Fraud.Windows.ProtectionSuite

Dennis · Mar 2, 2010

My daughter has this AND Microsoft.Windows.RedirectedHosts on
her computer. SpyBot finds them but can't fix them. It says
"Can not create C

Windows\system32\drivers\ETC\Hosts access
denied" I downloaded HostsXpert and get the same message from
that when I try to reset to the original Windows host files.
MalwareBytes finds nothing as does SuperAntiSpyware. The only
way I can run anything is in safe mode. No icons work in regular
mode. If I click an icon I get a window asking what program I
want to use to open it.
Any help greatly appreciated...

PA Bear [MS MVP] · Mar 2, 2010

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via the Consumer Security Support home page:
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

Checking for/Help with Hijackware:
.. http://mvps.org/winhelp2002/unwanted.htm
.. http://inetexplorer.mvps.org/tshoot.html
.. http://www.mvps.org/sramesh2k/Malware_Defence.htm
.. http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002

Dennis wrote:
> My daughter has this AND Microsoft.Windows.RedirectedHosts on
> her computer. SpyBot finds them but can't fix them. It says
> "Can not create C

Windows\system32\drivers\ETC\Hosts access
> denied" I downloaded HostsXpert and get the same message from
> that when I try to reset to the original Windows host files.
> MalwareBytes finds nothing as does SuperAntiSpyware. The only
> way I can run anything is in safe mode. No icons work in regular
> mode. If I click an icon I get a window asking what program I
> want to use to open it.
> Any help greatly appreciated...

Dennis · Mar 3, 2010

Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran
regularly. McAffee is installed and set for automatic updates.
Windows is set for automatic updates and SP3 is installed. I'll
try downloading these two programs and installing them via the
USB memory stick. So far that works yet.

PA Bear [MS MVP] wrote:
> NB: If you had no anti-virus application installed or the subscription
> had expired *when the machine first got infected* and/or your
> subscription has since expired and/or the machine's not been kept
> fully-patched at Windows Update, don't waste your time with any of the
> below: Format & reinstall Windows. A Repair Install will NOT help!
>
> Microsoft PCSafety provides home users (only) with no-charge support in
> dealing with malware infections such as viruses, spyware (including
> unwanted software), and adware.
> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>
> Also available via the Consumer Security Support home page:
> https://consumersecuritysupport.microsoft.com/
>
> Otherwise...
>
> 1. See if you can download/run the MSRT manually:
> http://www.microsoft.com/security/malwareremove/default.mspx
>
> NB: Run the FULL scan, not the QUICK scan! You may need to download the
> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
> machine and rename it to SCAN.EXE before running it.
>
> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
> (only!) in Safe Mode with Networking, if need be:
> http://onecare.live.com/site/en-us/center/howsafe.htm
>
> 2b. Vista or Win7=> Run this scan instead:
> http://onecare.live.com/site/en-us/center/whatsnew.htm
>
> 3. Now run a thorough check for hijackware, including posting requested
> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>
> Checking for/Help with Hijackware:
> . http://mvps.org/winhelp2002/unwanted.htm
> . http://inetexplorer.mvps.org/tshoot.html
> . http://www.mvps.org/sramesh2k/Malware_Defence.htm
> . http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> **Chances are you will need to seek expert assistance in
> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
> http://www.spywarewarrior.com/viewforum.php?f=5,
> http://www.dslreports.com/forum/cleanup,
> http://www.bluetack.co.uk/forums/index.php,
> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>
> If these procedures look too complex - and there is no shame in
> admitting this isn't your cup of tea - take the machine to a local,
> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)
> computer repair shop.

PA Bear [MS MVP] · Mar 3, 2010

> ...I'll
> try downloading these two programs and installing them via the
> USB memory stick.

Don't! Use a CD or DVD to transfer the files to the infected machine.

1. Unless it's a brand-new, never-been-used flash drive, it would be
infected and/or the source of your infection!

2. Inserting the flash drive into the infected computer may end up infecting
the flash drive (which could then transfer the infection to another
computer).

Dennis wrote:
> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran
> regularly. McAffee is installed and set for automatic updates.
> Windows is set for automatic updates and SP3 is installed. I'll
> try downloading these two programs and installing them via the
> USB memory stick. So far that works yet.
>
> PA Bear [MS MVP] wrote:
>> NB: If you had no anti-virus application installed or the subscription
>> had expired *when the machine first got infected* and/or your
>> subscription has since expired and/or the machine's not been kept
>> fully-patched at Windows Update, don't waste your time with any of the
>> below: Format & reinstall Windows. A Repair Install will NOT help!
>>
>> Microsoft PCSafety provides home users (only) with no-charge support in
>> dealing with malware infections such as viruses, spyware (including
>> unwanted software), and adware.
>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>>
>> Also available via the Consumer Security Support home page:
>> https://consumersecuritysupport.microsoft.com/
>>
>> Otherwise...
>>
>> 1. See if you can download/run the MSRT manually:
>> http://www.microsoft.com/security/malwareremove/default.mspx
>>
>> NB: Run the FULL scan, not the QUICK scan! You may need to download the
>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
>> machine and rename it to SCAN.EXE before running it.
>>
>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>> (only!) in Safe Mode with Networking, if need be:
>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>
>> 2b. Vista or Win7=> Run this scan instead:
>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>
>> 3. Now run a thorough check for hijackware, including posting requested
>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>>
>> Checking for/Help with Hijackware:
>> . http://mvps.org/winhelp2002/unwanted.htm
>> . http://inetexplorer.mvps.org/tshoot.html
>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>
>> **Chances are you will need to seek expert assistance in
>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>> http://www.spywarewarrior.com/viewforum.php?f=5,
>> http://www.dslreports.com/forum/cleanup,
>> http://www.bluetack.co.uk/forums/index.php,
>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>
>> If these procedures look too complex - and there is no shame in
>> admitting this isn't your cup of tea - take the machine to a local,
>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)
>> computer repair shop.

PA Bear [MS MVP] · Mar 3, 2010

[TYPO CORRECTED]

PA Bear [MS MVP] wrote:
>> ...I'll
>> try downloading these two programs and installing them via the
>> USB memory stick.
>
> Don't! Use a CD or DVD to transfer the files to the infected machine.
>
> 1. Unless it's a brand-new, never-been-used flash drive, it [COULD] be
> infected and/or the source of your infection!
>
> 2. Inserting the flash drive into the infected computer may end up
> infecting
> the flash drive (which could then transfer the infection to another
> computer).
>
>
> Dennis wrote:
>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran
>> regularly. McAffee is installed and set for automatic updates.
>> Windows is set for automatic updates and SP3 is installed. I'll
>> try downloading these two programs and installing them via the
>> USB memory stick. So far that works yet.
>>
>> PA Bear [MS MVP] wrote:
>>> NB: If you had no anti-virus application installed or the subscription
>>> had expired *when the machine first got infected* and/or your
>>> subscription has since expired and/or the machine's not been kept
>>> fully-patched at Windows Update, don't waste your time with any of the
>>> below: Format & reinstall Windows. A Repair Install will NOT help!
>>>
>>> Microsoft PCSafety provides home users (only) with no-charge support in
>>> dealing with malware infections such as viruses, spyware (including
>>> unwanted software), and adware.
>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>>>
>>> Also available via the Consumer Security Support home page:
>>> https://consumersecuritysupport.microsoft.com/
>>>
>>> Otherwise...
>>>
>>> 1. See if you can download/run the MSRT manually:
>>> http://www.microsoft.com/security/malwareremove/default.mspx
>>>
>>> NB: Run the FULL scan, not the QUICK scan! You may need to download the
>>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
>>> machine and rename it to SCAN.EXE before running it.
>>>
>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>>> (only!) in Safe Mode with Networking, if need be:
>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>
>>> 2b. Vista or Win7=> Run this scan instead:
>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>
>>> 3. Now run a thorough check for hijackware, including posting requested
>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>>>
>>> Checking for/Help with Hijackware:
>>> . http://mvps.org/winhelp2002/unwanted.htm
>>> . http://inetexplorer.mvps.org/tshoot.html
>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>
>>> **Chances are you will need to seek expert assistance in
>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>> http://www.dslreports.com/forum/cleanup,
>>> http://www.bluetack.co.uk/forums/index.php,
>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>>
>>> If these procedures look too complex - and there is no shame in
>>> admitting this isn't your cup of tea - take the machine to a local,
>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)
>>> computer repair shop.

Elmo · Mar 3, 2010

Dennis wrote:
> My daughter has this AND Microsoft.Windows.RedirectedHosts on
> her computer. SpyBot finds them but can't fix them. It says
> "Can not create C

Windows\System32\Drivers\ETC\Hosts access
> denied". I downloaded HostsXpert and get the same message from
> that when I try to reset to the original Windows hosts file.
> MalwareBytes finds nothing as does SuperAntiSpyware. The only
> way I can run anything is in Safe Mode. No icons work in regular
> mode. If I click an icon I get a window asking what program I
> want to use to open it.
> Any help greatly appreciated...

