2N68-LA (Narra3)
    Memory
    8 Gigs of Ram/DDR2 PC2-6400 MB/sec
    Graphics Card(s)
    NVIDIA GeForce 6150SE nForce 430
    Sound Card
    Intergrated Realtex ALC888S Audio
    Monitor(s) Displays
    LG W40 series widescreen
    Screen Resolution
    1600 X 900
    Hard Drives
    1 640 GB Sata transfer rating: 3.0 Gb/sec speed: 7200 RPM
    PSU
    300W
    Case
    Mid-Size ATX
    Keyboard
    HP Multimedia Keyboard
    Mouse
    Microsoft Wireless Mouse 5000
    Other Info
    Processor: AMD Phenom X3 8450 Operating speed: Up to 2.1 GHz, Number of cores: 3, Socket: AM2+, Bus speed: 3600 MHz HT3 (clocked down to 2000 MHz)

    Modem: 56K WinModem/

    Supermulti: 16X DVD(+/-)R/RW 12X Ram (+/-)R DL Lightscribe SATA Drive

    Menory Card Reader: 15-in-1 Multimedia Card Reader

    Media Drive
Hello I am going to ask a security expert to look at your post, I am going to recommend that you do not do anything else untill she has had the opertunity to look at your post's. so I will send her the info right after I sign off from here.
 

My Computer

System One

  • Manufacturer/Model
    a6530f Desktop
    CPU
    HP-PAVILION
    Motherboard
    M2N68-LA (Narra3)
    Memory
    8 Gigs of Ram/DDR2 PC2-6400 MB/sec
    Graphics Card(s)
    NVIDIA GeForce 6150SE nForce 430
    Sound Card
    Intergrated Realtex ALC888S Audio
    Monitor(s) Displays
    LG W40 series widescreen
    Screen Resolution
    1600 X 900
    Hard Drives
    1 640 GB Sata transfer rating: 3.0 Gb/sec speed: 7200 RPM
    PSU
    300W
    Case
    Mid-Size ATX
    Keyboard
    HP Multimedia Keyboard
    Mouse
    Microsoft Wireless Mouse 5000
    Other Info
    Processor: AMD Phenom X3 8450 Operating speed: Up to 2.1 GHz, Number of cores: 3, Socket: AM2+, Bus speed: 3600 MHz HT3 (clocked down to 2000 MHz)

    Modem: 56K WinModem/

    Supermulti: 16X DVD(+/-)R/RW 12X Ram (+/-)R DL Lightscribe SATA Drive

    Menory Card Reader: 15-in-1 Multimedia Card Reader

    Media Drive
Ringeck said:
Hi t-4-2,

Sorry about the short and nasty replies, I'm working off of other people's laptops mostly so haven't had time to really write properly.

I've run a few different programs over the drives, they've caught several files and dealt with them, the problem is no longer the infection, it's the damage that has been done. Booting up in safe mode presents no problems, booting up normally brings up a non-functioning desktop that looks like the malware took a screen shot and has overlaid it on the desktop, the mouse works but nothing else does, the clock doesn't change, icons can't be clicked on, the start button has that dotted box around it that you get if you left click, but it's there all the time. I was quite happy to accept that the malware had somehow laid this screenshot over the desktop but recently I've noticed that a) the time does change, if I boot up at 11:00 it shows 11:00 but won't progress to 11:01, and b) I had to reinstall spybot and that shortcut appeared in the new desktop, as did combofix, which I have't yet used, and the malwarebytes icon. I can't use the new icons in normal mode but they work in safe mode. The task manager will not load in normal mode either, or maybe it does but behind the fake desktop, I don't know, but when you press Ctl-Alt-Del the pointer turns into a circle for a couple of seconds, just like normal, only the screen doesn't change like it normally doesn when using the task manager.

I have a Dell Inspiron with a partitioned hard drive, can I reinstall from the partition with no risk of infection? Will that properly format C: so that no virus/trojan/malware/backdoor continue on the new system?

Thanks for the help guys.
Click to expand...


