Fraud.Windows.ProtectionSuite

[Dennis]

My daughter has this AND Microsoft.Windows.RedirectedHosts on

her computer. SpyBot finds them but can't fix them. It says

"Can not create C:\Windows\system32\drivers\ETC\Hosts access

denied" I downloaded HostsXpert and get the same message from

that when I try to reset to the original Windows host files.

MalwareBytes finds nothing as does SuperAntiSpyware. The only

way I can run anything is in safe mode. No icons work in regular

mode. If I click an icon I get a window asking what program I

want to use to open it.

Any help greatly appreciated...

 

[PA Bear [MS MVP]]

NB: If you had no anti-virus application installed or the subscription had

expired *when the machine first got infected* and/or your subscription has

since expired and/or the machine's not been kept fully-patched at Windows

Update, don't waste your time with any of the below: Format & reinstall

Windows. A Repair Install will NOT help!



Microsoft PCSafety provides home users (only) with no-charge support in

dealing with malware infections such as viruses, spyware (including unwanted

software), and adware.

https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1



Also available via the Consumer Security Support home page:

https://consumersecuritysupport.microsoft.com/



Otherwise...



1. See if you can download/run the MSRT manually:

http://www.microsoft.com/security/malwareremove/default.mspx



NB: Run the FULL scan, not the QUICK scan! You may need to download the

MSRT on a non-infected machine, then transfer MRT.EXE to the infected

machine and rename it to SCAN.EXE before running it.



2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)

in Safe Mode with Networking, if need be:

http://onecare.live.com/site/en-us/center/howsafe.htm



2b. Vista or Win7=> Run this scan instead:

http://onecare.live.com/site/en-us/center/whatsnew.htm



3. Now run a thorough check for hijackware, including posting requested logs

in an appropriate forum, not here. DO NOT SKIP THIS STEP!!



Checking for/Help with Hijackware:

.. http://mvps.org/winhelp2002/unwanted.htm

.. http://inetexplorer.mvps.org/tshoot.html

.. http://www.mvps.org/sramesh2k/Malware_Defence.htm

.. http://www.elephantboycomputers.com/page2.html#Removing_Malware



**Chances are you will need to seek expert assistance in

http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

http://www.spywarewarrior.com/viewforum.php?f=5,

http://www.dslreports.com/forum/cleanup,

http://www.bluetack.co.uk/forums/index.php,

http://aumha.net/viewforum.php?f=30 or other appropriate forums.**



If these procedures look too complex - and there is no shame in admitting

this isn't your cup of tea - take the machine to a local, reputable and

independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Client - since 2002





Dennis wrote:

> My daughter has this AND Microsoft.Windows.RedirectedHosts on

> her computer. SpyBot finds them but can't fix them. It says

> "Can not create C:\Windows\system32\drivers\ETC\Hosts access

> denied" I downloaded HostsXpert and get the same message from

> that when I try to reset to the original Windows host files.

> MalwareBytes finds nothing as does SuperAntiSpyware. The only

> way I can run anything is in safe mode. No icons work in regular

> mode. If I click an icon I get a window asking what program I

> want to use to open it.

> Any help greatly appreciated...

 

[Dennis]

Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran

regularly. McAffee is installed and set for automatic updates.

Windows is set for automatic updates and SP3 is installed. I'll

try downloading these two programs and installing them via the

USB memory stick. So far that works yet.



PA Bear [MS MVP] wrote:

> NB: If you had no anti-virus application installed or the subscription

> had expired *when the machine first got infected* and/or your

> subscription has since expired and/or the machine's not been kept

> fully-patched at Windows Update, don't waste your time with any of the

> below: Format & reinstall Windows. A Repair Install will NOT help!

>

> Microsoft PCSafety provides home users (only) with no-charge support in

> dealing with malware infections such as viruses, spyware (including

> unwanted software), and adware.

> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

>

> Also available via the Consumer Security Support home page:

> https://consumersecuritysupport.microsoft.com/

>

> Otherwise...

>

> 1. See if you can download/run the MSRT manually:

> http://www.microsoft.com/security/malwareremove/default.mspx

>

> NB: Run the FULL scan, not the QUICK scan! You may need to download the

> MSRT on a non-infected machine, then transfer MRT.EXE to the infected

> machine and rename it to SCAN.EXE before running it.

>

> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan

> (only!) in Safe Mode with Networking, if need be:

> http://onecare.live.com/site/en-us/center/howsafe.htm

>

> 2b. Vista or Win7=> Run this scan instead:

> http://onecare.live.com/site/en-us/center/whatsnew.htm

>

> 3. Now run a thorough check for hijackware, including posting requested

> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

>

> Checking for/Help with Hijackware:

> . http://mvps.org/winhelp2002/unwanted.htm

> . http://inetexplorer.mvps.org/tshoot.html

> . http://www.mvps.org/sramesh2k/Malware_Defence.htm

> . http://www.elephantboycomputers.com/page2.html#Removing_Malware

>

> **Chances are you will need to seek expert assistance in

> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

> http://www.spywarewarrior.com/viewforum.php?f=5,

> http://www.dslreports.com/forum/cleanup,

> http://www.bluetack.co.uk/forums/index.php,

> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>

> If these procedures look too complex - and there is no shame in

> admitting this isn't your cup of tea - take the machine to a local,

> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)

> computer repair shop.

 

[PA Bear [MS MVP]]

> ...I'll

> try downloading these two programs and installing them via the

> USB memory stick.



Don't! Use a CD or DVD to transfer the files to the infected machine.



1. Unless it's a brand-new, never-been-used flash drive, it would be

infected and/or the source of your infection!



2. Inserting the flash drive into the infected computer may end up infecting

the flash drive (which could then transfer the infection to another

computer).





Dennis wrote:

> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran

> regularly. McAffee is installed and set for automatic updates.

> Windows is set for automatic updates and SP3 is installed. I'll

> try downloading these two programs and installing them via the

> USB memory stick. So far that works yet.

>

> PA Bear [MS MVP] wrote:

>> NB: If you had no anti-virus application installed or the subscription

>> had expired *when the machine first got infected* and/or your

>> subscription has since expired and/or the machine's not been kept

>> fully-patched at Windows Update, don't waste your time with any of the

>> below: Format & reinstall Windows. A Repair Install will NOT help!

>>

>> Microsoft PCSafety provides home users (only) with no-charge support in

>> dealing with malware infections such as viruses, spyware (including

>> unwanted software), and adware.

>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

>>

>> Also available via the Consumer Security Support home page:

>> https://consumersecuritysupport.microsoft.com/

>>

>> Otherwise...

>>

>> 1. See if you can download/run the MSRT manually:

>> http://www.microsoft.com/security/malwareremove/default.mspx

>>

>> NB: Run the FULL scan, not the QUICK scan! You may need to download the

>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected

>> machine and rename it to SCAN.EXE before running it.

>>

>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan

>> (only!) in Safe Mode with Networking, if need be:

>> http://onecare.live.com/site/en-us/center/howsafe.htm

>>

>> 2b. Vista or Win7=> Run this scan instead:

>> http://onecare.live.com/site/en-us/center/whatsnew.htm

>>

>> 3. Now run a thorough check for hijackware, including posting requested

>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

>>

>> Checking for/Help with Hijackware:

>> . http://mvps.org/winhelp2002/unwanted.htm

>> . http://inetexplorer.mvps.org/tshoot.html

>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm

>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>

>> **Chances are you will need to seek expert assistance in

>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>> http://www.spywarewarrior.com/viewforum.php?f=5,

>> http://www.dslreports.com/forum/cleanup,

>> http://www.bluetack.co.uk/forums/index.php,

>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>>

>> If these procedures look too complex - and there is no shame in

>> admitting this isn't your cup of tea - take the machine to a local,

>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)

>> computer repair shop.

 

[PA Bear [MS MVP]]

[TYPO CORRECTED]



PA Bear [MS MVP] wrote:

>> ...I'll

>> try downloading these two programs and installing them via the

>> USB memory stick.

>

> Don't! Use a CD or DVD to transfer the files to the infected machine.

>

> 1. Unless it's a brand-new, never-been-used flash drive, it [COULD] be

> infected and/or the source of your infection!

>

> 2. Inserting the flash drive into the infected computer may end up

> infecting

> the flash drive (which could then transfer the infection to another

> computer).

>

>

> Dennis wrote:

>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran

>> regularly. McAffee is installed and set for automatic updates.

>> Windows is set for automatic updates and SP3 is installed. I'll

>> try downloading these two programs and installing them via the

>> USB memory stick. So far that works yet.

>>

>> PA Bear [MS MVP] wrote:

>>> NB: If you had no anti-virus application installed or the subscription

>>> had expired *when the machine first got infected* and/or your

>>> subscription has since expired and/or the machine's not been kept

>>> fully-patched at Windows Update, don't waste your time with any of the

>>> below: Format & reinstall Windows. A Repair Install will NOT help!

>>>

>>> Microsoft PCSafety provides home users (only) with no-charge support in

>>> dealing with malware infections such as viruses, spyware (including

>>> unwanted software), and adware.

>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

>>>

>>> Also available via the Consumer Security Support home page:

>>> https://consumersecuritysupport.microsoft.com/

>>>

>>> Otherwise...

>>>

>>> 1. See if you can download/run the MSRT manually:

>>> http://www.microsoft.com/security/malwareremove/default.mspx

>>>

>>> NB: Run the FULL scan, not the QUICK scan! You may need to download the

>>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected

>>> machine and rename it to SCAN.EXE before running it.

