Jump to content

Bad software problems after Trojan Removal

Gerry

By Gerry
in General Windows PC Help

 Share

Recommended Posts

Gerry

Gerry

Posted
Posted

Hi guys,

I received a really bad trojan today and have been working all day to sort out its aftermath on my computer.

First I should say that I'm running XP Professional with Service Pack 3 on a partitioned computer. That is my computer is set up to have two different users on it at one time. That is the system boots up and asks to select a user, ie; user1 or user2

When logged on as user1, I received the trojan virus XP Defender and even though Norton antivirus flagged it, it didn't remove it, it still installed.

So I decided to run Malwarebytes which was already installed on the computer. When I tried to run Malwarebytes, it would not open. I have heard of this happening but instead of renaming mbam.exe to a different extension and try to run it, I decided to log on as User2 because it is installed at the same time on that side as well. XP Defender was not running on the User2 side. With Malwarebytes I was able to successfully remove the trojan and Malwarebytes recommended a reboot of which I did.

Now when I log on as user1 (the user that got the infection) none of my programs work! WEll, that's not entirely true some work but act strange. For instance

1). Clicking on the Safari browser icon on the desktop returns an error of "application not found"

2). Clicking on the Firefox browser icon on the desktop returns the List of programs pop up and asks me to choose which program I would like to open this file with and firefox is not in the list. The same happens with other programs like Photoshop, Dreamweaver, Flash etc.

3). Clicking on a Microsoft Office program from the start menu (like Access, Word, Powerpoint etc) returns the error "Application not found"

4). However, if I have a microsoft word, or access or powerpoint document on the desktop, I can open it just fine.

5). clicking on the Malwarebytes Icon on the desktop also asks me to choose an associated program and malwarebytes isn't in the list.

6). This is the really weird part, when I open notepad, it asks me again to choose a program to open this file. When I choose notepad from the list of programs, instead of getting a blank document, I get a document filled with tons of strange characters but some of the words I can make out.

However, If I relog on as User2 (the user on the same computer that didn't have XP Defender and where I ran Malwarebytes from) has no problem opening these same programs.

Guys, I really need help with this. I'm suspecting that maybe some shared .dlls may have accidentally been deleted?

Any idea of the steps I need to take to try to fix this problem?

Thanks so much

Gerry

Link to post
Share on other sites
Gerry

Gerry

Posted
  • Author
Posted
Looks like that something has erased the program paths from between desktop icons and actual program files.

Have you tried to defragment your hard drive?

Hi Thanks for the quick reply,

Actually, no. I ran a few more tests, I tried to run ChkDsk from the command line by typing Start -->run -->cmd but even that doesn't work it asks me to please choose a program to run cmd.exe. So I logged off as user1 and logged on as user2 and did chkdsk but it says there are errors on the disk so it stopped.

Any other suggestions?

Thanks

Gerry

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted

@ Gerry -

Please cut and paste this CHK DSK code into Start > Runbox , click OK - This will re-boot your computer and then run a full 5 stage check - Takes about 30 mins -

Make sure all other programs are closed - This will fix most errors as it runs - It is very safe to run -

CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30

Thank You - :)

Link to post
Share on other sites
Gerry

Gerry

Posted
  • Author
Posted

@noknojon

Sorry for the late reply, I was up til 3:00 am this morning trying to sort out this problem. Ok, since I could not run cmd.exe from the user1 side, I ran your code on the user2 side of my computer. It took several hours then I got a message saying that the volume is now clean and I sat here at the computer while the CHKDSK ran and saw no indications of errors.

When the system rebooted I logged on as user1 and I still get the same problems. Example

1). Going from the start menu -->All Programs -->Microsoft Office -->Microsoft Word ....returns "application not found.

2). Going from the start menu -->All Programs-->Adobe Master Collection -->Adobe Dreamweaver....returns "Choose a program from the list to run this file

Couple of other problems

1). Some of the icons in my system tray are missing (This was even before running CHKDSK) icons like my "printer ready icon" "drag to disc icon" among others.

2). Trying to access programs from the explorer menu still returns the "Choose a program from the list to run this file"

Of course logging on as user2 does not have these problems at all.

Any other ideas?

Thanks

Gerry

Link to post
Share on other sites
Gerry

Gerry

Posted
  • Author
Posted

This is just a follow-up but I'm wondering if this is an .exe file association problem within the registry and that the registry may in fact be corrupted. I've seen some online .exe fixes but I haven't tried any of these for fear of doing more damage. I'll wait till you respond back.

Thanks

Gerry

Link to post
Share on other sites
marktreg

marktreg

Posted
Posted

You have an exe file 'hijack' (which, as you suspected, is registry related) and you probably have some other malware related problems as well. But we are not allowed to advise a user to run the tools required to fix this problem in the PC Help forum. We can only work on malware in the Malware Removal - HijackThis Logs forum, not in the PC Help forum or the other general forums.

malwarebytes.org has a team of experts who will help you fix any remaining malware problems on your system.

If you would like a malware removal expert to give you personal assistance, please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic in the Malware Removal - HijackThis Logs forum here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites
Gerry

Gerry

Posted
  • Author
Posted

Hi Marktreg

Thanks for writing back.

The reason why I posted here is the problems that I am having is the result of the aftermath of malware removal using Malwarebytes and that during the removal process, some things got screwed up. (please see above) Since there is no longer any sign of malware on my computer I posted my information here in the pc help forum. Was that not correct?

Let me know if you feel I should still go there.

Thanks

Gerry

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.