Stay on safe mode.

Please do a system file check. It is to look for corrupted files. If any found, it will try to repair them.

Start button > search box type cmd > look up, RIGHT click on cmd.exe > click Run As Administrator > in that black and white cmd window, type at the flashing prompt sfc /scannow > press ENTER key.
Note : there is a Space between "sfc" and "/".
Sit back and wait. It will take some time.
At the end, it will tell you either that there is no " integrity violation ", or that " there it finds corrupted files but unable to repair them ".
Exit cmd window when done.

While still in safe mode, use this tutorial to rebuild your icon cache. The cache must be corrupted.
http://www.vistax64.com/tutorials/117229-icon-cache-rebuild.html
Use Option One..... easiest.

Now, go back to normal mode. Still the same problem ?
 

My Computer

System One

Hello

When you are done with the sfc scan if it finds any erros then run the sfc 3 more times as it repair's more each time you run it...
 

My Computer

System One

  • Manufacturer/Model
    a6530f Desktop
    CPU
    HP-PAVILION
    Motherboard
    M2N68-LA (Narra3)
    Memory
    8 Gigs of Ram/DDR2 PC2-6400 MB/sec
    Graphics Card(s)
    NVIDIA GeForce 6150SE nForce 430
    Sound Card
    Intergrated Realtex ALC888S Audio
    Monitor(s) Displays
    LG W40 series widescreen
    Screen Resolution
    1600 X 900
    Hard Drives
    1 640 GB Sata transfer rating: 3.0 Gb/sec speed: 7200 RPM
    PSU
    300W
    Case
    Mid-Size ATX
    Keyboard
    HP Multimedia Keyboard
    Mouse
    Microsoft Wireless Mouse 5000
    Other Info
    Processor: AMD Phenom X3 8450 Operating speed: Up to 2.1 GHz, Number of cores: 3, Socket: AM2+, Bus speed: 3600 MHz HT3 (clocked down to 2000 MHz)

    Modem: 56K WinModem/

    Supermulti: 16X DVD(+/-)R/RW 12X Ram (+/-)R DL Lightscribe SATA Drive

    Menory Card Reader: 15-in-1 Multimedia Card Reader

    Media Drive
Follow the instructions here to set your Dell back to factory settings. You didn't say what model Dell Inspiron, that would be helpful to know.
Dell Laptops - Restore factory settings

If you have any pictures you want to save, you can burn them to a CD, also your important Documents and "paid for" music.

After you have done this, change all your passwords using another computer. Not the one that was infected.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Microsoft PS/2 Mouse
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Hello

I am in full agreement wiht Jacee, she is a expert and and looked at everything and her recommendation should be followed if not you will continue to have problems.LOL
 

My Computer

System One

  • Manufacturer/Model
    a6530f Desktop
    CPU
    HP-PAVILION
    Motherboard
    M2N68-LA (Narra3)
    Memory
    8 Gigs of Ram/DDR2 PC2-6400 MB/sec
    Graphics Card(s)
    NVIDIA GeForce 6150SE nForce 430
    Sound Card
    Intergrated Realtex ALC888S Audio
    Monitor(s) Displays
    LG W40 series widescreen
    Screen Resolution
    1600 X 900
    Hard Drives
    1 640 GB Sata transfer rating: 3.0 Gb/sec speed: 7200 RPM
    PSU
    300W
    Case
    Mid-Size ATX
    Keyboard
    HP Multimedia Keyboard
    Mouse
    Microsoft Wireless Mouse 5000
    Other Info
    Processor: AMD Phenom X3 8450 Operating speed: Up to 2.1 GHz, Number of cores: 3, Socket: AM2+, Bus speed: 3600 MHz HT3 (clocked down to 2000 MHz)

    Modem: 56K WinModem/

    Supermulti: 16X DVD(+/-)R/RW 12X Ram (+/-)R DL Lightscribe SATA Drive

    Menory Card Reader: 15-in-1 Multimedia Card Reader

    Media Drive
You must log in or register to reply here.
Back
Top