>>>

>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan

>>> (only!) in Safe Mode with Networking, if need be:

>>> http://onecare.live.com/site/en-us/center/howsafe.htm

>>>

>>> 2b. Vista or Win7=> Run this scan instead:

>>> http://onecare.live.com/site/en-us/center/whatsnew.htm

>>>

>>> 3. Now run a thorough check for hijackware, including posting requested

>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

>>>

>>> Checking for/Help with Hijackware:

>>> . http://mvps.org/winhelp2002/unwanted.htm

>>> . http://inetexplorer.mvps.org/tshoot.html

>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm

>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>>

>>> **Chances are you will need to seek expert assistance in

>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>> http://www.dslreports.com/forum/cleanup,

>>> http://www.bluetack.co.uk/forums/index.php,

>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>>>

>>> If these procedures look too complex - and there is no shame in

>>> admitting this isn't your cup of tea - take the machine to a local,

>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)

>>> computer repair shop.

 

[Elmo]

Dennis wrote:

> My daughter has this AND Microsoft.Windows.RedirectedHosts on

> her computer. SpyBot finds them but can't fix them. It says

> "Can not create C:\Windows\System32\Drivers\ETC\Hosts access

> denied". I downloaded HostsXpert and get the same message from

> that when I try to reset to the original Windows hosts file.

> MalwareBytes finds nothing as does SuperAntiSpyware. The only

> way I can run anything is in Safe Mode. No icons work in regular

> mode. If I click an icon I get a window asking what program I

> want to use to open it.

> Any help greatly appreciated...



List what processes and tasks are running in Safe Mode, and maybe we can

see what shouldn't be running. But the malware has probably changed

permissions and associations. A few things you need to do to get

control back, perhaps in the order shown:



1. Restore registry permissions, possibly by this method:

http://forums.majorgeeks.com/showthread.php?t=169862

or

http://support.microsoft.com/kb/949377



2. Fix File Associations for .lnk (shortcut) and .exe files.

http://dougknox.com/xp/file_assoc.htm



3. Get rid of the malware, despite any registry or permissions settings.

I would have no problem burning, then running the following CD before

trying the other fixes, because I know this method works:



Download this Avira Antivir Rescue System program which will burn a CD

image to a blank CD. It's updated a few times per day. Insert the CD

into the damaged machine and let it do a scan of your system. Before

starting the scan, select "Configuration" and set to repair or rename

the infected files. Sometimes your machine won't restart after such a

repair process, so you might want to save needed files to another system

before using this. If you can't, then you can move the hard drive to

another machine to copy needed files. You can do that before, or after

this scan.



http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html



You can try some of the CD's mentioned at the following site.

BitDefender was my favorite, but if the infected machine can't connect

to the internet to get updates, Avira comes with current virus

definitions. Also, some of these just won't run on some systems,

perhaps because there's no drivers available for some system devices,

motherboard, graphics card, etc. So try a few of these till you find

one that works:



Burn BitDefender, or another program listed at the link below, to a CD

(using a working machine) and test the infected machine with it.

BitDefender also has a Rootkit checker on the Linux Desktop; run it if

you think that's the problem:



http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/



Download the executable rather than the .iso image, if one is available,

(though no .exe is available for BitDefender).



After the scan is run, if you elect to quarantine files, they're

quarantined to RAM and lost after you reboot. You'll need to copy any

quarantined files to the hard drive, a thumb drive or elsewhere before

exiting.



--

Joe =o)

 

[Dennis]

This is the current situation. No programs find any viruses now.

But in regular mode no desk top icons work. McAfee updated but

won't run if you click the icon. It pops a window asking what

program you want to use to run it as does everything else.

The start menu works but if you click any programs they do not

run. But in safe mode, all the desk top icons work if I use

the "Administrator" user but not if I use the regular user name

to log in. Using her normal user name to log in, the desk top

icons don't work in regular mode or safe mode.



PA Bear [MS MVP] wrote:

> [TYPO CORRECTED]

>

> PA Bear [MS MVP] wrote:

>>> ...I'll

>>> try downloading these two programs and installing them via the

>>> USB memory stick.

>>

>> Don't! Use a CD or DVD to transfer the files to the infected machine.

>>

>> 1. Unless it's a brand-new, never-been-used flash drive, it [COULD] be

>> infected and/or the source of your infection!

>>

>> 2. Inserting the flash drive into the infected computer may end up

>> infecting

>> the flash drive (which could then transfer the infection to another

>> computer).

>>

>>

>> Dennis wrote:

>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran

>>> regularly. McAffee is installed and set for automatic updates.

>>> Windows is set for automatic updates and SP3 is installed. I'll

>>> try downloading these two programs and installing them via the

>>> USB memory stick. So far that works yet.

>>>

>>> PA Bear [MS MVP] wrote:

>>>> NB: If you had no anti-virus application installed or the subscription

>>>> had expired *when the machine first got infected* and/or your

>>>> subscription has since expired and/or the machine's not been kept

>>>> fully-patched at Windows Update, don't waste your time with any of the

>>>> below: Format & reinstall Windows. A Repair Install will NOT help!

>>>>

>>>> Microsoft PCSafety provides home users (only) with no-charge support in

>>>> dealing with malware infections such as viruses, spyware (including

>>>> unwanted software), and adware.

>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

>>>>

>>>> Also available via the Consumer Security Support home page:

>>>> https://consumersecuritysupport.microsoft.com/

>>>>

>>>> Otherwise...

>>>>

>>>> 1. See if you can download/run the MSRT manually:

>>>> http://www.microsoft.com/security/malwareremove/default.mspx

>>>>

>>>> NB: Run the FULL scan, not the QUICK scan! You may need to download

>>>> the

>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected

>>>> machine and rename it to SCAN.EXE before running it.

>>>>

>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan

>>>> (only!) in Safe Mode with Networking, if need be:

>>>> http://onecare.live.com/site/en-us/center/howsafe.htm

>>>>

>>>> 2b. Vista or Win7=> Run this scan instead:

>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm

>>>>

>>>> 3. Now run a thorough check for hijackware, including posting requested

>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

>>>>

>>>> Checking for/Help with Hijackware:

>>>> . http://mvps.org/winhelp2002/unwanted.htm

>>>> . http://inetexplorer.mvps.org/tshoot.html

>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm

>>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>>>

>>>> **Chances are you will need to seek expert assistance in

>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>>> http://www.dslreports.com/forum/cleanup,

>>>> http://www.bluetack.co.uk/forums/index.php,

>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>>>>

>>>> If these procedures look too complex - and there is no shame in

>>>> admitting this isn't your cup of tea - take the machine to a local,

>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)

>>>> computer repair shop.

>

 

[PA Bear [MS MVP]]

Have you completed Steps #1, #2, and #3? [yes/no]



Dennis wrote:

> This is the current situation. No programs find any viruses now.

> But in regular mode no desk top icons work. McAfee updated but

> won't run if you click the icon. It pops a window asking what

> program you want to use to run it as does everything else.

> The start menu works but if you click any programs they do not

> run. But in safe mode, all the desk top icons work if I use

> the "Administrator" user but not if I use the regular user name

> to log in. Using her normal user name to log in, the desk top

> icons don't work in regular mode or safe mode.

>

> PA Bear [MS MVP] wrote:

>> [TYPO CORRECTED]

>>

>> PA Bear [MS MVP] wrote:

>>>> ...I'll

>>>> try downloading these two programs and installing them via the

>>>> USB memory stick.

>>>

>>> Don't! Use a CD or DVD to transfer the files to the infected machine.

>>>

>>> 1. Unless it's a brand-new, never-been-used flash drive, it [COULD] be

>>> infected and/or the source of your infection!

>>>

>>> 2. Inserting the flash drive into the infected computer may end up

>>> infecting

>>> the flash drive (which could then transfer the infection to another

>>> computer).

>>>

>>>

>>> Dennis wrote:

>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran

>>>> regularly. McAffee is installed and set for automatic updates.

>>>> Windows is set for automatic updates and SP3 is installed. I'll

>>>> try downloading these two programs and installing them via the

>>>> USB memory stick. So far that works yet.

>>>>

>>>> PA Bear [MS MVP] wrote:

>>>>> NB: If you had no anti-virus application installed or the subscription

>>>>> had expired *when the machine first got infected* and/or your

>>>>> subscription has since expired and/or the machine's not been kept

>>>>> fully-patched at Windows Update, don't waste your time with any of the

>>>>> below: Format & reinstall Windows. A Repair Install will NOT help!

>>>>>

>>>>> Microsoft PCSafety provides home users (only) with no-charge support

>>>>> in

>>>>> dealing with malware infections such as viruses, spyware (including

>>>>> unwanted software), and adware.

>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

>>>>>

>>>>> Also available via the Consumer Security Support home page:

>>>>> https://consumersecuritysupport.microsoft.com/

>>>>>

>>>>> Otherwise...

>>>>>

>>>>> 1. See if you can download/run the MSRT manually:

>>>>> http://www.microsoft.com/security/malwareremove/default.mspx

>>>>>

>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to download

>>>>> the

>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected

>>>>> machine and rename it to SCAN.EXE before running it.

>>>>>

>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan

>>>>> (only!) in Safe Mode with Networking, if need be:

>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm

>>>>>

>>>>> 2b. Vista or Win7=> Run this scan instead:

>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm

>>>>>

>>>>> 3. Now run a thorough check for hijackware, including posting

>>>>> requested

>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

>>>>>

>>>>> Checking for/Help with Hijackware:

>>>>> . http://mvps.org/winhelp2002/unwanted.htm

>>>>> . http://inetexplorer.mvps.org/tshoot.html

>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm

>>>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>>>>

>>>>> **Chances are you will need to seek expert assistance in

>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>>>> http://www.dslreports.com/forum/cleanup,

>>>>> http://www.bluetack.co.uk/forums/index.php,

>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>>>>>

>>>>> If these procedures look too complex - and there is no shame in

>>>>> admitting this isn't your cup of tea - take the machine to a local,

>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)

>>>>> computer repair shop.

 

[Dennis]

Yes.