List what processes and tasks are running in Safe Mode, and maybe we can
see what shouldn't be running. But the malware has probably changed
permissions and associations. A few things you need to do to get
control back, perhaps in the order shown:

1. Restore registry permissions, possibly by this method:
http://forums.majorgeeks.com/showthread.php?t=169862
or
http://support.microsoft.com/kb/949377

2. Fix File Associations for .lnk (shortcut) and .exe files.
http://dougknox.com/xp/file_assoc.htm

3. Get rid of the malware, despite any registry or permissions settings.
I would have no problem burning, then running the following CD before
trying the other fixes, because I know this method works:

Download this Avira Antivir Rescue System program which will burn a CD
image to a blank CD. It's updated a few times per day. Insert the CD
into the damaged machine and let it do a scan of your system. Before
starting the scan, select "Configuration" and set to repair or rename
the infected files. Sometimes your machine won't restart after such a
repair process, so you might want to save needed files to another system
before using this. If you can't, then you can move the hard drive to
another machine to copy needed files. You can do that before, or after
this scan.

http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html

You can try some of the CD's mentioned at the following site.
BitDefender was my favorite, but if the infected machine can't connect
to the internet to get updates, Avira comes with current virus
definitions. Also, some of these just won't run on some systems,
perhaps because there's no drivers available for some system devices,
motherboard, graphics card, etc. So try a few of these till you find
one that works:

Burn BitDefender, or another program listed at the link below, to a CD
(using a working machine) and test the infected machine with it.
BitDefender also has a Rootkit checker on the Linux Desktop; run it if
you think that's the problem:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Download the executable rather than the .iso image, if one is available,
(though no .exe is available for BitDefender).

After the scan is run, if you elect to quarantine files, they're
quarantined to RAM and lost after you reboot. You'll need to copy any
quarantined files to the hard drive, a thumb drive or elsewhere before
exiting.

--
Joe =o)

Dennis · Mar 3, 2010

This is the current situation. No programs find any viruses now.
But in regular mode no desk top icons work. McAfee updated but
won't run if you click the icon. It pops a window asking what
program you want to use to run it as does everything else.
The start menu works but if you click any programs they do not
run. But in safe mode, all the desk top icons work if I use
the "Administrator" user but not if I use the regular user name
to log in. Using her normal user name to log in, the desk top
icons don't work in regular mode or safe mode.

PA Bear [MS MVP] wrote:
> [TYPO CORRECTED]
>
> PA Bear [MS MVP] wrote:
>>> ...I'll
>>> try downloading these two programs and installing them via the
>>> USB memory stick.
>>
>> Don't! Use a CD or DVD to transfer the files to the infected machine.
>>
>> 1. Unless it's a brand-new, never-been-used flash drive, it [COULD] be
>> infected and/or the source of your infection!
>>
>> 2. Inserting the flash drive into the infected computer may end up
>> infecting
>> the flash drive (which could then transfer the infection to another
>> computer).
>>
>>
>> Dennis wrote:
>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran
>>> regularly. McAffee is installed and set for automatic updates.
>>> Windows is set for automatic updates and SP3 is installed. I'll
>>> try downloading these two programs and installing them via the
>>> USB memory stick. So far that works yet.
>>>
>>> PA Bear [MS MVP] wrote:
>>>> NB: If you had no anti-virus application installed or the subscription
>>>> had expired *when the machine first got infected* and/or your
>>>> subscription has since expired and/or the machine's not been kept
>>>> fully-patched at Windows Update, don't waste your time with any of the
>>>> below: Format & reinstall Windows. A Repair Install will NOT help!
>>>>
>>>> Microsoft PCSafety provides home users (only) with no-charge support in
>>>> dealing with malware infections such as viruses, spyware (including
>>>> unwanted software), and adware.
>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>>>>
>>>> Also available via the Consumer Security Support home page:
>>>> https://consumersecuritysupport.microsoft.com/
>>>>
>>>> Otherwise...
>>>>
>>>> 1. See if you can download/run the MSRT manually:
>>>> http://www.microsoft.com/security/malwareremove/default.mspx
>>>>
>>>> NB: Run the FULL scan, not the QUICK scan! You may need to download
>>>> the
>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
>>>> machine and rename it to SCAN.EXE before running it.
>>>>
>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>>>> (only!) in Safe Mode with Networking, if need be:
>>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>>
>>>> 2b. Vista or Win7=> Run this scan instead:
>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>>
>>>> 3. Now run a thorough check for hijackware, including posting requested
>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>>>>
>>>> Checking for/Help with Hijackware:
>>>> . http://mvps.org/winhelp2002/unwanted.htm
>>>> . http://inetexplorer.mvps.org/tshoot.html
>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>
>>>> **Chances are you will need to seek expert assistance in
>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>> http://www.dslreports.com/forum/cleanup,
>>>> http://www.bluetack.co.uk/forums/index.php,
>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>>>
>>>> If these procedures look too complex - and there is no shame in
>>>> admitting this isn't your cup of tea - take the machine to a local,
>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)
>>>> computer repair shop.
>

PA Bear [MS MVP] · Mar 3, 2010

Have you completed Steps #1, #2, and #3? [yes/no]

Dennis wrote:
> This is the current situation. No programs find any viruses now.
> But in regular mode no desk top icons work. McAfee updated but
> won't run if you click the icon. It pops a window asking what
> program you want to use to run it as does everything else.
> The start menu works but if you click any programs they do not
> run. But in safe mode, all the desk top icons work if I use
> the "Administrator" user but not if I use the regular user name
> to log in. Using her normal user name to log in, the desk top
> icons don't work in regular mode or safe mode.
>
> PA Bear [MS MVP] wrote:
>> [TYPO CORRECTED]
>>
>> PA Bear [MS MVP] wrote:
>>>> ...I'll
>>>> try downloading these two programs and installing them via the
>>>> USB memory stick.
>>>
>>> Don't! Use a CD or DVD to transfer the files to the infected machine.
>>>
>>> 1. Unless it's a brand-new, never-been-used flash drive, it [COULD] be
>>> infected and/or the source of your infection!
>>>
>>> 2. Inserting the flash drive into the infected computer may end up
>>> infecting
>>> the flash drive (which could then transfer the infection to another
>>> computer).
>>>
>>>
>>> Dennis wrote:
>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran
>>>> regularly. McAffee is installed and set for automatic updates.
>>>> Windows is set for automatic updates and SP3 is installed. I'll
>>>> try downloading these two programs and installing them via the
>>>> USB memory stick. So far that works yet.
>>>>
>>>> PA Bear [MS MVP] wrote:
>>>>> NB: If you had no anti-virus application installed or the subscription
>>>>> had expired *when the machine first got infected* and/or your
>>>>> subscription has since expired and/or the machine's not been kept
>>>>> fully-patched at Windows Update, don't waste your time with any of the
>>>>> below: Format & reinstall Windows. A Repair Install will NOT help!
>>>>>
>>>>> Microsoft PCSafety provides home users (only) with no-charge support
>>>>> in
>>>>> dealing with malware infections such as viruses, spyware (including
>>>>> unwanted software), and adware.
>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>>>>>
>>>>> Also available via the Consumer Security Support home page:
>>>>> https://consumersecuritysupport.microsoft.com/
>>>>>
>>>>> Otherwise...
>>>>>
>>>>> 1. See if you can download/run the MSRT manually:
>>>>> http://www.microsoft.com/security/malwareremove/default.mspx
>>>>>
>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to download
>>>>> the
>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
>>>>> machine and rename it to SCAN.EXE before running it.
>>>>>
>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>>>>> (only!) in Safe Mode with Networking, if need be:
>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>>>
>>>>> 2b. Vista or Win7=> Run this scan instead:
>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>>>
>>>>> 3. Now run a thorough check for hijackware, including posting
>>>>> requested
>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>>>>>
>>>>> Checking for/Help with Hijackware:
>>>>> . http://mvps.org/winhelp2002/unwanted.htm
>>>>> . http://inetexplorer.mvps.org/tshoot.html
>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>
>>>>> **Chances are you will need to seek expert assistance in
>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>>> http://www.dslreports.com/forum/cleanup,
>>>>> http://www.bluetack.co.uk/forums/index.php,
>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>>>>
>>>>> If these procedures look too complex - and there is no shame in
>>>>> admitting this isn't your cup of tea - take the machine to a local,
>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)
>>>>> computer repair shop.

Dennis · Mar 4, 2010

Yes.

I ran MSRT and it found nothing.

I can't install Widows Live in Safe Mode and in regular mode
clicking the icon pops up the "Which program do you want to
use to open this" window. So I can't install it either way.
So, I finally tried Windows Update icon and it connected to
Microsoft. I put in the Url you listed and got to the Protection
Scan. It found nothing but was run in Safe Mode. I rebooted in
normal mode and still no icons open programs.

I ran HiJack This and it found some entries in
C

Windows\system32\drivers\etc\ that were removed. After
that Spybot did not find anything. Spybot no longer says there
were things it could not fix because it could not write to
C

Windows\system32\drivers\etc

So, right now in normal mode, no icons open programs. In Safe
Mode with Networking, signed in as a normal user no icons work.
But in Safe Mode with Networking signed in as Administrator,
all the icons open the programs as they should except IE and OE.
MalwareBytes, SuperAntiSpyware, and Spybot all update and run
but find nothing IF ran in Safe Mode as Administrator..

