Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Desktop Black Screen - after malware attack - Tried Lots of Fixes - Please Help

  1. #1
    MrModo is offline New Member
    Join Date
    Jan 2011
    Posts
    8

    Default Desktop Black Screen - after malware attack - Tried Lots of Fixes - Please Help

    Okay. It's late. I've been dealing with this all day, trying to fix it...
    I'll try to explain everything that happened, and everything I've tried.

    Yesterday I got one of those malware attacks in Firefox, where it's a fake virus scan thingy.
    I immediately closed down, ran Malwarebytes.. Honestly can't remember at this time if it was full or quick scan.. Didn't find anything. I scanned with Avira as well. Can't remember if it found anything.
    everything seemed OK. I continued working.

    Today it attacked again. This time I closed down everything, ran full Avira and Malwarebytes _at the same time_ ... maybe that was a mistake...

    then I did something stupid. Mbytes found something. But I didn't restart right away. Removed it, then I UPDATED to the new version of Mbytes, did another full scan. Left to do some shopping while both Avira and Mbytes worked full scans.

    They both found files.. But I didn't look closely at the names.. I Quarantined and removed everything. Then finally restarted...

    Suddenly, Blue Screen! OMG... So I worked a startup repair.. it suggested system restore.

    System restore ended the blue screen, but now Desktop is BLACK. I've tried several system restores...

    Now there is No Desktop, No explorer.exe in Task Manager. No way to Right Click...
    Since then, I've tried lots of stuff. Running Explorer.exe in "Run" screen doesn't work.
    SAFE MODE comes up BLACK!

    sfc /scannow ...finishes the verification phase and then CLOSES!! doesn't continue..

    I can run certain .exe files, but others won't work.. Mbytes does (finds nothing now on full system scan, fully updated), but Avira won't run, Advanced System Care won't run (not that I think it would help)

    -I've checked the Shell file in registry, it says explorer.exe
    -I've tried a "clean startup" with only Microsoft files enabled, still black screen
    -The explorer.exe file is still there in windows, but doesn't respond at all when I click on it (in Firefox)..
    -chkdsk found no problems

    I do have an Vista Home Premium install disc (which is what I use)
    I have a Sony Vaio, by the way.



    I tried booting from the disc, but it seemed to go into a full install, and didn't offer me a "Repair" option as I was expecting....
    I will try this again tomorrow I guess


    also, I have read lots of posts here and there, including in these forums, before posting this.
    thanks in advance for any help...
    Last edited by MrModo; 13th January 2011 at 03:41.

  2. #2
    LeeW is offline Gold Member
    Join Date
    Jan 2010
    Posts
    741

    Default

    Just to double check: When you say desktop is black, are you meaning you are getting nothing but a black screen, no taskbar, no start menu........?
    Or is it just the desktop itself? If it's just the desktop itself have you tried right-clicking on the desktop and make sure under view that Show Desktop Icons is checked, try applying a new wallpaper. I know it seems too simple but alot of malware will remove your wallpaper to replace it with their own and hide you icons so you think they are legit. Once the malware was removed the wallpaper could have been removed leaving you with just a color desktop which the default is generally black.

  3. #3
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    Hi, MrModo.

    Let's see if you can do this --

    Download to a flash drive or other removable media, and transfer to the infected computer.

    Download ComboFix from one of these locations:

    Link 1
    Link 2

    **Note: It is important that it is saved directly to your desktop**

    Transfer the file you just downloaded to the desktop of the infected computer.

    Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

    Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.



    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix.
    • At the next prompt, click 'Yes' to run the full ComboFix scan.
    • When the tool is finished, it will produce a report for you.

    Please post the C:\ComboFix.txt in your next reply.

  4. #4
    MrModo is offline New Member
    Join Date
    Jan 2011
    Posts
    8

    Default

    there is no desktop to speak of.

    there is no 'dragging and dropping' possible.

    right clicking does nothing.

    explorer.exe is not visible in the processes menu under Task Manager.

    Mbytes is not automatically running. I could probably disable Avira from the TaskManager...

    I will try to run ComboFix when I get a chance in the afternoon. (I am in Taiwan.)

  5. #5
    whs's Avatar
    whs
    whs is offline Gold Member
    Join Date
    Oct 2008
    Posts
    1,421

    Default

    If you want my advice, save your data with a bootable Linux CD to a flash drive. Then reinstall your system. Before you restore your data files, check them e.g. on this site: VirusTotal - Free Online Virus, Malware and URL Scanner

    That may seem like a lot of effort because you have to reinstall all your programs, but at the end it will be the safest way and you do not waste more time. had you started yesterday, you would already be done - LOL

    For the future, do imaging. Read my little write-up and you will know what this is all about ( Imaging strategies - Windows 7 Forums ). For a specific imaging program I found free Macrium to be the best overall ( Imaging with free Macrium - Windows 7 Forums ). It works for XP, Vista and Win7.