I ran MSRT and it found nothing.



I can't install Widows Live in Safe Mode and in regular mode

clicking the icon pops up the "Which program do you want to

use to open this" window. So I can't install it either way.

So, I finally tried Windows Update icon and it connected to

Microsoft. I put in the Url you listed and got to the Protection

Scan. It found nothing but was run in Safe Mode. I rebooted in

normal mode and still no icons open programs.



I ran HiJack This and it found some entries in

C:\Windows\system32\drivers\etc\ that were removed. After

that Spybot did not find anything. Spybot no longer says there

were things it could not fix because it could not write to

C:\Windows\system32\drivers\etc



So, right now in normal mode, no icons open programs. In Safe

Mode with Networking, signed in as a normal user no icons work.

But in Safe Mode with Networking signed in as Administrator,

all the icons open the programs as they should except IE and OE.

MalwareBytes, SuperAntiSpyware, and Spybot all update and run

but find nothing IF ran in Safe Mode as Administrator..







PA Bear [MS MVP] wrote:

>

> Have you completed Steps #1, #2, and #3? [yes/no]

>

> Dennis wrote:

>> This is the current situation. No programs find any viruses now.

>> But in regular mode no desk top icons work. McAfee updated but

>> won't run if you click the icon. It pops a window asking what

>> program you want to use to run it as does everything else.

>> The start menu works but if you click any programs they do not

>> run. But in safe mode, all the desk top icons work if I use

>> the "Administrator" user but not if I use the regular user name

>> to log in. Using her normal user name to log in, the desk top

>> icons don't work in regular mode or safe mode.

>>

>> PA Bear [MS MVP] wrote:

>>> [TYPO CORRECTED]

>>>

>>> PA Bear [MS MVP] wrote:

>>>>> ...I'll

>>>>> try downloading these two programs and installing them via the

>>>>> USB memory stick.

>>>>

>>>> Don't! Use a CD or DVD to transfer the files to the infected machine.

>>>>

>>>> 1. Unless it's a brand-new, never-been-used flash drive, it [COULD] be

>>>> infected and/or the source of your infection!

>>>>

>>>> 2. Inserting the flash drive into the infected computer may end up

>>>> infecting

>>>> the flash drive (which could then transfer the infection to another

>>>> computer).

>>>>

>>>>

>>>> Dennis wrote:

>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran

>>>>> regularly. McAffee is installed and set for automatic updates.

>>>>> Windows is set for automatic updates and SP3 is installed. I'll

>>>>> try downloading these two programs and installing them via the

>>>>> USB memory stick. So far that works yet.

>>>>>

>>>>> PA Bear [MS MVP] wrote:

>>>>>> NB: If you had no anti-virus application installed or the

>>>>>> subscription

>>>>>> had expired *when the machine first got infected* and/or your

>>>>>> subscription has since expired and/or the machine's not been kept

>>>>>> fully-patched at Windows Update, don't waste your time with any of

>>>>>> the

>>>>>> below: Format & reinstall Windows. A Repair Install will NOT help!

>>>>>>

>>>>>> Microsoft PCSafety provides home users (only) with no-charge support

>>>>>> in

>>>>>> dealing with malware infections such as viruses, spyware (including

>>>>>> unwanted software), and adware.

>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

>>>>>>

>>>>>> Also available via the Consumer Security Support home page:

>>>>>> https://consumersecuritysupport.microsoft.com/

>>>>>>

>>>>>> Otherwise...

>>>>>>

>>>>>> 1. See if you can download/run the MSRT manually:

>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx

>>>>>>

>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to download

>>>>>> the

>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected

>>>>>> machine and rename it to SCAN.EXE before running it.

>>>>>>

>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan

>>>>>> (only!) in Safe Mode with Networking, if need be:

>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm

>>>>>>

>>>>>> 2b. Vista or Win7=> Run this scan instead:

>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm

>>>>>>

>>>>>> 3. Now run a thorough check for hijackware, including posting

>>>>>> requested

>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

>>>>>>

>>>>>> Checking for/Help with Hijackware:

>>>>>> . http://mvps.org/winhelp2002/unwanted.htm

>>>>>> . http://inetexplorer.mvps.org/tshoot.html

>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm

>>>>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>>>>>

>>>>>> **Chances are you will need to seek expert assistance in

>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>>>>> http://www.dslreports.com/forum/cleanup,

>>>>>> http://www.bluetack.co.uk/forums/index.php,

>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>>>>>>

>>>>>> If these procedures look too complex - and there is no shame in

>>>>>> admitting this isn't your cup of tea - take the machine to a local,

>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)

>>>>>> computer repair shop.

>

 

[Jose]

On Mar 4, 10:20 am, Dennis wrote:

> Yes.

>

> I ran MSRT and it found nothing.

>

> I can't install Widows Live in Safe Mode and in regular mode

> clicking the icon pops up the "Which program do you want to

> use to open this" window. So I can't install it either way.

> So, I finally tried Windows Update icon and it connected to

> Microsoft. I put in the Url you listed and got to the Protection

> Scan. It found nothing but was run in Safe Mode. I rebooted in

> normal mode and still no icons open programs.

>

> I ran HiJack This and it found some entries in

> C:\Windows\system32\drivers\etc\ that were removed. After

> that Spybot did not find anything. Spybot no longer says there

> were things it could not fix because it could not write to

> C:\Windows\system32\drivers\etc

>

> So, right now in normal mode, no icons open programs. In Safe

> Mode with Networking, signed in as a normal user no icons work.

> But in Safe Mode with Networking signed in as Administrator,

> all the icons open the programs as they should except IE and OE.

> MalwareBytes, SuperAntiSpyware, and Spybot all update and run

> but find nothing IF ran in Safe Mode as Administrator..

>

> PA Bear [MS MVP] wrote:



Go to the following link, read the directions at the top of the page

and apply the EXE File Association Fix:



http://www.dougknox.com/xp/file_assoc.htm

 

[Dennis]

Will this work in safe Mode? That is the only way I can run a program...



Jose wrote:

> On Mar 4, 10:20 am, Dennis wrote:

>> Yes.

>>

>> I ran MSRT and it found nothing.

>>

>> I can't install Widows Live in Safe Mode and in regular mode

>> clicking the icon pops up the "Which program do you want to

>> use to open this" window. So I can't install it either way.

>> So, I finally tried Windows Update icon and it connected to

>> Microsoft. I put in the Url you listed and got to the Protection

>> Scan. It found nothing but was run in Safe Mode. I rebooted in

>> normal mode and still no icons open programs.

>>

>> I ran HiJack This and it found some entries in

>> C:\Windows\system32\drivers\etc\ that were removed. After

>> that Spybot did not find anything. Spybot no longer says there

>> were things it could not fix because it could not write to

>> C:\Windows\system32\drivers\etc

>>

>> So, right now in normal mode, no icons open programs. In Safe

>> Mode with Networking, signed in as a normal user no icons work.

>> But in Safe Mode with Networking signed in as Administrator,

>> all the icons open the programs as they should except IE and OE.

>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run

>> but find nothing IF ran in Safe Mode as Administrator..

>>

>> PA Bear [MS MVP] wrote:

>

> Go to the following link, read the directions at the top of the page

> and apply the EXE File Association Fix:

>

> http://www.dougknox.com/xp/file_assoc.htm

 

[PA Bear [MS MVP]]

Repost:



**Chances are you will need to seek expert assistance in

http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

http://www.spywarewarrior.com/viewforum.php?f=5,

http://www.dslreports.com/forum/cleanup,

http://www.bluetack.co.uk/forums/index.php,

http://aumha.net/viewforum.php?f=30 or other appropriate forums.**





Dennis wrote:

> Yes.

>

> I ran MSRT and it found nothing.

>

> I can't install Widows Live in Safe Mode and in regular mode

> clicking the icon pops up the "Which program do you want to

> use to open this" window. So I can't install it either way.

> So, I finally tried Windows Update icon and it connected to

> Microsoft. I put in the Url you listed and got to the Protection

> Scan. It found nothing but was run in Safe Mode. I rebooted in

> normal mode and still no icons open programs.

>

> I ran HiJack This and it found some entries in

> C:\Windows\system32\drivers\etc\ that were removed. After

> that Spybot did not find anything. Spybot no longer says there

> were things it could not fix because it could not write to

> C:\Windows\system32\drivers\etc

>

> So, right now in normal mode, no icons open programs. In Safe

> Mode with Networking, signed in as a normal user no icons work.

> But in Safe Mode with Networking signed in as Administrator,

> all the icons open the programs as they should except IE and OE.

> MalwareBytes, SuperAntiSpyware, and Spybot all update and run

> but find nothing IF ran in Safe Mode as Administrator..

>

>

>

> PA Bear [MS MVP] wrote:

>>

>> Have you completed Steps #1, #2, and #3? [yes/no]

>>

>> Dennis wrote:

>>> This is the current situation. No programs find any viruses now.

>>> But in regular mode no desk top icons work. McAfee updated but

>>> won't run if you click the icon. It pops a window asking what

>>> program you want to use to run it as does everything else.

>>> The start menu works but if you click any programs they do not

>>> run. But in safe mode, all the desk top icons work if I use

>>> the "Administrator" user but not if I use the regular user name

>>> to log in. Using her normal user name to log in, the desk top

>>> icons don't work in regular mode or safe mode.

>>>

>>> PA Bear [MS MVP] wrote:

>>>> [TYPO CORRECTED]

>>>>

>>>> PA Bear [MS MVP] wrote:

>>>>>> ...I'll

>>>>>> try downloading these two programs and installing them via the

>>>>>> USB memory stick.

>>>>>

>>>>> Don't! Use a CD or DVD to transfer the files to the infected machine.

>>>>>

>>>>> 1. Unless it's a brand-new, never-been-used flash drive, it [COULD] be

>>>>> infected and/or the source of your infection!