PA Bear [MS MVP] wrote:
>
> Have you completed Steps #1, #2, and #3? [yes/no]
>
> Dennis wrote:
>> This is the current situation. No programs find any viruses now.
>> But in regular mode no desk top icons work. McAfee updated but
>> won't run if you click the icon. It pops a window asking what
>> program you want to use to run it as does everything else.
>> The start menu works but if you click any programs they do not
>> run. But in safe mode, all the desk top icons work if I use
>> the "Administrator" user but not if I use the regular user name
>> to log in. Using her normal user name to log in, the desk top
>> icons don't work in regular mode or safe mode.
>>
>> PA Bear [MS MVP] wrote:
>>> [TYPO CORRECTED]
>>>
>>> PA Bear [MS MVP] wrote:
>>>>> ...I'll
>>>>> try downloading these two programs and installing them via the
>>>>> USB memory stick.
>>>>
>>>> Don't! Use a CD or DVD to transfer the files to the infected machine.
>>>>
>>>> 1. Unless it's a brand-new, never-been-used flash drive, it [COULD] be
>>>> infected and/or the source of your infection!
>>>>
>>>> 2. Inserting the flash drive into the infected computer may end up
>>>> infecting
>>>> the flash drive (which could then transfer the infection to another
>>>> computer).
>>>>
>>>>
>>>> Dennis wrote:
>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran
>>>>> regularly. McAffee is installed and set for automatic updates.
>>>>> Windows is set for automatic updates and SP3 is installed. I'll
>>>>> try downloading these two programs and installing them via the
>>>>> USB memory stick. So far that works yet.
>>>>>
>>>>> PA Bear [MS MVP] wrote:
>>>>>> NB: If you had no anti-virus application installed or the
>>>>>> subscription
>>>>>> had expired *when the machine first got infected* and/or your
>>>>>> subscription has since expired and/or the machine's not been kept
>>>>>> fully-patched at Windows Update, don't waste your time with any of
>>>>>> the
>>>>>> below: Format & reinstall Windows. A Repair Install will NOT help!
>>>>>>
>>>>>> Microsoft PCSafety provides home users (only) with no-charge support
>>>>>> in
>>>>>> dealing with malware infections such as viruses, spyware (including
>>>>>> unwanted software), and adware.
>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>>>>>>
>>>>>> Also available via the Consumer Security Support home page:
>>>>>> https://consumersecuritysupport.microsoft.com/
>>>>>>
>>>>>> Otherwise...
>>>>>>
>>>>>> 1. See if you can download/run the MSRT manually:
>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx
>>>>>>
>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to download
>>>>>> the
>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
>>>>>> machine and rename it to SCAN.EXE before running it.
>>>>>>
>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>>>>>> (only!) in Safe Mode with Networking, if need be:
>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>>>>
>>>>>> 2b. Vista or Win7=> Run this scan instead:
>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>>>>
>>>>>> 3. Now run a thorough check for hijackware, including posting
>>>>>> requested
>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>>>>>>
>>>>>> Checking for/Help with Hijackware:
>>>>>> . http://mvps.org/winhelp2002/unwanted.htm
>>>>>> . http://inetexplorer.mvps.org/tshoot.html
>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>>
>>>>>> **Chances are you will need to seek expert assistance in
>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>>>> http://www.dslreports.com/forum/cleanup,
>>>>>> http://www.bluetack.co.uk/forums/index.php,
>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>>>>>
>>>>>> If these procedures look too complex - and there is no shame in
>>>>>> admitting this isn't your cup of tea - take the machine to a local,
>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)
>>>>>> computer repair shop.
>

Jose · Mar 4, 2010

On Mar 4, 10:20 am, Dennis <den...@bright.net> wrote:
> Yes.
>
> I ran MSRT and it found nothing.
>
> I can't install Widows Live in Safe Mode and in regular mode
> clicking the icon pops up the "Which program do you want to
> use to open this" window. So I can't install it either way.
> So, I finally tried Windows Update icon and it connected to
> Microsoft. I put in the Url you listed and got to the Protection
> Scan. It found nothing but was run in Safe Mode. I rebooted in
> normal mode and still no icons open programs.
>
> I ran HiJack This and it found some entries in
> C

Windows\system32\drivers\etc\ that were removed. After
> that Spybot did not find anything. Spybot no longer says there
> were things it could not fix because it could not write to
> C

Windows\system32\drivers\etc
>
> So, right now in normal mode, no icons open programs. In Safe
> Mode with Networking, signed in as a normal user no icons work.
> But in Safe Mode with Networking signed in as Administrator,
> all the icons open the programs as they should except IE and OE.
> MalwareBytes, SuperAntiSpyware, and Spybot all update and run
> but find nothing IF ran in Safe Mode as Administrator..
>
> PA Bear [MS MVP] wrote:

Go to the following link, read the directions at the top of the page
and apply the EXE File Association Fix:

http://www.dougknox.com/xp/file_assoc.htm

Dennis · Mar 4, 2010

Will this work in safe Mode? That is the only way I can run a program...

Jose wrote:
> On Mar 4, 10:20 am, Dennis <den...@bright.net> wrote:
>> Yes.
>>
>> I ran MSRT and it found nothing.
>>
>> I can't install Widows Live in Safe Mode and in regular mode
>> clicking the icon pops up the "Which program do you want to
>> use to open this" window. So I can't install it either way.
>> So, I finally tried Windows Update icon and it connected to
>> Microsoft. I put in the Url you listed and got to the Protection
>> Scan. It found nothing but was run in Safe Mode. I rebooted in
>> normal mode and still no icons open programs.
>>
>> I ran HiJack This and it found some entries in
>> C

Windows\system32\drivers\etc\ that were removed. After
>> that Spybot did not find anything. Spybot no longer says there
>> were things it could not fix because it could not write to
>> C

Windows\system32\drivers\etc
>>
>> So, right now in normal mode, no icons open programs. In Safe
>> Mode with Networking, signed in as a normal user no icons work.
>> But in Safe Mode with Networking signed in as Administrator,
>> all the icons open the programs as they should except IE and OE.
>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run
>> but find nothing IF ran in Safe Mode as Administrator..
>>
>> PA Bear [MS MVP] wrote:
>
> Go to the following link, read the directions at the top of the page
> and apply the EXE File Association Fix:
>
> http://www.dougknox.com/xp/file_assoc.htm

PA Bear [MS MVP] · Mar 4, 2010

Repost:

**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

Dennis wrote:
> Yes.
>
> I ran MSRT and it found nothing.
>
> I can't install Widows Live in Safe Mode and in regular mode
> clicking the icon pops up the "Which program do you want to
> use to open this" window. So I can't install it either way.
> So, I finally tried Windows Update icon and it connected to
> Microsoft. I put in the Url you listed and got to the Protection
> Scan. It found nothing but was run in Safe Mode. I rebooted in
> normal mode and still no icons open programs.
>
> I ran HiJack This and it found some entries in
> C

Windows\system32\drivers\etc\ that were removed. After
> that Spybot did not find anything. Spybot no longer says there
> were things it could not fix because it could not write to
> C

Windows\system32\drivers\etc
>
> So, right now in normal mode, no icons open programs. In Safe
> Mode with Networking, signed in as a normal user no icons work.
> But in Safe Mode with Networking signed in as Administrator,
> all the icons open the programs as they should except IE and OE.
> MalwareBytes, SuperAntiSpyware, and Spybot all update and run
> but find nothing IF ran in Safe Mode as Administrator..
>
>
>
> PA Bear [MS MVP] wrote:
>>
>> Have you completed Steps #1, #2, and #3? [yes/no]
>>
>> Dennis wrote:
>>> This is the current situation. No programs find any viruses now.
>>> But in regular mode no desk top icons work. McAfee updated but
>>> won't run if you click the icon. It pops a window asking what
>>> program you want to use to run it as does everything else.
>>> The start menu works but if you click any programs they do not
>>> run. But in safe mode, all the desk top icons work if I use
>>> the "Administrator" user but not if I use the regular user name
>>> to log in. Using her normal user name to log in, the desk top
>>> icons don't work in regular mode or safe mode.
>>>
>>> PA Bear [MS MVP] wrote:
>>>> [TYPO CORRECTED]
>>>>
>>>> PA Bear [MS MVP] wrote:
>>>>>> ...I'll
>>>>>> try downloading these two programs and installing them via the
>>>>>> USB memory stick.
>>>>>
>>>>> Don't! Use a CD or DVD to transfer the files to the infected machine.
>>>>>
>>>>> 1. Unless it's a brand-new, never-been-used flash drive, it [COULD] be
>>>>> infected and/or the source of your infection!
>>>>>
>>>>> 2. Inserting the flash drive into the infected computer may end up
>>>>> infecting
>>>>> the flash drive (which could then transfer the infection to another
>>>>> computer).
>>>>>
>>>>>
>>>>> Dennis wrote:
>>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran
>>>>>> regularly. McAffee is installed and set for automatic updates.
>>>>>> Windows is set for automatic updates and SP3 is installed. I'll
>>>>>> try downloading these two programs and installing them via the
>>>>>> USB memory stick. So far that works yet.
>>>>>>
>>>>>> PA Bear [MS MVP] wrote:
>>>>>>> NB: If you had no anti-virus application installed or the
>>>>>>> subscription
>>>>>>> had expired *when the machine first got infected* and/or your
>>>>>>> subscription has since expired and/or the machine's not been kept
>>>>>>> fully-patched at Windows Update, don't waste your time with any of
>>>>>>> the
>>>>>>> below: Format & reinstall Windows. A Repair Install will NOT help!
>>>>>>>
>>>>>>> Microsoft PCSafety provides home users (only) with no-charge support
>>>>>>> in
>>>>>>> dealing with malware infections such as viruses, spyware (including
>>>>>>> unwanted software), and adware.
>>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>>>>>>>
>>>>>>> Also available via the Consumer Security Support home page:
>>>>>>> https://consumersecuritysupport.microsoft.com/
>>>>>>>
>>>>>>> Otherwise...
>>>>>>>
>>>>>>> 1. See if you can download/run the MSRT manually:
>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx
>>>>>>>
>>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to download
>>>>>>> the
>>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the
>>>>>>> infected
>>>>>>> machine and rename it to SCAN.EXE before running it.
>>>>>>>
>>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>>>>>>> (only!) in Safe Mode with Networking, if need be:
>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>>>>>
>>>>>>> 2b. Vista or Win7=> Run this scan instead:
>>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>>>>>
>>>>>>> 3. Now run a thorough check for hijackware, including posting
>>>>>>> requested
>>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>>>>>>>
>>>>>>> Checking for/Help with Hijackware:
>>>>>>> . http://mvps.org/winhelp2002/unwanted.htm
>>>>>>> . http://inetexplorer.mvps.org/tshoot.html
>>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>>>
>>>>>>> **Chances are you will need to seek expert assistance in
>>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>>>>> http://www.dslreports.com/forum/cleanup,
>>>>>>> http://www.bluetack.co.uk/forums/index.php,
>>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>>>>>>
>>>>>>> If these procedures look too complex - and there is no shame in
>>>>>>> admitting this isn't your cup of tea - take the machine to a local,
>>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)
>>>>>>> computer repair shop.

