Jump to content

Recommended Posts

Hi,

I'm working on a friends laptop running Win XP SP2. The user inadvertently opened the attachment (an html formatted doc) from one of those emails purporting to be a "delivery failure notice". As soon as the fake antivirus antivirus popped up with all the supposed error messages of viruses, hard drive errors, etc... which was pretty immediate she realized what had happened and shut the computer down. I brought the computer up into safe mode and had to use the admin account to install Malwarebytes and the latest virus definitions then I did a full scan. Malwarebytes appeared to successfully remove the virus and associated registry problems.

I booted into the default users account and there were no desktop icons and going into the start menu all but some of Windows most basic shortcuts have been removed. The default user also has no administrative capabilities despite being a system admin on the computer, no task manager, can't adjust screen settings or screen saver or add a background to the desktop. I checked and the programs still exist on this computer and most work on this user account.

I created another user account with the system admin rights and am able to use task manager, adjust screen settings/features. But all the start menu shortcuts are also missing here as well. I tried using the windows system restore/roll back feature to go back to an earlier time prior to the infection but it appears all the restore points are corrupt, I tried five different ones. I also tried some utilities on the ubcd4win cd that I have had great success in the past for recovering systems and these utils didn't recognize any good restore points.

Now for my question, does it appear that I will have to use the factory restore or does someone know of another route I can use to restore the system to a more current time?

I ran MalwareBytes a second time and it reported no problems or infections.

Thanks

Joey

Link to post
Share on other sites

Hello, MorrisNTex:

Sorry to hear that your friend's computer is infected.

We cannot work on malware detection/removal in this part of the General MBAM forum.

So, please read the following to get started on the cleaning process:

IMPORTANT NOTE: Please do NOT use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

FOR SELF-HELP INFO:

  • Excellent, self-help troubleshooting info for getting MBAM to run on an infected machine can be found here - this includes a tutorial on the use of unhide.exe to restore hidden files and programs.
  • And there are specific, self-help malware removal instructions here.

FOR EXPERT ASSISTANCE with cleaning your system, there are 3 support options:

  • Option 1 -- Free, Expert advice in the Malware Removal Forum
  • Option 2 -- Free support for paying customers using MBAM PRO -- Contact MBAM Support via email
  • Option 3 -- Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in this area of the forums, you'll need to start a topic in the Malware Removal forum so that a qualified helper can help you fix any malware-related problems/infections.

  • First, please print out, read and CAREFULLY FOLLOW the directions here, skipping any steps you are unable to complete.
  • If the infection has so crippled the computer that you cannot follow most/all of the requested steps, then please just proceed as advised below:
  • Then please post a NEW topic in the Malware Removal forum.
  • Please do NOT post in an open topic started by another member in the malware removal forum, even if the problem appears to be similar to yours.
  • When posting your new thread, under "options", make sure to select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  • One of the expert helpers there will give you free, one-on-one assistance when one becomes available.

IMPORTANT NOTE: Please do NOT make any further changes to your computer such as (Install/Uninstall programs; use special fix tools; delete files; edit the registry; OR use temp file cleaners, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

IMPORTANT NOTE: Please DO NOT post back to your topic or "bump" it within the first 48 hours.

Replying to your own posts changes the post count from zero. Helpers are looking for topics with zero replies. If you reply to your own post, helpers may think that you're already being helped and thus may overlook your post. This will only delay your obtaining assistance.


  • o If there is no reply from any experts after 48 hours, you may reply to the topic, asking for help again.
    Or
    o You may send a Private Message to a Moderator, asking for assistance.

OPTION 2

Alternatively, as a paying customer using MBAM PRO, you can contact the help desk at support@malwarebytes.org or here.

OPTION 3

If you would like to use the Malwarebytes Premium Services (Comprehensive solutions to all your computer support needs -- from installation and set-up to troubleshooting and tune-ups), please go to the Malwarebytes Premium Services support site.

Please be patient -- someone will assist you as soon as it is possible.

Thanks very much!

daledoc1

PS: Please use the zMn2t.jpg button instead of other ones when you reply here and at the other forums, so that it will be easier to read. :)

Link to post
Share on other sites

Hi,

By your post it sounds like you may think this system is still infected even though MalwareBytes reports it to be clean.

What I thought I was asking was about repairing the damage left behind from the infection. If anyone knew of some way to do that before I go and use the factory restore option.

So, do think there may still be an infection on this computer?

Thanks,

Joey

Link to post
Share on other sites

Hi, again:

I couldn't say for sure whether there are infection traces left on the machine, as I'm just a home user. So, I'm not qualified to determine that.

However, even the experts cannot work on malware-related issues or PC diagnosis/repair in this particular section of the General MBAM forum.

The safest plan would likely be to select one of the 3 malware assistance options in my previous post.

The authorized, trained experts will help you to confirm that the infections have been completely removed (lack of symptoms and even a clean MBAM scan don't necessarily mean you are clean).

Then, when your helper gives you the "all clear" from a malware standpoint, he/she either will assist you with any lingering performance issues, or he/she will refer you to the PC Help section for additional assistance, if need be.

Hope this clarifies things a bit?

Best regards,

daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.