>>>>>

>>>>> 2. Inserting the flash drive into the infected computer may end up

>>>>> infecting

>>>>> the flash drive (which could then transfer the infection to another

>>>>> computer).

>>>>>

>>>>>

>>>>> Dennis wrote:

>>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran

>>>>>> regularly. McAffee is installed and set for automatic updates.

>>>>>> Windows is set for automatic updates and SP3 is installed. I'll

>>>>>> try downloading these two programs and installing them via the

>>>>>> USB memory stick. So far that works yet.

>>>>>>

>>>>>> PA Bear [MS MVP] wrote:

>>>>>>> NB: If you had no anti-virus application installed or the

>>>>>>> subscription

>>>>>>> had expired *when the machine first got infected* and/or your

>>>>>>> subscription has since expired and/or the machine's not been kept

>>>>>>> fully-patched at Windows Update, don't waste your time with any of

>>>>>>> the

>>>>>>> below: Format & reinstall Windows. A Repair Install will NOT help!

>>>>>>>

>>>>>>> Microsoft PCSafety provides home users (only) with no-charge support

>>>>>>> in

>>>>>>> dealing with malware infections such as viruses, spyware (including

>>>>>>> unwanted software), and adware.

>>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

>>>>>>>

>>>>>>> Also available via the Consumer Security Support home page:

>>>>>>> https://consumersecuritysupport.microsoft.com/

>>>>>>>

>>>>>>> Otherwise...

>>>>>>>

>>>>>>> 1. See if you can download/run the MSRT manually:

>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx

>>>>>>>

>>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to download

>>>>>>> the

>>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the

>>>>>>> infected

>>>>>>> machine and rename it to SCAN.EXE before running it.

>>>>>>>

>>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan

>>>>>>> (only!) in Safe Mode with Networking, if need be:

>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm

>>>>>>>

>>>>>>> 2b. Vista or Win7=> Run this scan instead:

>>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm

>>>>>>>

>>>>>>> 3. Now run a thorough check for hijackware, including posting

>>>>>>> requested

>>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

>>>>>>>

>>>>>>> Checking for/Help with Hijackware:

>>>>>>> . http://mvps.org/winhelp2002/unwanted.htm

>>>>>>> . http://inetexplorer.mvps.org/tshoot.html

>>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm

>>>>>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>>>>>>

>>>>>>> **Chances are you will need to seek expert assistance in

>>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>>>>>> http://www.dslreports.com/forum/cleanup,

>>>>>>> http://www.bluetack.co.uk/forums/index.php,

>>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>>>>>>>

>>>>>>> If these procedures look too complex - and there is no shame in

>>>>>>> admitting this isn't your cup of tea - take the machine to a local,

>>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)

>>>>>>> computer repair shop.

 

[Dennis]

I tried it and it seems to have fix the problem. Everything seems

to be functioning and no viruses are found...



Jose wrote:

> On Mar 4, 10:20 am, Dennis wrote:

>> Yes.

>>

>> I ran MSRT and it found nothing.

>>

>> I can't install Widows Live in Safe Mode and in regular mode

>> clicking the icon pops up the "Which program do you want to

>> use to open this" window. So I can't install it either way.

>> So, I finally tried Windows Update icon and it connected to

>> Microsoft. I put in the Url you listed and got to the Protection

>> Scan. It found nothing but was run in Safe Mode. I rebooted in

>> normal mode and still no icons open programs.

>>

>> I ran HiJack This and it found some entries in

>> C:\Windows\system32\drivers\etc\ that were removed. After

>> that Spybot did not find anything. Spybot no longer says there

>> were things it could not fix because it could not write to

>> C:\Windows\system32\drivers\etc

>>

>> So, right now in normal mode, no icons open programs. In Safe

>> Mode with Networking, signed in as a normal user no icons work.

>> But in Safe Mode with Networking signed in as Administrator,

>> all the icons open the programs as they should except IE and OE.

>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run

>> but find nothing IF ran in Safe Mode as Administrator..

>>

>> PA Bear [MS MVP] wrote:

>

> Go to the following link, read the directions at the top of the page

> and apply the EXE File Association Fix:

>

> http://www.dougknox.com/xp/file_assoc.htm

 

[Dennis]

The EXE File Association Fix from this site fixed the problem

of the icons not working. Everything is functioning now and

no viruses detected.



http://www.dougknox.com/xp/file_assoc.htm



PA Bear [MS MVP] wrote:

> Repost:

>

> **Chances are you will need to seek expert assistance in

> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

> http://www.spywarewarrior.com/viewforum.php?f=5,

> http://www.dslreports.com/forum/cleanup,

> http://www.bluetack.co.uk/forums/index.php,

> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>

>

> Dennis wrote:

>> Yes.

>>

>> I ran MSRT and it found nothing.

>>

>> I can't install Widows Live in Safe Mode and in regular mode

>> clicking the icon pops up the "Which program do you want to

>> use to open this" window. So I can't install it either way.

>> So, I finally tried Windows Update icon and it connected to

>> Microsoft. I put in the Url you listed and got to the Protection

>> Scan. It found nothing but was run in Safe Mode. I rebooted in

>> normal mode and still no icons open programs.

>>

>> I ran HiJack This and it found some entries in

>> C:\Windows\system32\drivers\etc\ that were removed. After

>> that Spybot did not find anything. Spybot no longer says there

>> were things it could not fix because it could not write to

>> C:\Windows\system32\drivers\etc

>>

>> So, right now in normal mode, no icons open programs. In Safe

>> Mode with Networking, signed in as a normal user no icons work.

>> But in Safe Mode with Networking signed in as Administrator,

>> all the icons open the programs as they should except IE and OE.

>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run

>> but find nothing IF ran in Safe Mode as Administrator..

>>

>>

>>

>> PA Bear [MS MVP] wrote:

>>>

>>> Have you completed Steps #1, #2, and #3? [yes/no]

>>>

>>> Dennis wrote:

>>>> This is the current situation. No programs find any viruses now.

>>>> But in regular mode no desk top icons work. McAfee updated but

>>>> won't run if you click the icon. It pops a window asking what

>>>> program you want to use to run it as does everything else.

>>>> The start menu works but if you click any programs they do not

>>>> run. But in safe mode, all the desk top icons work if I use

>>>> the "Administrator" user but not if I use the regular user name

>>>> to log in. Using her normal user name to log in, the desk top

>>>> icons don't work in regular mode or safe mode.

>>>>

>>>> PA Bear [MS MVP] wrote:

>>>>> [TYPO CORRECTED]

>>>>>

>>>>> PA Bear [MS MVP] wrote:

>>>>>>> ...I'll

>>>>>>> try downloading these two programs and installing them via the

>>>>>>> USB memory stick.

>>>>>>

>>>>>> Don't! Use a CD or DVD to transfer the files to the infected

>>>>>> machine.

>>>>>>

>>>>>> 1. Unless it's a brand-new, never-been-used flash drive, it

>>>>>> [COULD] be

>>>>>> infected and/or the source of your infection!

>>>>>>

>>>>>> 2. Inserting the flash drive into the infected computer may end up

>>>>>> infecting

>>>>>> the flash drive (which could then transfer the infection to another

>>>>>> computer).

>>>>>>

>>>>>>

>>>>>> Dennis wrote:

>>>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran

>>>>>>> regularly. McAffee is installed and set for automatic updates.

>>>>>>> Windows is set for automatic updates and SP3 is installed. I'll

>>>>>>> try downloading these two programs and installing them via the

>>>>>>> USB memory stick. So far that works yet.

>>>>>>>

>>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>> NB: If you had no anti-virus application installed or the

>>>>>>>> subscription

>>>>>>>> had expired *when the machine first got infected* and/or your

>>>>>>>> subscription has since expired and/or the machine's not been kept

>>>>>>>> fully-patched at Windows Update, don't waste your time with any of

>>>>>>>> the

>>>>>>>> below: Format & reinstall Windows. A Repair Install will NOT help!

>>>>>>>>

>>>>>>>> Microsoft PCSafety provides home users (only) with no-charge

>>>>>>>> support

>>>>>>>> in

>>>>>>>> dealing with malware infections such as viruses, spyware (including

>>>>>>>> unwanted software), and adware.

>>>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

>>>>>>>>

>>>>>>>> Also available via the Consumer Security Support home page:

>>>>>>>> https://consumersecuritysupport.microsoft.com/

>>>>>>>>

>>>>>>>> Otherwise...

>>>>>>>>

>>>>>>>> 1. See if you can download/run the MSRT manually:

>>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx

>>>>>>>>

>>>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to

>>>>>>>> download

>>>>>>>> the

>>>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the

>>>>>>>> infected

>>>>>>>> machine and rename it to SCAN.EXE before running it.

>>>>>>>>

>>>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan

>>>>>>>> (only!) in Safe Mode with Networking, if need be:

>>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm

>>>>>>>>

>>>>>>>> 2b. Vista or Win7=> Run this scan instead:

>>>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm

>>>>>>>>

>>>>>>>> 3. Now run a thorough check for hijackware, including posting

>>>>>>>> requested

>>>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

>>>>>>>>

>>>>>>>> Checking for/Help with Hijackware:

>>>>>>>> . http://mvps.org/winhelp2002/unwanted.htm

>>>>>>>> . http://inetexplorer.mvps.org/tshoot.html

>>>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm

>>>>>>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>>>>>>>

>>>>>>>> **Chances are you will need to seek expert assistance in

>>>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>>>>>>> http://www.dslreports.com/forum/cleanup,

>>>>>>>> http://www.bluetack.co.uk/forums/index.php,

>>>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>>>>>>>>

>>>>>>>> If these procedures look too complex - and there is no shame in

>>>>>>>> admitting this isn't your cup of tea - take the machine to a local,

>>>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)

>>>>>>>> computer repair shop.