Dennis · Mar 4, 2010

I tried it and it seems to have fix the problem. Everything seems
to be functioning and no viruses are found...

Jose wrote:
> On Mar 4, 10:20 am, Dennis <den...@bright.net> wrote:
>> Yes.
>>
>> I ran MSRT and it found nothing.
>>
>> I can't install Widows Live in Safe Mode and in regular mode
>> clicking the icon pops up the "Which program do you want to
>> use to open this" window. So I can't install it either way.
>> So, I finally tried Windows Update icon and it connected to
>> Microsoft. I put in the Url you listed and got to the Protection
>> Scan. It found nothing but was run in Safe Mode. I rebooted in
>> normal mode and still no icons open programs.
>>
>> I ran HiJack This and it found some entries in
>> C

Windows\system32\drivers\etc\ that were removed. After
>> that Spybot did not find anything. Spybot no longer says there
>> were things it could not fix because it could not write to
>> C

Windows\system32\drivers\etc
>>
>> So, right now in normal mode, no icons open programs. In Safe
>> Mode with Networking, signed in as a normal user no icons work.
>> But in Safe Mode with Networking signed in as Administrator,
>> all the icons open the programs as they should except IE and OE.
>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run
>> but find nothing IF ran in Safe Mode as Administrator..
>>
>> PA Bear [MS MVP] wrote:
>
> Go to the following link, read the directions at the top of the page
> and apply the EXE File Association Fix:
>
> http://www.dougknox.com/xp/file_assoc.htm

Dennis · Mar 4, 2010

The EXE File Association Fix from this site fixed the problem
of the icons not working. Everything is functioning now and
no viruses detected.

http://www.dougknox.com/xp/file_assoc.htm

PA Bear [MS MVP] wrote:
> Repost:
>
> **Chances are you will need to seek expert assistance in
> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
> http://www.spywarewarrior.com/viewforum.php?f=5,
> http://www.dslreports.com/forum/cleanup,
> http://www.bluetack.co.uk/forums/index.php,
> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>
>
> Dennis wrote:
>> Yes.
>>
>> I ran MSRT and it found nothing.
>>
>> I can't install Widows Live in Safe Mode and in regular mode
>> clicking the icon pops up the "Which program do you want to
>> use to open this" window. So I can't install it either way.
>> So, I finally tried Windows Update icon and it connected to
>> Microsoft. I put in the Url you listed and got to the Protection
>> Scan. It found nothing but was run in Safe Mode. I rebooted in
>> normal mode and still no icons open programs.
>>
>> I ran HiJack This and it found some entries in
>> C

Windows\system32\drivers\etc\ that were removed. After
>> that Spybot did not find anything. Spybot no longer says there
>> were things it could not fix because it could not write to
>> C

Windows\system32\drivers\etc
>>
>> So, right now in normal mode, no icons open programs. In Safe
>> Mode with Networking, signed in as a normal user no icons work.
>> But in Safe Mode with Networking signed in as Administrator,
>> all the icons open the programs as they should except IE and OE.
>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run
>> but find nothing IF ran in Safe Mode as Administrator..
>>
>>
>>
>> PA Bear [MS MVP] wrote:
>>>
>>> Have you completed Steps #1, #2, and #3? [yes/no]
>>>
>>> Dennis wrote:
>>>> This is the current situation. No programs find any viruses now.
>>>> But in regular mode no desk top icons work. McAfee updated but
>>>> won't run if you click the icon. It pops a window asking what
>>>> program you want to use to run it as does everything else.
>>>> The start menu works but if you click any programs they do not
>>>> run. But in safe mode, all the desk top icons work if I use
>>>> the "Administrator" user but not if I use the regular user name
>>>> to log in. Using her normal user name to log in, the desk top
>>>> icons don't work in regular mode or safe mode.
>>>>
>>>> PA Bear [MS MVP] wrote:
>>>>> [TYPO CORRECTED]
>>>>>
>>>>> PA Bear [MS MVP] wrote:
>>>>>>> ...I'll
>>>>>>> try downloading these two programs and installing them via the
>>>>>>> USB memory stick.
>>>>>>
>>>>>> Don't! Use a CD or DVD to transfer the files to the infected
>>>>>> machine.
>>>>>>
>>>>>> 1. Unless it's a brand-new, never-been-used flash drive, it
>>>>>> [COULD] be
>>>>>> infected and/or the source of your infection!
>>>>>>
>>>>>> 2. Inserting the flash drive into the infected computer may end up
>>>>>> infecting
>>>>>> the flash drive (which could then transfer the infection to another
>>>>>> computer).
>>>>>>
>>>>>>
>>>>>> Dennis wrote:
>>>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran
>>>>>>> regularly. McAffee is installed and set for automatic updates.
>>>>>>> Windows is set for automatic updates and SP3 is installed. I'll
>>>>>>> try downloading these two programs and installing them via the
>>>>>>> USB memory stick. So far that works yet.
>>>>>>>
>>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>> NB: If you had no anti-virus application installed or the
>>>>>>>> subscription
>>>>>>>> had expired *when the machine first got infected* and/or your
>>>>>>>> subscription has since expired and/or the machine's not been kept
>>>>>>>> fully-patched at Windows Update, don't waste your time with any of
>>>>>>>> the
>>>>>>>> below: Format & reinstall Windows. A Repair Install will NOT help!
>>>>>>>>
>>>>>>>> Microsoft PCSafety provides home users (only) with no-charge
>>>>>>>> support
>>>>>>>> in
>>>>>>>> dealing with malware infections such as viruses, spyware (including
>>>>>>>> unwanted software), and adware.
>>>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>>>>>>>>
>>>>>>>> Also available via the Consumer Security Support home page:
>>>>>>>> https://consumersecuritysupport.microsoft.com/
>>>>>>>>
>>>>>>>> Otherwise...
>>>>>>>>
>>>>>>>> 1. See if you can download/run the MSRT manually:
>>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx
>>>>>>>>
>>>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to
>>>>>>>> download
>>>>>>>> the
>>>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the
>>>>>>>> infected
>>>>>>>> machine and rename it to SCAN.EXE before running it.
>>>>>>>>
>>>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>>>>>>>> (only!) in Safe Mode with Networking, if need be:
>>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>>>>>>
>>>>>>>> 2b. Vista or Win7=> Run this scan instead:
>>>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>>>>>>
>>>>>>>> 3. Now run a thorough check for hijackware, including posting
>>>>>>>> requested
>>>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>>>>>>>>
>>>>>>>> Checking for/Help with Hijackware:
>>>>>>>> . http://mvps.org/winhelp2002/unwanted.htm
>>>>>>>> . http://inetexplorer.mvps.org/tshoot.html
>>>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>>>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>>>>
>>>>>>>> **Chances are you will need to seek expert assistance in
>>>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>>>>>> http://www.dslreports.com/forum/cleanup,
>>>>>>>> http://www.bluetack.co.uk/forums/index.php,
>>>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>>>>>>>
>>>>>>>> If these procedures look too complex - and there is no shame in
>>>>>>>> admitting this isn't your cup of tea - take the machine to a local,
>>>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)
>>>>>>>> computer repair shop.
>

PA Bear [MS MVP] · Mar 4, 2010

If you needed that fix, I wonder what else might still be wrong?...

Dennis wrote:
> The EXE File Association Fix from this site fixed the problem
> of the icons not working. Everything is functioning now and
> no viruses detected.
>
> http://www.dougknox.com/xp/file_assoc.htm
>
> PA Bear [MS MVP] wrote:
>> Repost:
>>
>> **Chances are you will need to seek expert assistance in
>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>> http://www.spywarewarrior.com/viewforum.php?f=5,
>> http://www.dslreports.com/forum/cleanup,
>> http://www.bluetack.co.uk/forums/index.php,
>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>
>>
>> Dennis wrote:
>>> Yes.
>>>
>>> I ran MSRT and it found nothing.
>>>
>>> I can't install Widows Live in Safe Mode and in regular mode
>>> clicking the icon pops up the "Which program do you want to
>>> use to open this" window. So I can't install it either way.
>>> So, I finally tried Windows Update icon and it connected to
>>> Microsoft. I put in the Url you listed and got to the Protection
>>> Scan. It found nothing but was run in Safe Mode. I rebooted in
>>> normal mode and still no icons open programs.
>>>
>>> I ran HiJack This and it found some entries in
>>> C

Windows\system32\drivers\etc\ that were removed. After
>>> that Spybot did not find anything. Spybot no longer says there
>>> were things it could not fix because it could not write to
>>> C