  6. #6
    MrModo is offline New Member
    Join Date
    Jan 2011
    Posts
    8

    Default

    I cannot shut down Avira... trying to 'End Process Tree' in Task Manager says access is denied.. I do not have permission.

    also, the computer is not allowing me to do all kinds of stuff like this.. run certain processes, shut down certain other processes.
    for example, I cannot get into control panel, or open Add/Remove Programs..

    even though it says RIGHT THERE under 'Create New Task' in the Task Manager that "This task will be created with administrative privileges."

    I am afraid that my User ID has been corrupted somehow.

    also, I am using Task Manager to do EVERYTHING on this computer right now.. it's the only way to open a program, or do anything.
    I am using Firefox to do all my browsing..
    this does not allow me to drag and drop or copy and paste or do anything of the sort.

    I cannot even run certain .exe files that really baffles me. for example, Beyond the Sword for Civ 4 ... the way I opened the game was, I clicked on the .exe in Firefox browser..

    when I do this, it comes up with "Save File" screen, instead of a "Run" screen.. So I saved file over the old file, THEN, in the Firefox "Downloads Log Window", I click on the Icon THERE to run the program..

    sigh...

  7. #7
    MrModo is offline New Member
    Join Date
    Jan 2011
    Posts
    8

    Default

    a full reinstall will not be so bad, IF I can leave my D: drive intact, which has all my data, games, movies, and music...
    however, it's a lot of info on there, too much to save or copy really... to have to format would be a huge pain if I lose the D: drive as well.

    I finally was able to open Avira and access the Log..
    there were a bunch of detections in my full scan yesterday. mostly stuff in SunJava (big surprise...)

    however there were FOUR culprits for the corrupt explorer.exe file. ONE of them may have been mis-identified as a virus, I am wondering:

    THIS ONE, which is in the normal path of explorer.exe:


    Type: File
    Source: C:\Windows\explorer.exe
    Status: Infected
    Quarantine object: 49e39066.qua
    Restored: NO
    Uploaded to Avira: NO
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.140
    Virus definition file: 7.11.01.80
    Detection: Is the TR/Crypt.XPACK.Gen2 Trojan
    Date/Time: 13/1/11, 11:30

    Here are the other 3:


    Type: File
    Source: C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0 201e76de3a0b\explorer.exe
    Status: Infected
    Quarantine object: 39c5be9c.qua
    Restored: NO
    Uploaded to Avira: NO
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.140
    Virus definition file: 7.11.01.80
    Detection: Is the TR/Trash.Gen Trojan
    Date/Time: 13/1/11, 11:30


    Type: File
    Source: C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0 201e76de3a0b\explorer.exe
    Status: Infected
    Quarantine object: 0b51c3d1.qua
    Restored: NO
    Uploaded to Avira: NO
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.140
    Virus definition file: 7.11.01.80
    Detection: Is the TR/Trash.Gen Trojan
    Date/Time: 12/1/11, 13:23


    Type: File
    Source: C:\Windows\System32\wininit.exe
    Status: Infected
    Quarantine object: 5172bfd2.qua
    Restored: NO
    Uploaded to Avira: NO
    Operating System: Windows 2000/XP/VISTA Workstation
    Search engine: 8.02.04.140
    Virus definition file: 7.11.01.80
    Detection: Is the TR/Crypt.XPACK.Gen2 Trojan
    Date/Time: 12/1/11, 12:41

    I am considering restoring the first file, and giving that a try...

  8. #8
    MrModo is offline New Member
    Join Date
    Jan 2011
    Posts
    8

    Default

    would you recommend I format C:/ drive before reinstalling?

    pretty much all of the data I would like to save is on D:/ drive...

    I already burned a DVD with the other stuff I'd like to save from C:/

  9. #9
    whs's Avatar
    whs
    whs is offline Gold Member
    Join Date
    Oct 2008
    Posts
    1,421

    Default

    a full reinstall will not be so bad, IF I can leave my D: drive intact, which has all my data, games, movies, and music...
    however, it's a lot of info on there, too much to save or copy really... to have to format would be a huge pain if I lose the D: drive as well.
    If your data is in D, a reinstall will not touch it. There is no need to format C for a reinstall. If you have a recovery partition, that would be the easiest route. Look in Disk Management. It is often a hidden partition. Depending on the make of the PC, you have to keep tapping a function key, ESC or a combination of keys at power-on. If you tell us the make, we may know which one.
    Last edited by whs; 13th January 2011 at 17:33. Reason: Addition

  10. #10
    MrModo is offline New Member
    Join Date
    Jan 2011
    Posts
    8

    Default

    Quote Originally Posted by whs View Post
    If your data is in D, a reinstall will not touch it. There is no need to format C for a reinstall. If you have a recovery partition, that would be the easiest route. Look in Disk Management. It is often a hidden partition. Depending on the make of the PC, you have to keep tapping a function key, ESC or a combination of keys at power-on. If you tell us the make, we may know which one.
    okay, that's a relief. I will do a reinstall soon then...

    how exactly will the recovery partition help?
    anyway I will look for it.

    I have a Sony Vaio VGN-CR357

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22