>

 

[PA Bear [MS MVP]]

If you needed that fix, I wonder what else might still be wrong?...



Dennis wrote:

> The EXE File Association Fix from this site fixed the problem

> of the icons not working. Everything is functioning now and

> no viruses detected.

>

> http://www.dougknox.com/xp/file_assoc.htm

>

> PA Bear [MS MVP] wrote:

>> Repost:

>>

>> **Chances are you will need to seek expert assistance in

>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>> http://www.spywarewarrior.com/viewforum.php?f=5,

>> http://www.dslreports.com/forum/cleanup,

>> http://www.bluetack.co.uk/forums/index.php,

>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>>

>>

>> Dennis wrote:

>>> Yes.

>>>

>>> I ran MSRT and it found nothing.

>>>

>>> I can't install Widows Live in Safe Mode and in regular mode

>>> clicking the icon pops up the "Which program do you want to

>>> use to open this" window. So I can't install it either way.

>>> So, I finally tried Windows Update icon and it connected to

>>> Microsoft. I put in the Url you listed and got to the Protection

>>> Scan. It found nothing but was run in Safe Mode. I rebooted in

>>> normal mode and still no icons open programs.

>>>

>>> I ran HiJack This and it found some entries in

>>> C:\Windows\system32\drivers\etc\ that were removed. After

>>> that Spybot did not find anything. Spybot no longer says there

>>> were things it could not fix because it could not write to

>>> C:\Windows\system32\drivers\etc

>>>

>>> So, right now in normal mode, no icons open programs. In Safe

>>> Mode with Networking, signed in as a normal user no icons work.

>>> But in Safe Mode with Networking signed in as Administrator,

>>> all the icons open the programs as they should except IE and OE.

>>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run

>>> but find nothing IF ran in Safe Mode as Administrator..

>>>

>>>

>>>

>>> PA Bear [MS MVP] wrote:

>>>>

>>>> Have you completed Steps #1, #2, and #3? [yes/no]

>>>>

>>>> Dennis wrote:

>>>>> This is the current situation. No programs find any viruses now.

>>>>> But in regular mode no desk top icons work. McAfee updated but

>>>>> won't run if you click the icon. It pops a window asking what

>>>>> program you want to use to run it as does everything else.

>>>>> The start menu works but if you click any programs they do not

>>>>> run. But in safe mode, all the desk top icons work if I use

>>>>> the "Administrator" user but not if I use the regular user name

>>>>> to log in. Using her normal user name to log in, the desk top

>>>>> icons don't work in regular mode or safe mode.

>>>>>

>>>>> PA Bear [MS MVP] wrote:

>>>>>> [TYPO CORRECTED]

>>>>>>

>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>> ...I'll

>>>>>>>> try downloading these two programs and installing them via the

>>>>>>>> USB memory stick.

>>>>>>>

>>>>>>> Don't! Use a CD or DVD to transfer the files to the infected

>>>>>>> machine.

>>>>>>>

>>>>>>> 1. Unless it's a brand-new, never-been-used flash drive, it

>>>>>>> [COULD] be

>>>>>>> infected and/or the source of your infection!

>>>>>>>

>>>>>>> 2. Inserting the flash drive into the infected computer may end up

>>>>>>> infecting

>>>>>>> the flash drive (which could then transfer the infection to another

>>>>>>> computer).

>>>>>>>

>>>>>>>

>>>>>>> Dennis wrote:

>>>>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran

>>>>>>>> regularly. McAffee is installed and set for automatic updates.

>>>>>>>> Windows is set for automatic updates and SP3 is installed. I'll

>>>>>>>> try downloading these two programs and installing them via the

>>>>>>>> USB memory stick. So far that works yet.

>>>>>>>>

>>>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>>> NB: If you had no anti-virus application installed or the

>>>>>>>>> subscription

>>>>>>>>> had expired *when the machine first got infected* and/or your

>>>>>>>>> subscription has since expired and/or the machine's not been kept

>>>>>>>>> fully-patched at Windows Update, don't waste your time with any of

>>>>>>>>> the

>>>>>>>>> below: Format & reinstall Windows. A Repair Install will NOT

>>>>>>>>> help!

>>>>>>>>>

>>>>>>>>> Microsoft PCSafety provides home users (only) with no-charge

>>>>>>>>> support

>>>>>>>>> in

>>>>>>>>> dealing with malware infections such as viruses, spyware

>>>>>>>>> (including

>>>>>>>>> unwanted software), and adware.

>>>>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

>>>>>>>>>

>>>>>>>>> Also available via the Consumer Security Support home page:

>>>>>>>>> https://consumersecuritysupport.microsoft.com/

>>>>>>>>>

>>>>>>>>> Otherwise...

>>>>>>>>>

>>>>>>>>> 1. See if you can download/run the MSRT manually:

>>>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx

>>>>>>>>>

>>>>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to

>>>>>>>>> download

>>>>>>>>> the

>>>>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the

>>>>>>>>> infected

>>>>>>>>> machine and rename it to SCAN.EXE before running it.

>>>>>>>>>

>>>>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection'

>>>>>>>>> scan

>>>>>>>>> (only!) in Safe Mode with Networking, if need be:

>>>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm

>>>>>>>>>

>>>>>>>>> 2b. Vista or Win7=> Run this scan instead:

>>>>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm

>>>>>>>>>

>>>>>>>>> 3. Now run a thorough check for hijackware, including posting

>>>>>>>>> requested

>>>>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

>>>>>>>>>

>>>>>>>>> Checking for/Help with Hijackware:

>>>>>>>>> . http://mvps.org/winhelp2002/unwanted.htm

>>>>>>>>> . http://inetexplorer.mvps.org/tshoot.html

>>>>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm

>>>>>>>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>>>>>>>>

>>>>>>>>> **Chances are you will need to seek expert assistance in

>>>>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>>>>>>>> http://www.dslreports.com/forum/cleanup,

>>>>>>>>> http://www.bluetack.co.uk/forums/index.php,

>>>>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>>>>>>>>>

>>>>>>>>> If these procedures look too complex - and there is no shame in

>>>>>>>>> admitting this isn't your cup of tea - take the machine to a

>>>>>>>>> local,

>>>>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)

>>>>>>>>> computer repair shop.

 

[Dennis]

I guess time will tell.



PA Bear [MS MVP] wrote:

> If you needed that fix, I wonder what else might still be wrong?...

>

> Dennis wrote:

>> The EXE File Association Fix from this site fixed the problem

>> of the icons not working. Everything is functioning now and

>> no viruses detected.

>>

>> http://www.dougknox.com/xp/file_assoc.htm

>>

>> PA Bear [MS MVP] wrote:

>>> Repost:

>>>

>>> **Chances are you will need to seek expert assistance in

>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>> http://www.dslreports.com/forum/cleanup,

>>> http://www.bluetack.co.uk/forums/index.php,

>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>>>

>>>

>>> Dennis wrote:

>>>> Yes.

>>>>

>>>> I ran MSRT and it found nothing.

>>>>

>>>> I can't install Widows Live in Safe Mode and in regular mode

>>>> clicking the icon pops up the "Which program do you want to

>>>> use to open this" window. So I can't install it either way.

>>>> So, I finally tried Windows Update icon and it connected to

>>>> Microsoft. I put in the Url you listed and got to the Protection

>>>> Scan. It found nothing but was run in Safe Mode. I rebooted in

>>>> normal mode and still no icons open programs.

>>>>

>>>> I ran HiJack This and it found some entries in

>>>> C:\Windows\system32\drivers\etc\ that were removed. After

>>>> that Spybot did not find anything. Spybot no longer says there

>>>> were things it could not fix because it could not write to

>>>> C:\Windows\system32\drivers\etc

>>>>

>>>> So, right now in normal mode, no icons open programs. In Safe

>>>> Mode with Networking, signed in as a normal user no icons work.

>>>> But in Safe Mode with Networking signed in as Administrator,

>>>> all the icons open the programs as they should except IE and OE.

>>>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run

>>>> but find nothing IF ran in Safe Mode as Administrator..

>>>>

>>>>

>>>>

>>>> PA Bear [MS MVP] wrote:

>>>>>

>>>>> Have you completed Steps #1, #2, and #3? [yes/no]

>>>>>

>>>>> Dennis wrote:

>>>>>> This is the current situation. No programs find any viruses now.

>>>>>> But in regular mode no desk top icons work. McAfee updated but

>>>>>> won't run if you click the icon. It pops a window asking what

>>>>>> program you want to use to run it as does everything else.

>>>>>> The start menu works but if you click any programs they do not

>>>>>> run. But in safe mode, all the desk top icons work if I use

>>>>>> the "Administrator" user but not if I use the regular user name

>>>>>> to log in. Using her normal user name to log in, the desk top

>>>>>> icons don't work in regular mode or safe mode.

>>>>>>

>>>>>> PA Bear [MS MVP] wrote:

>>>>>>> [TYPO CORRECTED]

>>>>>>>

>>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>>> ...I'll

>>>>>>>>> try downloading these two programs and installing them via the

>>>>>>>>> USB memory stick.

>>>>>>>>

>>>>>>>> Don't! Use a CD or DVD to transfer the files to the infected

>>>>>>>> machine.

>>>>>>>>

>>>>>>>> 1. Unless it's a brand-new, never-been-used flash drive, it

>>>>>>>> [COULD] be

>>>>>>>> infected and/or the source of your infection!

>>>>>>>>

>>>>>>>> 2. Inserting the flash drive into the infected computer may end up

>>>>>>>> infecting

>>>>>>>> the flash drive (which could then transfer the infection to another

>>>>>>>> computer).

>>>>>>>>

>>>>>>>>

>>>>>>>> Dennis wrote:

>>>>>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran

>>>>>>>>> regularly. McAffee is installed and set for automatic updates.