Windows\system32\drivers\etc
>>>
>>> So, right now in normal mode, no icons open programs. In Safe
>>> Mode with Networking, signed in as a normal user no icons work.
>>> But in Safe Mode with Networking signed in as Administrator,
>>> all the icons open the programs as they should except IE and OE.
>>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run
>>> but find nothing IF ran in Safe Mode as Administrator..
>>>
>>>
>>>
>>> PA Bear [MS MVP] wrote:
>>>>
>>>> Have you completed Steps #1, #2, and #3? [yes/no]
>>>>
>>>> Dennis wrote:
>>>>> This is the current situation. No programs find any viruses now.
>>>>> But in regular mode no desk top icons work. McAfee updated but
>>>>> won't run if you click the icon. It pops a window asking what
>>>>> program you want to use to run it as does everything else.
>>>>> The start menu works but if you click any programs they do not
>>>>> run. But in safe mode, all the desk top icons work if I use
>>>>> the "Administrator" user but not if I use the regular user name
>>>>> to log in. Using her normal user name to log in, the desk top
>>>>> icons don't work in regular mode or safe mode.
>>>>>
>>>>> PA Bear [MS MVP] wrote:
>>>>>> [TYPO CORRECTED]
>>>>>>
>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>> ...I'll
>>>>>>>> try downloading these two programs and installing them via the
>>>>>>>> USB memory stick.
>>>>>>>
>>>>>>> Don't! Use a CD or DVD to transfer the files to the infected
>>>>>>> machine.
>>>>>>>
>>>>>>> 1. Unless it's a brand-new, never-been-used flash drive, it
>>>>>>> [COULD] be
>>>>>>> infected and/or the source of your infection!
>>>>>>>
>>>>>>> 2. Inserting the flash drive into the infected computer may end up
>>>>>>> infecting
>>>>>>> the flash drive (which could then transfer the infection to another
>>>>>>> computer).
>>>>>>>
>>>>>>>
>>>>>>> Dennis wrote:
>>>>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran
>>>>>>>> regularly. McAffee is installed and set for automatic updates.
>>>>>>>> Windows is set for automatic updates and SP3 is installed. I'll
>>>>>>>> try downloading these two programs and installing them via the
>>>>>>>> USB memory stick. So far that works yet.
>>>>>>>>
>>>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>>> NB: If you had no anti-virus application installed or the
>>>>>>>>> subscription
>>>>>>>>> had expired *when the machine first got infected* and/or your
>>>>>>>>> subscription has since expired and/or the machine's not been kept
>>>>>>>>> fully-patched at Windows Update, don't waste your time with any of
>>>>>>>>> the
>>>>>>>>> below: Format & reinstall Windows. A Repair Install will NOT
>>>>>>>>> help!
>>>>>>>>>
>>>>>>>>> Microsoft PCSafety provides home users (only) with no-charge
>>>>>>>>> support
>>>>>>>>> in
>>>>>>>>> dealing with malware infections such as viruses, spyware
>>>>>>>>> (including
>>>>>>>>> unwanted software), and adware.
>>>>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>>>>>>>>>
>>>>>>>>> Also available via the Consumer Security Support home page:
>>>>>>>>> https://consumersecuritysupport.microsoft.com/
>>>>>>>>>
>>>>>>>>> Otherwise...
>>>>>>>>>
>>>>>>>>> 1. See if you can download/run the MSRT manually:
>>>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx
>>>>>>>>>
>>>>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to
>>>>>>>>> download
>>>>>>>>> the
>>>>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the
>>>>>>>>> infected
>>>>>>>>> machine and rename it to SCAN.EXE before running it.
>>>>>>>>>
>>>>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection'
>>>>>>>>> scan
>>>>>>>>> (only!) in Safe Mode with Networking, if need be:
>>>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>>>>>>>
>>>>>>>>> 2b. Vista or Win7=> Run this scan instead:
>>>>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>>>>>>>
>>>>>>>>> 3. Now run a thorough check for hijackware, including posting
>>>>>>>>> requested
>>>>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>>>>>>>>>
>>>>>>>>> Checking for/Help with Hijackware:
>>>>>>>>> . http://mvps.org/winhelp2002/unwanted.htm
>>>>>>>>> . http://inetexplorer.mvps.org/tshoot.html
>>>>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>>>>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>>>>>
>>>>>>>>> **Chances are you will need to seek expert assistance in
>>>>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>>>>>>> http://www.dslreports.com/forum/cleanup,
>>>>>>>>> http://www.bluetack.co.uk/forums/index.php,
>>>>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>>>>>>>>
>>>>>>>>> If these procedures look too complex - and there is no shame in
>>>>>>>>> admitting this isn't your cup of tea - take the machine to a
>>>>>>>>> local,
>>>>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad)
>>>>>>>>> computer repair shop.

Dennis · Mar 5, 2010

I guess time will tell.

PA Bear [MS MVP] wrote:
> If you needed that fix, I wonder what else might still be wrong?...
>
> Dennis wrote:
>> The EXE File Association Fix from this site fixed the problem
>> of the icons not working. Everything is functioning now and
>> no viruses detected.
>>
>> http://www.dougknox.com/xp/file_assoc.htm
>>
>> PA Bear [MS MVP] wrote:
>>> Repost:
>>>
>>> **Chances are you will need to seek expert assistance in
>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>> http://www.dslreports.com/forum/cleanup,
>>> http://www.bluetack.co.uk/forums/index.php,
>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>>
>>>
>>> Dennis wrote:
>>>> Yes.
>>>>
>>>> I ran MSRT and it found nothing.
>>>>
>>>> I can't install Widows Live in Safe Mode and in regular mode
>>>> clicking the icon pops up the "Which program do you want to
>>>> use to open this" window. So I can't install it either way.
>>>> So, I finally tried Windows Update icon and it connected to
>>>> Microsoft. I put in the Url you listed and got to the Protection
>>>> Scan. It found nothing but was run in Safe Mode. I rebooted in
>>>> normal mode and still no icons open programs.
>>>>
>>>> I ran HiJack This and it found some entries in
>>>> C

Windows\system32\drivers\etc\ that were removed. After
>>>> that Spybot did not find anything. Spybot no longer says there
>>>> were things it could not fix because it could not write to
>>>> C

Windows\system32\drivers\etc
>>>>
>>>> So, right now in normal mode, no icons open programs. In Safe
>>>> Mode with Networking, signed in as a normal user no icons work.
>>>> But in Safe Mode with Networking signed in as Administrator,
>>>> all the icons open the programs as they should except IE and OE.
>>>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run
>>>> but find nothing IF ran in Safe Mode as Administrator..
>>>>
>>>>
>>>>
>>>> PA Bear [MS MVP] wrote:
>>>>>
>>>>> Have you completed Steps #1, #2, and #3? [yes/no]
>>>>>
>>>>> Dennis wrote:
>>>>>> This is the current situation. No programs find any viruses now.
>>>>>> But in regular mode no desk top icons work. McAfee updated but
>>>>>> won't run if you click the icon. It pops a window asking what
>>>>>> program you want to use to run it as does everything else.
>>>>>> The start menu works but if you click any programs they do not
>>>>>> run. But in safe mode, all the desk top icons work if I use
>>>>>> the "Administrator" user but not if I use the regular user name
>>>>>> to log in. Using her normal user name to log in, the desk top
>>>>>> icons don't work in regular mode or safe mode.
>>>>>>
>>>>>> PA Bear [MS MVP] wrote:
>>>>>>> [TYPO CORRECTED]
>>>>>>>
>>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>>> ...I'll
>>>>>>>>> try downloading these two programs and installing them via the
>>>>>>>>> USB memory stick.
>>>>>>>>
>>>>>>>> Don't! Use a CD or DVD to transfer the files to the infected
>>>>>>>> machine.
>>>>>>>>
>>>>>>>> 1. Unless it's a brand-new, never-been-used flash drive, it
>>>>>>>> [COULD] be
>>>>>>>> infected and/or the source of your infection!
>>>>>>>>
>>>>>>>> 2. Inserting the flash drive into the infected computer may end up
>>>>>>>> infecting
>>>>>>>> the flash drive (which could then transfer the infection to another
>>>>>>>> computer).
>>>>>>>>
>>>>>>>>
>>>>>>>> Dennis wrote:
>>>>>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran
>>>>>>>>> regularly. McAffee is installed and set for automatic updates.
>>>>>>>>> Windows is set for automatic updates and SP3 is installed. I'll
>>>>>>>>> try downloading these two programs and installing them via the
>>>>>>>>> USB memory stick. So far that works yet.
>>>>>>>>>
>>>>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>>>> NB: If you had no anti-virus application installed or the
>>>>>>>>>> subscription
>>>>>>>>>> had expired *when the machine first got infected* and/or your
>>>>>>>>>> subscription has since expired and/or the machine's not been kept
>>>>>>>>>> fully-patched at Windows Update, don't waste your time with
>>>>>>>>>> any of
>>>>>>>>>> the
>>>>>>>>>> below: Format & reinstall Windows. A Repair Install will NOT
>>>>>>>>>> help!
>>>>>>>>>>
>>>>>>>>>> Microsoft PCSafety provides home users (only) with no-charge
>>>>>>>>>> support
>>>>>>>>>> in
>>>>>>>>>> dealing with malware infections such as viruses, spyware
>>>>>>>>>> (including
>>>>>>>>>> unwanted software), and adware.
>>>>>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>>>>>>>>>>
>>>>>>>>>> Also available via the Consumer Security Support home page:
>>>>>>>>>> https://consumersecuritysupport.microsoft.com/
>>>>>>>>>>
>>>>>>>>>> Otherwise...
>>>>>>>>>>
>>>>>>>>>> 1. See if you can download/run the MSRT manually:
>>>>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx
>>>>>>>>>>
>>>>>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to
>>>>>>>>>> download
>>>>>>>>>> the
>>>>>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the
>>>>>>>>>> infected
>>>>>>>>>> machine and rename it to SCAN.EXE before running it.
>>>>>>>>>>
>>>>>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection'
>>>>>>>>>> scan
>>>>>>>>>> (only!) in Safe Mode with Networking, if need be:
>>>>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>>>>>>>>
>>>>>>>>>> 2b. Vista or Win7=> Run this scan instead:
>>>>>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>>>>>>>>
>>>>>>>>>> 3. Now run a thorough check for hijackware, including posting
>>>>>>>>>> requested
>>>>>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>>>>>>>>>>
>>>>>>>>>> Checking for/Help with Hijackware:
>>>>>>>>>> . http://mvps.org/winhelp2002/unwanted.htm
>>>>>>>>>> . http://inetexplorer.mvps.org/tshoot.html
>>>>>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>>>>>>> . http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>>>>>>
>>>>>>>>>> **Chances are you will need to seek expert assistance in
>>>>>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>>>>>>>>
>>>>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>>>>>>>> http://www.dslreports.com/forum/cleanup,
>>>>>>>>>> http://www.bluetack.co.uk/forums/index.php,
>>>>>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate
>>>>>>>>>> forums.**
>>>>>>>>>>
>>>>>>>>>> If these procedures look too complex - and there is no shame in
>>>>>>>>>> admitting this isn't your cup of tea - take the machine to a
>>>>>>>>>> local,
>>>>>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek
>>>>>>>>>> Squad)
>>>>>>>>>> computer repair shop.
>

PA Bear [MS MVP] · Mar 5, 2010

Meanwhile, your data (e.g., online banking usernames and passwords) may have
been compromised and your computer may still be functioning as a malware-bot
for the Bad Guys. Guess time will tell about all that, too, eh?

Dennis wrote:
> I guess time will tell.
>
> PA Bear [MS MVP] wrote:
>> If you needed that fix, I wonder what else might still be wrong?...
>>
>> Dennis wrote:
>>> The EXE File Association Fix from this site fixed the problem
>>> of the icons not working. Everything is functioning now and
>>> no viruses detected.
>>>
>>> http://www.dougknox.com/xp/file_assoc.htm
>>>
>>> PA Bear [MS MVP] wrote:
>>>> Repost:
>>>>
>>>> **Chances are you will need to seek expert assistance in
>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>> http://www.dslreports.com/forum/cleanup,
>>>> http://www.bluetack.co.uk/forums/index.php,
>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>>>
>>>>
>>>> Dennis wrote:
>>>>> Yes.
>>>>>
>>>>> I ran MSRT and it found nothing.
>>>>>
>>>>> I can't install Widows Live in Safe Mode and in regular mode
>>>>> clicking the icon pops up the "Which program do you want to
>>>>> use to open this" window. So I can't install it either way.
>>>>> So, I finally tried Windows Update icon and it connected to
>>>>> Microsoft. I put in the Url you listed and got to the Protection
>>>>> Scan. It found nothing but was run in Safe Mode. I rebooted in
>>>>> normal mode and still no icons open programs.
>>>>>
>>>>> I ran HiJack This and it found some entries in
>>>>> C

Windows\system32\drivers\etc\ that were removed. After
>>>>> that Spybot did not find anything. Spybot no longer says there
>>>>> were things it could not fix because it could not write to
>>>>> C

Windows\system32\drivers\etc
>>>>>
>>>>> So, right now in normal mode, no icons open programs. In Safe
>>>>> Mode with Networking, signed in as a normal user no icons work.
>>>>> But in Safe Mode with Networking signed in as Administrator,
>>>>> all the icons open the programs as they should except IE and OE.
>>>>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run
>>>>> but find nothing IF ran in Safe Mode as Administrator..
>>>>>
>>>>>
>>>>>
>>>>> PA Bear [MS MVP] wrote:
>>>>>>
>>>>>> Have you completed Steps #1, #2, and #3? [yes/no]
>>>>>>
>>>>>> Dennis wrote:
>>>>>>> This is the current situation. No programs find any viruses now.
>>>>>>> But in regular mode no desk top icons work. McAfee updated but
>>>>>>> won't run if you click the icon. It pops a window asking what
>>>>>>> program you want to use to run it as does everything else.
>>>>>>> The start menu works but if you click any programs they do not
>>>>>>> run. But in safe mode, all the desk top icons work if I use
>>>>>>> the "Administrator" user but not if I use the regular user name
>>>>>>> to log in. Using her normal user name to log in, the desk top
>>>>>>> icons don't work in regular mode or safe mode.
>>>>>>>
>>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>> [TYPO CORRECTED]
>>>>>>>>
>>>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>>>> ...I'll
>>>>>>>>>> try downloading these two programs and installing them via the
>>>>>>>>>> USB memory stick.
>>>>>>>>>
>>>>>>>>> Don't! Use a CD or DVD to transfer the files to the infected
>>>>>>>>> machine.
>>>>>>>>>
>>>>>>>>> 1. Unless it's a brand-new, never-been-used flash drive, it
>>>>>>>>> [COULD] be
>>>>>>>>> infected and/or the source of your infection!
>>>>>>>>>
>>>>>>>>> 2. Inserting the flash drive into the infected computer may end up
>>>>>>>>> infecting
>>>>>>>>> the flash drive (which could then transfer the infection to
>>>>>>>>> another
>>>>>>>>> computer).
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Dennis wrote:
>>>>>>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran
>>>>>>>>>> regularly. McAffee is installed and set for automatic updates.
>>>>>>>>>> Windows is set for automatic updates and SP3 is installed. I'll
>>>>>>>>>> try downloading these two programs and installing them via the
>>>>>>>>>> USB memory stick. So far that works yet.
>>>>>>>>>>
>>>>>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>>>>> NB: If you had no anti-virus application installed or the
>>>>>>>>>>> subscription
>>>>>>>>>>> had expired *when the machine first got infected* and/or your
>>>>>>>>>>> subscription has since expired and/or the machine's not been
>>>>>>>>>>> kept
>>>>>>>>>>> fully-patched at Windows Update, don't waste your time with
>>>>>>>>>>> any of
>>>>>>>>>>> the
>>>>>>>>>>> below: Format & reinstall Windows. A Repair Install will NOT
>>>>>>>>>>> help!
>>>>>>>>>>>
>>>>>>>>>>> Microsoft PCSafety provides home users (only) with no-charge
>>>>>>>>>>> support
>>>>>>>>>>> in
>>>>>>>>>>> dealing with malware infections such as viruses, spyware
>>>>>>>>>>> (including
>>>>>>>>>>> unwanted software), and adware.
>>>>>>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>>>>>>>>>>>
>>>>>>>>>>> Also available via the Consumer Security Support home page:
>>>>>>>>>>> https://consumersecuritysupport.microsoft.com/
>>>>>>>>>>>
>>>>>>>>>>> Otherwise...
>>>>>>>>>>>
>>>>>>>>>>> 1. See if you can download/run the MSRT manually:
>>>>>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx
>>>>>>>>>>>
>>>>>>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to
>>>>>>>>>>> download
>>>>>>>>>>> the
>>>>>>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the
>>>>>>>>>>> infected
>>>>>>>>>>> machine and rename it to SCAN.EXE before running it.
>>>>>>>>>>>
>>>>>>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection'
>>>>>>>>>>> scan
>>>>>>>>>>> (only!) in Safe Mode with Networking, if need be:
>>>>>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>>>>>>>>>
>>>>>>>>>>> 2b. Vista or Win7=> Run this scan instead:
>>>>>>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>>>>>>>>>
>>>>>>>>>>> 3. Now run a thorough check for hijackware, including posting
>>>>>>>>>>> requested
>>>>>>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>>>>>>>>>>>
>>>>>>>>>>> Checking for/Help with Hijackware:
>>>>>>>>>>> . http://mvps.org/winhelp2002/unwanted.htm
>>>>>>>>>>> . http://inetexplorer.mvps.org/tshoot.html
>>>>>>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>>>>>>>> .
>>>>>>>>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>>>>>>>
>>>>>>>>>>> **Chances are you will need to seek expert assistance in
>>>>>>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>>>>>>>>>
>>>>>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>>>>>>>>> http://www.dslreports.com/forum/cleanup,
>>>>>>>>>>> http://www.bluetack.co.uk/forums/index.php,
>>>>>>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate
>>>>>>>>>>> forums.**
>>>>>>>>>>>
>>>>>>>>>>> If these procedures look too complex - and there is no shame in
>>>>>>>>>>> admitting this isn't your cup of tea - take the machine to a
>>>>>>>>>>> local,
>>>>>>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek
>>>>>>>>>>> Squad)
>>>>>>>>>>> computer repair shop.

Dennis · Mar 7, 2010

EVERY anti-malware and anti-virus program says the computer is
clean. Stinger, McAfee, Malwarebytes, SuperAntiSpyware, and an
on line scan says it is clean. If they can't find it then every
computer will be infected eventually because it isn't detectable
by current means available. So at that point your info is no safer
than hers on that computer.