>>>>>>>>> Windows is set for automatic updates and SP3 is installed. I'll

>>>>>>>>> try downloading these two programs and installing them via the

>>>>>>>>> USB memory stick. So far that works yet.

>>>>>>>>>

>>>>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>>>> NB: If you had no anti-virus application installed or the

>>>>>>>>>> subscription

>>>>>>>>>> had expired *when the machine first got infected* and/or your

>>>>>>>>>> subscription has since expired and/or the machine's not been kept

>>>>>>>>>> fully-patched at Windows Update, don't waste your time with

>>>>>>>>>> any of

>>>>>>>>>> the

>>>>>>>>>> below: Format & reinstall Windows. A Repair Install will NOT

>>>>>>>>>> help!

>>>>>>>>>>

>>>>>>>>>> Microsoft PCSafety provides home users (only) with no-charge

>>>>>>>>>> support

>>>>>>>>>> in

>>>>>>>>>> dealing with malware infections such as viruses, spyware

>>>>>>>>>> (including

>>>>>>>>>> unwanted software), and adware.

>>>>>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

>>>>>>>>>>

>>>>>>>>>> Also available via the Consumer Security Support home page:

>>>>>>>>>> https://consumersecuritysupport.microsoft.com/

>>>>>>>>>>

>>>>>>>>>> Otherwise...

>>>>>>>>>>

>>>>>>>>>> 1. See if you can download/run the MSRT manually:

>>>>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx

>>>>>>>>>>

>>>>>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to

>>>>>>>>>> download

>>>>>>>>>> the

>>>>>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the

>>>>>>>>>> infected

>>>>>>>>>> machine and rename it to SCAN.EXE before running it.

>>>>>>>>>>

>>>>>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection'

>>>>>>>>>> scan

>>>>>>>>>> (only!) in Safe Mode with Networking, if need be:

>>>>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm

>>>>>>>>>>

>>>>>>>>>> 2b. Vista or Win7=> Run this scan instead:

>>>>>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm

>>>>>>>>>>

>>>>>>>>>> 3. Now run a thorough check for hijackware, including posting

>>>>>>>>>> requested

>>>>>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

>>>>>>>>>>

>>>>>>>>>> Checking for/Help with Hijackware:

>>>>>>>>>> . http://mvps.org/winhelp2002/unwanted.htm

>>>>>>>>>> . http://inetexplorer.mvps.org/tshoot.html

>>>>>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm

>>>>>>>>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>>>>>>>>>

>>>>>>>>>> **Chances are you will need to seek expert assistance in

>>>>>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>>>>>>>>>

>>>>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>>>>>>>>> http://www.dslreports.com/forum/cleanup,

>>>>>>>>>> http://www.bluetack.co.uk/forums/index.php,

>>>>>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate

>>>>>>>>>> forums.**

>>>>>>>>>>

>>>>>>>>>> If these procedures look too complex - and there is no shame in

>>>>>>>>>> admitting this isn't your cup of tea - take the machine to a

>>>>>>>>>> local,

>>>>>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek

>>>>>>>>>> Squad)

>>>>>>>>>> computer repair shop.

>

 

[PA Bear [MS MVP]]

Meanwhile, your data (e.g., online banking usernames and passwords) may have

been compromised and your computer may still be functioning as a malware-bot

for the Bad Guys. Guess time will tell about all that, too, eh?



Dennis wrote:

> I guess time will tell.

>

> PA Bear [MS MVP] wrote:

>> If you needed that fix, I wonder what else might still be wrong?...

>>

>> Dennis wrote:

>>> The EXE File Association Fix from this site fixed the problem

>>> of the icons not working. Everything is functioning now and

>>> no viruses detected.

>>>

>>> http://www.dougknox.com/xp/file_assoc.htm

>>>

>>> PA Bear [MS MVP] wrote:

>>>> Repost:

>>>>

>>>> **Chances are you will need to seek expert assistance in

>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>>> http://www.dslreports.com/forum/cleanup,

>>>> http://www.bluetack.co.uk/forums/index.php,

>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>>>>

>>>>

>>>> Dennis wrote:

>>>>> Yes.

>>>>>

>>>>> I ran MSRT and it found nothing.

>>>>>

>>>>> I can't install Widows Live in Safe Mode and in regular mode

>>>>> clicking the icon pops up the "Which program do you want to

>>>>> use to open this" window. So I can't install it either way.

>>>>> So, I finally tried Windows Update icon and it connected to

>>>>> Microsoft. I put in the Url you listed and got to the Protection

>>>>> Scan. It found nothing but was run in Safe Mode. I rebooted in

>>>>> normal mode and still no icons open programs.

>>>>>

>>>>> I ran HiJack This and it found some entries in

>>>>> C:\Windows\system32\drivers\etc\ that were removed. After

>>>>> that Spybot did not find anything. Spybot no longer says there

>>>>> were things it could not fix because it could not write to

>>>>> C:\Windows\system32\drivers\etc

>>>>>

>>>>> So, right now in normal mode, no icons open programs. In Safe

>>>>> Mode with Networking, signed in as a normal user no icons work.

>>>>> But in Safe Mode with Networking signed in as Administrator,

>>>>> all the icons open the programs as they should except IE and OE.

>>>>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run

>>>>> but find nothing IF ran in Safe Mode as Administrator..

>>>>>

>>>>>

>>>>>

>>>>> PA Bear [MS MVP] wrote:

>>>>>>

>>>>>> Have you completed Steps #1, #2, and #3? [yes/no]

>>>>>>

>>>>>> Dennis wrote:

>>>>>>> This is the current situation. No programs find any viruses now.

>>>>>>> But in regular mode no desk top icons work. McAfee updated but

>>>>>>> won't run if you click the icon. It pops a window asking what

>>>>>>> program you want to use to run it as does everything else.

>>>>>>> The start menu works but if you click any programs they do not

>>>>>>> run. But in safe mode, all the desk top icons work if I use

>>>>>>> the "Administrator" user but not if I use the regular user name

>>>>>>> to log in. Using her normal user name to log in, the desk top

>>>>>>> icons don't work in regular mode or safe mode.

>>>>>>>

>>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>> [TYPO CORRECTED]

>>>>>>>>

>>>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>>>> ...I'll

>>>>>>>>>> try downloading these two programs and installing them via the

>>>>>>>>>> USB memory stick.

>>>>>>>>>

>>>>>>>>> Don't! Use a CD or DVD to transfer the files to the infected

>>>>>>>>> machine.

>>>>>>>>>

>>>>>>>>> 1. Unless it's a brand-new, never-been-used flash drive, it

>>>>>>>>> [COULD] be

>>>>>>>>> infected and/or the source of your infection!

>>>>>>>>>

>>>>>>>>> 2. Inserting the flash drive into the infected computer may end up

>>>>>>>>> infecting

>>>>>>>>> the flash drive (which could then transfer the infection to

>>>>>>>>> another

>>>>>>>>> computer).

>>>>>>>>>

>>>>>>>>>

>>>>>>>>> Dennis wrote:

>>>>>>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran

>>>>>>>>>> regularly. McAffee is installed and set for automatic updates.

>>>>>>>>>> Windows is set for automatic updates and SP3 is installed. I'll

>>>>>>>>>> try downloading these two programs and installing them via the

>>>>>>>>>> USB memory stick. So far that works yet.

>>>>>>>>>>

>>>>>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>>>>> NB: If you had no anti-virus application installed or the

>>>>>>>>>>> subscription

>>>>>>>>>>> had expired *when the machine first got infected* and/or your

>>>>>>>>>>> subscription has since expired and/or the machine's not been

>>>>>>>>>>> kept

>>>>>>>>>>> fully-patched at Windows Update, don't waste your time with

>>>>>>>>>>> any of

>>>>>>>>>>> the

>>>>>>>>>>> below: Format & reinstall Windows. A Repair Install will NOT

>>>>>>>>>>> help!

>>>>>>>>>>>

>>>>>>>>>>> Microsoft PCSafety provides home users (only) with no-charge

>>>>>>>>>>> support

>>>>>>>>>>> in

>>>>>>>>>>> dealing with malware infections such as viruses, spyware

>>>>>>>>>>> (including

>>>>>>>>>>> unwanted software), and adware.

>>>>>>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

>>>>>>>>>>>

>>>>>>>>>>> Also available via the Consumer Security Support home page:

>>>>>>>>>>> https://consumersecuritysupport.microsoft.com/

>>>>>>>>>>>

>>>>>>>>>>> Otherwise...

>>>>>>>>>>>

>>>>>>>>>>> 1. See if you can download/run the MSRT manually:

>>>>>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx

>>>>>>>>>>>

>>>>>>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to

>>>>>>>>>>> download

>>>>>>>>>>> the

>>>>>>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the

>>>>>>>>>>> infected

>>>>>>>>>>> machine and rename it to SCAN.EXE before running it.

>>>>>>>>>>>

>>>>>>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection'

>>>>>>>>>>> scan

>>>>>>>>>>> (only!) in Safe Mode with Networking, if need be:

>>>>>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm

>>>>>>>>>>>

>>>>>>>>>>> 2b. Vista or Win7=> Run this scan instead:

>>>>>>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm

>>>>>>>>>>>

>>>>>>>>>>> 3. Now run a thorough check for hijackware, including posting

>>>>>>>>>>> requested

>>>>>>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

>>>>>>>>>>>

>>>>>>>>>>> Checking for/Help with Hijackware:

>>>>>>>>>>> . http://mvps.org/winhelp2002/unwanted.htm

>>>>>>>>>>> . http://inetexplorer.mvps.org/tshoot.html

>>>>>>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm

>>>>>>>>>>> .

>>>>>>>>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>>>>>>>>>>

>>>>>>>>>>> **Chances are you will need to seek expert assistance in

>>>>>>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>>>>>>>>>>

>>>>>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>>>>>>>>>> http://www.dslreports.com/forum/cleanup,

>>>>>>>>>>> http://www.bluetack.co.uk/forums/index.php,

>>>>>>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate

>>>>>>>>>>> forums.**

>>>>>>>>>>>

>>>>>>>>>>> If these procedures look too complex - and there is no shame in

>>>>>>>>>>> admitting this isn't your cup of tea - take the machine to a

>>>>>>>>>>> local,

>>>>>>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek

>>>>>>>>>>> Squad)

>>>>>>>>>>> computer repair shop.

 

[Dennis]

EVERY anti-malware and anti-virus program says the computer is

clean. Stinger, McAfee, Malwarebytes, SuperAntiSpyware, and an

on line scan says it is clean. If they can't find it then every

computer will be infected eventually because it isn't detectable

by current means available. So at that point your info is no safer

than hers on that computer.





PA Bear [MS MVP] wrote:

> Meanwhile, your data (e.g., online banking usernames and passwords) may

> have been compromised and your computer may still be functioning as a

> malware-bot for the Bad Guys. Guess time will tell about all that, too,

> eh?

>

> Dennis wrote:

>> I guess time will tell.

>>

>> PA Bear [MS MVP] wrote:

>>> If you needed that fix, I wonder what else might still be wrong?...

>>>

>>> Dennis wrote:

>>>> The EXE File Association Fix from this site fixed the problem

>>>> of the icons not working. Everything is functioning now and

>>>> no viruses detected.

>>>>

>>>> http://www.dougknox.com/xp/file_assoc.htm

>>>>

>>>> PA Bear [MS MVP] wrote:

>>>>> Repost:

>>>>>

>>>>> **Chances are you will need to seek expert assistance in

>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>>>> http://www.dslreports.com/forum/cleanup,

>>>>> http://www.bluetack.co.uk/forums/index.php,

>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>>>>>

>>>>>

>>>>> Dennis wrote:

>>>>>> Yes.

>>>>>>

>>>>>> I ran MSRT and it found nothing.

>>>>>>

>>>>>> I can't install Widows Live in Safe Mode and in regular mode

>>>>>> clicking the icon pops up the "Which program do you want to

>>>>>> use to open this" window. So I can't install it either way.

>>>>>> So, I finally tried Windows Update icon and it connected to

>>>>>> Microsoft. I put in the Url you listed and got to the Protection

>>>>>> Scan. It found nothing but was run in Safe Mode. I rebooted in

>>>>>> normal mode and still no icons open programs.

>>>>>>

>>>>>> I ran HiJack This and it found some entries in

>>>>>> C:\Windows\system32\drivers\etc\ that were removed. After

>>>>>> that Spybot did not find anything. Spybot no longer says there

>>>>>> were things it could not fix because it could not write to

>>>>>> C:\Windows\system32\drivers\etc

>>>>>>

>>>>>> So, right now in normal mode, no icons open programs. In Safe

>>>>>> Mode with Networking, signed in as a normal user no icons work.

>>>>>> But in Safe Mode with Networking signed in as Administrator,

>>>>>> all the icons open the programs as they should except IE and OE.

>>>>>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run

>>>>>> but find nothing IF ran in Safe Mode as Administrator..

>>>>>>

>>>>>>

>>>>>>

>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>

>>>>>>> Have you completed Steps #1, #2, and #3? [yes/no]

>>>>>>>

>>>>>>> Dennis wrote:

>>>>>>>> This is the current situation. No programs find any viruses now.

>>>>>>>> But in regular mode no desk top icons work. McAfee updated but

>>>>>>>> won't run if you click the icon. It pops a window asking what

>>>>>>>> program you want to use to run it as does everything else.

>>>>>>>> The start menu works but if you click any programs they do not

>>>>>>>> run. But in safe mode, all the desk top icons work if I use

>>>>>>>> the "Administrator" user but not if I use the regular user name

>>>>>>>> to log in. Using her normal user name to log in, the desk top

>>>>>>>> icons don't work in regular mode or safe mode.

>>>>>>>>

>>>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>>> [TYPO CORRECTED]

>>>>>>>>>

>>>>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>>>>> ...I'll

>>>>>>>>>>> try downloading these two programs and installing them via the

>>>>>>>>>>> USB memory stick.

>>>>>>>>>>

>>>>>>>>>> Don't! Use a CD or DVD to transfer the files to the infected

>>>>>>>>>> machine.

>>>>>>>>>>

>>>>>>>>>> 1. Unless it's a brand-new, never-been-used flash drive, it

>>>>>>>>>> [COULD] be

>>>>>>>>>> infected and/or the source of your infection!

>>>>>>>>>>

>>>>>>>>>> 2. Inserting the flash drive into the infected computer may

>>>>>>>>>> end up

>>>>>>>>>> infecting

>>>>>>>>>> the flash drive (which could then transfer the infection to

>>>>>>>>>> another

>>>>>>>>>> computer).

>>>>>>>>>>

>>>>>>>>>>

>>>>>>>>>> Dennis wrote:

>>>>>>>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran

>>>>>>>>>>> regularly. McAffee is installed and set for automatic updates.

>>>>>>>>>>> Windows is set for automatic updates and SP3 is installed. I'll

>>>>>>>>>>> try downloading these two programs and installing them via the

>>>>>>>>>>> USB memory stick. So far that works yet.

>>>>>>>>>>>

>>>>>>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>>>>>> NB: If you had no anti-virus application installed or the

>>>>>>>>>>>> subscription

>>>>>>>>>>>> had expired *when the machine first got infected* and/or your

>>>>>>>>>>>> subscription has since expired and/or the machine's not been

>>>>>>>>>>>> kept

>>>>>>>>>>>> fully-patched at Windows Update, don't waste your time with

>>>>>>>>>>>> any of

>>>>>>>>>>>> the

>>>>>>>>>>>> below: Format & reinstall Windows. A Repair Install will NOT

>>>>>>>>>>>> help!

>>>>>>>>>>>>

>>>>>>>>>>>> Microsoft PCSafety provides home users (only) with no-charge

>>>>>>>>>>>> support

>>>>>>>>>>>> in

>>>>>>>>>>>> dealing with malware infections such as viruses, spyware

>>>>>>>>>>>> (including

>>>>>>>>>>>> unwanted software), and adware.

>>>>>>>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

>>>>>>>>>>>>

>>>>>>>>>>>> Also available via the Consumer Security Support home page:

>>>>>>>>>>>> https://consumersecuritysupport.microsoft.com/

>>>>>>>>>>>>

>>>>>>>>>>>> Otherwise...

>>>>>>>>>>>>

>>>>>>>>>>>> 1. See if you can download/run the MSRT manually:

>>>>>>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx

>>>>>>>>>>>>

>>>>>>>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to

>>>>>>>>>>>> download

>>>>>>>>>>>> the

>>>>>>>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the

>>>>>>>>>>>> infected

>>>>>>>>>>>> machine and rename it to SCAN.EXE before running it.

>>>>>>>>>>>>

>>>>>>>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection'

>>>>>>>>>>>> scan

>>>>>>>>>>>> (only!) in Safe Mode with Networking, if need be:

>>>>>>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm

>>>>>>>>>>>>

>>>>>>>>>>>> 2b. Vista or Win7=> Run this scan instead:

>>>>>>>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm

>>>>>>>>>>>>

>>>>>>>>>>>> 3. Now run a thorough check for hijackware, including posting

>>>>>>>>>>>> requested

>>>>>>>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

>>>>>>>>>>>>

>>>>>>>>>>>> Checking for/Help with Hijackware:

>>>>>>>>>>>> . http://mvps.org/winhelp2002/unwanted.htm

>>>>>>>>>>>> . http://inetexplorer.mvps.org/tshoot.html

>>>>>>>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm

>>>>>>>>>>>> .

>>>>>>>>>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>>>>>>>>>>>

>>>>>>>>>>>> **Chances are you will need to seek expert assistance in

>>>>>>>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>>>>>>>>>>>

>>>>>>>>>>>>

>>>>>>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>>>>>>>>>>> http://www.dslreports.com/forum/cleanup,

>>>>>>>>>>>> http://www.bluetack.co.uk/forums/index.php,

>>>>>>>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate

>>>>>>>>>>>> forums.**

>>>>>>>>>>>>

>>>>>>>>>>>> If these procedures look too complex - and there is no shame in

>>>>>>>>>>>> admitting this isn't your cup of tea - take the machine to a

>>>>>>>>>>>> local,

>>>>>>>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek

>>>>>>>>>>>> Squad)

>>>>>>>>>>>> computer repair shop.

>

 

[Jose]

On Mar 4, 5:38 pm, Dennis wrote:

> I tried it and it seems to have fix the problem. Everything seems

> to be functioning and no viruses are found...

>

>

>

> > Go to the following link, read the directions at the top of the page

> > and apply the EXE File Association Fix:

>

> >http://www.dougknox.com/xp/file_assoc.htm



That's good.



The scanning programs sometimes remove the infections and there is no

way for them to detect/fix other annoyances that may have been

inflicted upon your system. Nothing too hard to fix, but annoying.



A special guffaw to MSRT.

 

[PA Bear [MS MVP]]

Backdoor.Tidserv [AKA Win32/Alureon] and MS10-015



Backdoor.Tidserv does a very good job in that sense, especially with the

latest version (TDL3), which uses an advanced rootkit technology to hide its

presence on a system by infecting one of the low-level kernel drivers and

then

covering its tracks. *While the rootkit is active there is no easy way to

detect the infection*, [emphasis mine] and because it goes so deep into the

kernel, most

users cannot see anything wrong in the system...Even worse, because the

infected

driver is critical for system boot-up, Windows will not boot in Safe Mode

either [after having installed MS10-015 on an infected machine].



http://www.symantec.com/connect/blogs/tidserv-and-ms10-015



Tdss rootkit silently owns the net



Tdss rootkit 3rd variant is the last member of Tdss rootkit family that is

quickly spreading around the world. While a number of rootkits are just

developed as a proof of concept, this is not the case. Tdss rootkit is well

known to antivirus companies because of its goal to get total control of the

infected PCs and using them as zombies for its botnet.