PA Bear [MS MVP] wrote:
> Meanwhile, your data (e.g., online banking usernames and passwords) may
> have been compromised and your computer may still be functioning as a
> malware-bot for the Bad Guys. Guess time will tell about all that, too,
> eh?
>
> Dennis wrote:
>> I guess time will tell.
>>
>> PA Bear [MS MVP] wrote:
>>> If you needed that fix, I wonder what else might still be wrong?...
>>>
>>> Dennis wrote:
>>>> The EXE File Association Fix from this site fixed the problem
>>>> of the icons not working. Everything is functioning now and
>>>> no viruses detected.
>>>>
>>>> http://www.dougknox.com/xp/file_assoc.htm
>>>>
>>>> PA Bear [MS MVP] wrote:
>>>>> Repost:
>>>>>
>>>>> **Chances are you will need to seek expert assistance in
>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>>> http://www.dslreports.com/forum/cleanup,
>>>>> http://www.bluetack.co.uk/forums/index.php,
>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>>>>
>>>>>
>>>>> Dennis wrote:
>>>>>> Yes.
>>>>>>
>>>>>> I ran MSRT and it found nothing.
>>>>>>
>>>>>> I can't install Widows Live in Safe Mode and in regular mode
>>>>>> clicking the icon pops up the "Which program do you want to
>>>>>> use to open this" window. So I can't install it either way.
>>>>>> So, I finally tried Windows Update icon and it connected to
>>>>>> Microsoft. I put in the Url you listed and got to the Protection
>>>>>> Scan. It found nothing but was run in Safe Mode. I rebooted in
>>>>>> normal mode and still no icons open programs.
>>>>>>
>>>>>> I ran HiJack This and it found some entries in
>>>>>> C

Windows\system32\drivers\etc\ that were removed. After
>>>>>> that Spybot did not find anything. Spybot no longer says there
>>>>>> were things it could not fix because it could not write to
>>>>>> C

Windows\system32\drivers\etc
>>>>>>
>>>>>> So, right now in normal mode, no icons open programs. In Safe
>>>>>> Mode with Networking, signed in as a normal user no icons work.
>>>>>> But in Safe Mode with Networking signed in as Administrator,
>>>>>> all the icons open the programs as they should except IE and OE.
>>>>>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run
>>>>>> but find nothing IF ran in Safe Mode as Administrator..
>>>>>>
>>>>>>
>>>>>>
>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>
>>>>>>> Have you completed Steps #1, #2, and #3? [yes/no]
>>>>>>>
>>>>>>> Dennis wrote:
>>>>>>>> This is the current situation. No programs find any viruses now.
>>>>>>>> But in regular mode no desk top icons work. McAfee updated but
>>>>>>>> won't run if you click the icon. It pops a window asking what
>>>>>>>> program you want to use to run it as does everything else.
>>>>>>>> The start menu works but if you click any programs they do not
>>>>>>>> run. But in safe mode, all the desk top icons work if I use
>>>>>>>> the "Administrator" user but not if I use the regular user name
>>>>>>>> to log in. Using her normal user name to log in, the desk top
>>>>>>>> icons don't work in regular mode or safe mode.
>>>>>>>>
>>>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>>> [TYPO CORRECTED]
>>>>>>>>>
>>>>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>>>>> ...I'll
>>>>>>>>>>> try downloading these two programs and installing them via the
>>>>>>>>>>> USB memory stick.
>>>>>>>>>>
>>>>>>>>>> Don't! Use a CD or DVD to transfer the files to the infected
>>>>>>>>>> machine.
>>>>>>>>>>
>>>>>>>>>> 1. Unless it's a brand-new, never-been-used flash drive, it
>>>>>>>>>> [COULD] be
>>>>>>>>>> infected and/or the source of your infection!
>>>>>>>>>>
>>>>>>>>>> 2. Inserting the flash drive into the infected computer may
>>>>>>>>>> end up
>>>>>>>>>> infecting
>>>>>>>>>> the flash drive (which could then transfer the infection to
>>>>>>>>>> another
>>>>>>>>>> computer).
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Dennis wrote:
>>>>>>>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran
>>>>>>>>>>> regularly. McAffee is installed and set for automatic updates.
>>>>>>>>>>> Windows is set for automatic updates and SP3 is installed. I'll
>>>>>>>>>>> try downloading these two programs and installing them via the
>>>>>>>>>>> USB memory stick. So far that works yet.
>>>>>>>>>>>
>>>>>>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>>>>>> NB: If you had no anti-virus application installed or the
>>>>>>>>>>>> subscription
>>>>>>>>>>>> had expired *when the machine first got infected* and/or your
>>>>>>>>>>>> subscription has since expired and/or the machine's not been
>>>>>>>>>>>> kept
>>>>>>>>>>>> fully-patched at Windows Update, don't waste your time with
>>>>>>>>>>>> any of
>>>>>>>>>>>> the
>>>>>>>>>>>> below: Format & reinstall Windows. A Repair Install will NOT
>>>>>>>>>>>> help!
>>>>>>>>>>>>
>>>>>>>>>>>> Microsoft PCSafety provides home users (only) with no-charge
>>>>>>>>>>>> support
>>>>>>>>>>>> in
>>>>>>>>>>>> dealing with malware infections such as viruses, spyware
>>>>>>>>>>>> (including
>>>>>>>>>>>> unwanted software), and adware.
>>>>>>>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>>>>>>>>>>>>
>>>>>>>>>>>> Also available via the Consumer Security Support home page:
>>>>>>>>>>>> https://consumersecuritysupport.microsoft.com/
>>>>>>>>>>>>
>>>>>>>>>>>> Otherwise...
>>>>>>>>>>>>
>>>>>>>>>>>> 1. See if you can download/run the MSRT manually:
>>>>>>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx
>>>>>>>>>>>>
>>>>>>>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to
>>>>>>>>>>>> download
>>>>>>>>>>>> the
>>>>>>>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the
>>>>>>>>>>>> infected
>>>>>>>>>>>> machine and rename it to SCAN.EXE before running it.
>>>>>>>>>>>>
>>>>>>>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection'
>>>>>>>>>>>> scan
>>>>>>>>>>>> (only!) in Safe Mode with Networking, if need be:
>>>>>>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>>>>>>>>>>
>>>>>>>>>>>> 2b. Vista or Win7=> Run this scan instead:
>>>>>>>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>>>>>>>>>>
>>>>>>>>>>>> 3. Now run a thorough check for hijackware, including posting
>>>>>>>>>>>> requested
>>>>>>>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>>>>>>>>>>>>
>>>>>>>>>>>> Checking for/Help with Hijackware:
>>>>>>>>>>>> . http://mvps.org/winhelp2002/unwanted.htm
>>>>>>>>>>>> . http://inetexplorer.mvps.org/tshoot.html
>>>>>>>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>>>>>>>>> .
>>>>>>>>>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>>>>>>>>
>>>>>>>>>>>> **Chances are you will need to seek expert assistance in
>>>>>>>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>>>>>>>>>> http://www.dslreports.com/forum/cleanup,
>>>>>>>>>>>> http://www.bluetack.co.uk/forums/index.php,
>>>>>>>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate
>>>>>>>>>>>> forums.**
>>>>>>>>>>>>
>>>>>>>>>>>> If these procedures look too complex - and there is no shame in
>>>>>>>>>>>> admitting this isn't your cup of tea - take the machine to a
>>>>>>>>>>>> local,
>>>>>>>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek
>>>>>>>>>>>> Squad)
>>>>>>>>>>>> computer repair shop.
>

Jose · Mar 7, 2010

On Mar 4, 5

8 pm, Dennis <den...@bright.net> wrote:
> I tried it and it seems to have fix the problem. Everything seems
> to be functioning and no viruses are found...
>
>
>
> > Go to the following link, read the directions at the top of the page
> > and apply the EXE File Association Fix:
>
> >http://www.dougknox.com/xp/file_assoc.htm

That's good.

The scanning programs sometimes remove the infections and there is no
way for them to detect/fix other annoyances that may have been
inflicted upon your system. Nothing too hard to fix, but annoying.

A special guffaw to MSRT.

PA Bear [MS MVP] · Mar 7, 2010

Backdoor.Tidserv [AKA Win32/Alureon] and MS10-015
<QP>
Backdoor.Tidserv does a very good job in that sense, especially with the
latest version (TDL3), which uses an advanced rootkit technology to hide its
presence on a system by infecting one of the low-level kernel drivers and
then
covering its tracks. *While the rootkit is active there is no easy way to
detect the infection*, [emphasis mine] and because it goes so deep into the
kernel, most
users cannot see anything wrong in the system...Even worse, because the
infected
driver is critical for system boot-up, Windows will not boot in Safe Mode
either [after having installed MS10-015 on an infected machine].
</QP>
http://www.symantec.com/connect/blogs/tidserv-and-ms10-015

Tdss rootkit silently owns the net
<QP>
Tdss rootkit 3rd variant is the last member of Tdss rootkit family that is
quickly spreading around the world. While a number of rootkits are just
developed as a proof of concept, this is not the case. Tdss rootkit is well
known to antivirus companies because of its goal to get total control of the
infected PCs and using them as zombies for its botnet.

During these years it has always shown a team of skilled people behind it,
who
always applied advanced techniques often able to bypass antirootkit
softwares.
Actually, this last variant could be easily named as the stealthiest rootkit
in the wild.