During these years it has always shown a team of skilled people behind it,

who

always applied advanced techniques often able to bypass antirootkit

softwares.

Actually, this last variant could be easily named as the stealthiest rootkit

in the wild.



This infection is bringing all together the best of MBR rootkit, the best of

Rustock.C and the experience of old Tdss variants. *Result is an infection

that

is quickly spreading on the net and it is undetected by almost every

security

software and 3rd party anti rootkit software*. [emphasis mine]



....currently no antirootkit is able to bypass disk filtering

technique used by Tdss rootkit but, even if it was possible, this rootkit

could not be detected by file size cross check because file size of the

original and infected files are exactly the same.



http://www.prevx.com/blog/139/Tdss-rootkit-silently-owns-the-net.html





Dennis wrote:

> EVERY anti-malware and anti-virus program says the computer is

> clean. Stinger, McAfee, Malwarebytes, SuperAntiSpyware, and an

> on line scan says it is clean. If they can't find it then every

> computer will be infected eventually because it isn't detectable

> by current means available. So at that point your info is no safer

> than hers on that computer.

>

>

> PA Bear [MS MVP] wrote:

>> Meanwhile, your data (e.g., online banking usernames and passwords) may

>> have been compromised and your computer may still be functioning as a

>> malware-bot for the Bad Guys. Guess time will tell about all that, too,

>> eh?

>>

>> Dennis wrote:

>>> I guess time will tell.

>>>

>>> PA Bear [MS MVP] wrote:

>>>> If you needed that fix, I wonder what else might still be wrong?...

>>>>

>>>> Dennis wrote:

>>>>> The EXE File Association Fix from this site fixed the problem

>>>>> of the icons not working. Everything is functioning now and

>>>>> no viruses detected.

>>>>>

>>>>> http://www.dougknox.com/xp/file_assoc.htm

>>>>>

>>>>> PA Bear [MS MVP] wrote:

>>>>>> Repost:

>>>>>>

>>>>>> **Chances are you will need to seek expert assistance in

>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>>>>> http://www.dslreports.com/forum/cleanup,

>>>>>> http://www.bluetack.co.uk/forums/index.php,

>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>>>>>>

>>>>>>

>>>>>> Dennis wrote:

>>>>>>> Yes.

>>>>>>>

>>>>>>> I ran MSRT and it found nothing.

>>>>>>>

>>>>>>> I can't install Widows Live in Safe Mode and in regular mode

>>>>>>> clicking the icon pops up the "Which program do you want to

>>>>>>> use to open this" window. So I can't install it either way.

>>>>>>> So, I finally tried Windows Update icon and it connected to

>>>>>>> Microsoft. I put in the Url you listed and got to the Protection

>>>>>>> Scan. It found nothing but was run in Safe Mode. I rebooted in

>>>>>>> normal mode and still no icons open programs.

>>>>>>>

>>>>>>> I ran HiJack This and it found some entries in

>>>>>>> C:\Windows\system32\drivers\etc\ that were removed. After

>>>>>>> that Spybot did not find anything. Spybot no longer says there

>>>>>>> were things it could not fix because it could not write to

>>>>>>> C:\Windows\system32\drivers\etc

>>>>>>>

>>>>>>> So, right now in normal mode, no icons open programs. In Safe

>>>>>>> Mode with Networking, signed in as a normal user no icons work.

>>>>>>> But in Safe Mode with Networking signed in as Administrator,

>>>>>>> all the icons open the programs as they should except IE and OE.

>>>>>>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run

>>>>>>> but find nothing IF ran in Safe Mode as Administrator..

>>>>>>>

>>>>>>>

>>>>>>>

>>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>>

>>>>>>>> Have you completed Steps #1, #2, and #3? [yes/no]

>>>>>>>>

>>>>>>>> Dennis wrote:

>>>>>>>>> This is the current situation. No programs find any viruses now.

>>>>>>>>> But in regular mode no desk top icons work. McAfee updated but

>>>>>>>>> won't run if you click the icon. It pops a window asking what

>>>>>>>>> program you want to use to run it as does everything else.

>>>>>>>>> The start menu works but if you click any programs they do not

>>>>>>>>> run. But in safe mode, all the desk top icons work if I use

>>>>>>>>> the "Administrator" user but not if I use the regular user name

>>>>>>>>> to log in. Using her normal user name to log in, the desk top

>>>>>>>>> icons don't work in regular mode or safe mode.

>>>>>>>>>

>>>>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>>>> [TYPO CORRECTED]

>>>>>>>>>>

>>>>>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>>>>>> ...I'll

>>>>>>>>>>>> try downloading these two programs and installing them via the

>>>>>>>>>>>> USB memory stick.

>>>>>>>>>>>

>>>>>>>>>>> Don't! Use a CD or DVD to transfer the files to the infected

>>>>>>>>>>> machine.

>>>>>>>>>>>

>>>>>>>>>>> 1. Unless it's a brand-new, never-been-used flash drive, it

>>>>>>>>>>> [COULD] be

>>>>>>>>>>> infected and/or the source of your infection!

>>>>>>>>>>>

>>>>>>>>>>> 2. Inserting the flash drive into the infected computer may

>>>>>>>>>>> end up

>>>>>>>>>>> infecting

>>>>>>>>>>> the flash drive (which could then transfer the infection to

>>>>>>>>>>> another

>>>>>>>>>>> computer).

>>>>>>>>>>>

>>>>>>>>>>>

>>>>>>>>>>> Dennis wrote:

>>>>>>>>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran

>>>>>>>>>>>> regularly. McAffee is installed and set for automatic updates.

>>>>>>>>>>>> Windows is set for automatic updates and SP3 is installed. I'll

>>>>>>>>>>>> try downloading these two programs and installing them via the

>>>>>>>>>>>> USB memory stick. So far that works yet.

>>>>>>>>>>>>

>>>>>>>>>>>> PA Bear [MS MVP] wrote:

>>>>>>>>>>>>> NB: If you had no anti-virus application installed or the

>>>>>>>>>>>>> subscription

>>>>>>>>>>>>> had expired *when the machine first got infected* and/or your

>>>>>>>>>>>>> subscription has since expired and/or the machine's not been

>>>>>>>>>>>>> kept

>>>>>>>>>>>>> fully-patched at Windows Update, don't waste your time with

>>>>>>>>>>>>> any of

>>>>>>>>>>>>> the

>>>>>>>>>>>>> below: Format & reinstall Windows. A Repair Install will NOT

>>>>>>>>>>>>> help!

>>>>>>>>>>>>>

>>>>>>>>>>>>> Microsoft PCSafety provides home users (only) with no-charge

>>>>>>>>>>>>> support

>>>>>>>>>>>>> in

>>>>>>>>>>>>> dealing with malware infections such as viruses, spyware

>>>>>>>>>>>>> (including

>>>>>>>>>>>>> unwanted software), and adware.

>>>>>>>>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

>>>>>>>>>>>>>

>>>>>>>>>>>>> Also available via the Consumer Security Support home page:

>>>>>>>>>>>>> https://consumersecuritysupport.microsoft.com/

>>>>>>>>>>>>>

>>>>>>>>>>>>> Otherwise...

>>>>>>>>>>>>>

>>>>>>>>>>>>> 1. See if you can download/run the MSRT manually:

>>>>>>>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx

>>>>>>>>>>>>>

>>>>>>>>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to

>>>>>>>>>>>>> download

>>>>>>>>>>>>> the

>>>>>>>>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the

>>>>>>>>>>>>> infected

>>>>>>>>>>>>> machine and rename it to SCAN.EXE before running it.

>>>>>>>>>>>>>

>>>>>>>>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection'

>>>>>>>>>>>>> scan

>>>>>>>>>>>>> (only!) in Safe Mode with Networking, if need be:

>>>>>>>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm

>>>>>>>>>>>>>

>>>>>>>>>>>>> 2b. Vista or Win7=> Run this scan instead:

>>>>>>>>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm

>>>>>>>>>>>>>

>>>>>>>>>>>>> 3. Now run a thorough check for hijackware, including posting

>>>>>>>>>>>>> requested

>>>>>>>>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS

>>>>>>>>>>>>> STEP!!

>>>>>>>>>>>>>

>>>>>>>>>>>>> Checking for/Help with Hijackware:

>>>>>>>>>>>>> . http://mvps.org/winhelp2002/unwanted.htm

>>>>>>>>>>>>> . http://inetexplorer.mvps.org/tshoot.html

>>>>>>>>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm

>>>>>>>>>>>>> .

>>>>>>>>>>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware

>>>>>>>>>>>>>

>>>>>>>>>>>>> **Chances are you will need to seek expert assistance in

>>>>>>>>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

>>>>>>>>>>>>>

>>>>>>>>>>>>>

>>>>>>>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,

>>>>>>>>>>>>> http://www.dslreports.com/forum/cleanup,

>>>>>>>>>>>>> http://www.bluetack.co.uk/forums/index.php,

>>>>>>>>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate

>>>>>>>>>>>>> forums.**

>>>>>>>>>>>>>

>>>>>>>>>>>>> If these procedures look too complex - and there is no shame

>>>>>>>>>>>>> in

>>>>>>>>>>>>> admitting this isn't your cup of tea - take the machine to a

>>>>>>>>>>>>> local,

>>>>>>>>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek

>>>>>>>>>>>>> Squad)

>>>>>>>>>>>>> computer repair shop.