This infection is bringing all together the best of MBR rootkit, the best of
Rustock.C and the experience of old Tdss variants. *Result is an infection
that
is quickly spreading on the net and it is undetected by almost every
security
software and 3rd party anti rootkit software*. [emphasis mine]

....currently no antirootkit is able to bypass disk filtering
technique used by Tdss rootkit but, even if it was possible, this rootkit
could not be detected by file size cross check because file size of the
original and infected files are exactly the same.
</QP>
http://www.prevx.com/blog/139/Tdss-rootkit-silently-owns-the-net.html

Dennis wrote:
> EVERY anti-malware and anti-virus program says the computer is
> clean. Stinger, McAfee, Malwarebytes, SuperAntiSpyware, and an
> on line scan says it is clean. If they can't find it then every
> computer will be infected eventually because it isn't detectable
> by current means available. So at that point your info is no safer
> than hers on that computer.
>
>
> PA Bear [MS MVP] wrote:
>> Meanwhile, your data (e.g., online banking usernames and passwords) may
>> have been compromised and your computer may still be functioning as a
>> malware-bot for the Bad Guys. Guess time will tell about all that, too,
>> eh?
>>
>> Dennis wrote:
>>> I guess time will tell.
>>>
>>> PA Bear [MS MVP] wrote:
>>>> If you needed that fix, I wonder what else might still be wrong?...
>>>>
>>>> Dennis wrote:
>>>>> The EXE File Association Fix from this site fixed the problem
>>>>> of the icons not working. Everything is functioning now and
>>>>> no viruses detected.
>>>>>
>>>>> http://www.dougknox.com/xp/file_assoc.htm
>>>>>
>>>>> PA Bear [MS MVP] wrote:
>>>>>> Repost:
>>>>>>
>>>>>> **Chances are you will need to seek expert assistance in
>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>>>> http://www.dslreports.com/forum/cleanup,
>>>>>> http://www.bluetack.co.uk/forums/index.php,
>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>>>>>
>>>>>>
>>>>>> Dennis wrote:
>>>>>>> Yes.
>>>>>>>
>>>>>>> I ran MSRT and it found nothing.
>>>>>>>
>>>>>>> I can't install Widows Live in Safe Mode and in regular mode
>>>>>>> clicking the icon pops up the "Which program do you want to
>>>>>>> use to open this" window. So I can't install it either way.
>>>>>>> So, I finally tried Windows Update icon and it connected to
>>>>>>> Microsoft. I put in the Url you listed and got to the Protection
>>>>>>> Scan. It found nothing but was run in Safe Mode. I rebooted in
>>>>>>> normal mode and still no icons open programs.
>>>>>>>
>>>>>>> I ran HiJack This and it found some entries in
>>>>>>> C

Windows\system32\drivers\etc\ that were removed. After
>>>>>>> that Spybot did not find anything. Spybot no longer says there
>>>>>>> were things it could not fix because it could not write to
>>>>>>> C

Windows\system32\drivers\etc
>>>>>>>
>>>>>>> So, right now in normal mode, no icons open programs. In Safe
>>>>>>> Mode with Networking, signed in as a normal user no icons work.
>>>>>>> But in Safe Mode with Networking signed in as Administrator,
>>>>>>> all the icons open the programs as they should except IE and OE.
>>>>>>> MalwareBytes, SuperAntiSpyware, and Spybot all update and run
>>>>>>> but find nothing IF ran in Safe Mode as Administrator..
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>>
>>>>>>>> Have you completed Steps #1, #2, and #3? [yes/no]
>>>>>>>>
>>>>>>>> Dennis wrote:
>>>>>>>>> This is the current situation. No programs find any viruses now.
>>>>>>>>> But in regular mode no desk top icons work. McAfee updated but
>>>>>>>>> won't run if you click the icon. It pops a window asking what
>>>>>>>>> program you want to use to run it as does everything else.
>>>>>>>>> The start menu works but if you click any programs they do not
>>>>>>>>> run. But in safe mode, all the desk top icons work if I use
>>>>>>>>> the "Administrator" user but not if I use the regular user name
>>>>>>>>> to log in. Using her normal user name to log in, the desk top
>>>>>>>>> icons don't work in regular mode or safe mode.
>>>>>>>>>
>>>>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>>>> [TYPO CORRECTED]
>>>>>>>>>>
>>>>>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>>>>>> ...I'll
>>>>>>>>>>>> try downloading these two programs and installing them via the
>>>>>>>>>>>> USB memory stick.
>>>>>>>>>>>
>>>>>>>>>>> Don't! Use a CD or DVD to transfer the files to the infected
>>>>>>>>>>> machine.
>>>>>>>>>>>
>>>>>>>>>>> 1. Unless it's a brand-new, never-been-used flash drive, it
>>>>>>>>>>> [COULD] be
>>>>>>>>>>> infected and/or the source of your infection!
>>>>>>>>>>>
>>>>>>>>>>> 2. Inserting the flash drive into the infected computer may
>>>>>>>>>>> end up
>>>>>>>>>>> infecting
>>>>>>>>>>> the flash drive (which could then transfer the infection to
>>>>>>>>>>> another
>>>>>>>>>>> computer).
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Dennis wrote:
>>>>>>>>>>>> Malwarebytes, SuperAntiSpyware, and Spybot were updated and ran
>>>>>>>>>>>> regularly. McAffee is installed and set for automatic updates.
>>>>>>>>>>>> Windows is set for automatic updates and SP3 is installed. I'll
>>>>>>>>>>>> try downloading these two programs and installing them via the
>>>>>>>>>>>> USB memory stick. So far that works yet.
>>>>>>>>>>>>
>>>>>>>>>>>> PA Bear [MS MVP] wrote:
>>>>>>>>>>>>> NB: If you had no anti-virus application installed or the
>>>>>>>>>>>>> subscription
>>>>>>>>>>>>> had expired *when the machine first got infected* and/or your
>>>>>>>>>>>>> subscription has since expired and/or the machine's not been
>>>>>>>>>>>>> kept
>>>>>>>>>>>>> fully-patched at Windows Update, don't waste your time with
>>>>>>>>>>>>> any of
>>>>>>>>>>>>> the
>>>>>>>>>>>>> below: Format & reinstall Windows. A Repair Install will NOT
>>>>>>>>>>>>> help!
>>>>>>>>>>>>>
>>>>>>>>>>>>> Microsoft PCSafety provides home users (only) with no-charge
>>>>>>>>>>>>> support
>>>>>>>>>>>>> in
>>>>>>>>>>>>> dealing with malware infections such as viruses, spyware
>>>>>>>>>>>>> (including
>>>>>>>>>>>>> unwanted software), and adware.
>>>>>>>>>>>>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>>>>>>>>>>>>>
>>>>>>>>>>>>> Also available via the Consumer Security Support home page:
>>>>>>>>>>>>> https://consumersecuritysupport.microsoft.com/
>>>>>>>>>>>>>
>>>>>>>>>>>>> Otherwise...
>>>>>>>>>>>>>
>>>>>>>>>>>>> 1. See if you can download/run the MSRT manually:
>>>>>>>>>>>>> http://www.microsoft.com/security/malwareremove/default.mspx
>>>>>>>>>>>>>
>>>>>>>>>>>>> NB: Run the FULL scan, not the QUICK scan! You may need to
>>>>>>>>>>>>> download
>>>>>>>>>>>>> the
>>>>>>>>>>>>> MSRT on a non-infected machine, then transfer MRT.EXE to the
>>>>>>>>>>>>> infected
>>>>>>>>>>>>> machine and rename it to SCAN.EXE before running it.
>>>>>>>>>>>>>
>>>>>>>>>>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection'
>>>>>>>>>>>>> scan
>>>>>>>>>>>>> (only!) in Safe Mode with Networking, if need be:
>>>>>>>>>>>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>>>>>>>>>>>
>>>>>>>>>>>>> 2b. Vista or Win7=> Run this scan instead:
>>>>>>>>>>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>>>>>>>>>>>
>>>>>>>>>>>>> 3. Now run a thorough check for hijackware, including posting
>>>>>>>>>>>>> requested
>>>>>>>>>>>>> logs in an appropriate forum, not here. DO NOT SKIP THIS
>>>>>>>>>>>>> STEP!!
>>>>>>>>>>>>>
>>>>>>>>>>>>> Checking for/Help with Hijackware:
>>>>>>>>>>>>> . http://mvps.org/winhelp2002/unwanted.htm
>>>>>>>>>>>>> . http://inetexplorer.mvps.org/tshoot.html
>>>>>>>>>>>>> . http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>>>>>>>>>> .
>>>>>>>>>>>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>>>>>>>>>>>>
>>>>>>>>>>>>> **Chances are you will need to seek expert assistance in
>>>>>>>>>>>>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>>>>>>>>>>> http://www.dslreports.com/forum/cleanup,
>>>>>>>>>>>>> http://www.bluetack.co.uk/forums/index.php,
>>>>>>>>>>>>> http://aumha.net/viewforum.php?f=30 or other appropriate
>>>>>>>>>>>>> forums.**
>>>>>>>>>>>>>
>>>>>>>>>>>>> If these procedures look too complex - and there is no shame
>>>>>>>>>>>>> in
>>>>>>>>>>>>> admitting this isn't your cup of tea - take the machine to a
>>>>>>>>>>>>> local,
>>>>>>>>>>>>> reputable and independent (i.e., not BigBoxStoreUSA or Geek
>>>>>>>>>>>>> Squad)
>>>>>>>>>>>>> computer repair shop.

Fraud.Windows.ProtectionSuite

Dennis

Flightless Bird

PA Bear [MS MVP]

Flightless Bird

Dennis

Flightless Bird

PA Bear [MS MVP]

Flightless Bird

PA Bear [MS MVP]

Flightless Bird

Elmo

Flightless Bird

Dennis

Flightless Bird

PA Bear [MS MVP]

Flightless Bird

Dennis

Flightless Bird

Jose

Flightless Bird

Dennis

Flightless Bird

PA Bear [MS MVP]

Flightless Bird

Dennis

Flightless Bird

Dennis

Flightless Bird

PA Bear [MS MVP]

Flightless Bird

Dennis

Flightless Bird

PA Bear [MS MVP]

Flightless Bird

Dennis

Flightless Bird

Jose

Flightless Bird

PA Bear [MS MVP]

Flightless Bird