Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

No Desktop!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

No Desktop!

Unread postby MicahNTX » April 10th, 2009, 4:43 pm

Hello everyone,
I am new to this forum as you can probably tell. I did read the guidelines before posting and hope that I am complying with my post here. First let me say I do not have a copy of "HiJack This" currently installed. And if I can explain briefly;

Last night around 7:00p.m. a certain someone had opened an attachment on our computer that runs Windows XP Pro MCE. Well AVG 8.5 went absolutely haywire detecting all these infections and warnings. Earlier that day at 12:00p.m., AVG did its daily scanning routine and came back clean. Well right now I can boot to my login screen, then when I supply my username & password and click OK. It starts to log me into the system, however, it just freezes and stays on a blank blue screen! It doesnt load wallpaper, taskbar or *anything* at all. So I pressed Ctrl+Alt+Delete and the Task Manager is the only thing working. However I was able to use the "New Task" to run "regedit" to look for any suspicious entries/values, which I did come across a "reader_s.exe" with very strange behavior inside my HKLM\software\microsoft\windows\currentversion\run hive..... So I did get rid of it and it kept popping back up every time I'd click "refresh". So I renamed the file located in my %system32% folder to reader_sDELETE and then deleted from registry and it finally was gone for the time being. Also at first when I opened Firefox, I could not access the internet. So I decided to check out my C:\windows\system32\etc\hosts file in notepad. Well it had been completely altered all the way and contained:

127.0.0.1 hxxp://jl.chura.pl
#

And that was ALL, all the original text & introduction thats included in the host file was gone. So I erased the hxxp://jl.chura.pl part and then saved, then re-opened Mozilla Firefox back up and now it is working just fine! However, I am sitting here in Firefox with no GUI except Task Manager. So I am extremely limited on resources. I just reformatted 3 weeks ago and *really* would like to avoid that route again and honestly, I love what this web site and its people are doing and trying to accomplish, much respect for something of this nature! And I am very interested in learning thoroughly just how I can remove the Malware myself without having to just give up and reformat every time this happens to me or one of my friends/family members computers! I'm a pretty competent with PC repairs & such and have a good general understanding. But Malware has always been something I just never took the time to really learn about and how to prevent it and now here I am in this situation again! Anyways, I will be sitting here with my no-desktop XP computer running Firefox and see if I can't dig up some information on this, as I'm sure someone else has had this same Virus/Trojan/Malware. Once again, much respect to EVERYONE involved in this community, it is truly a good & noble cause and I look forward to learning a lot from you guys! Thanks for everything in advance!!!!
MicahNTX
Active Member
 
Posts: 1
Joined: April 10th, 2009, 4:23 pm
Advertisement
Register to Remove

Re: No Desktop!

Unread postby Wi[k]! » April 10th, 2009, 7:00 pm

Looking over your post, be back as soon as possible.

Edit: fixed typo
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am

Re: No Desktop!

Unread postby Wi[k]! » April 11th, 2009, 7:48 am

I have very unpleasant news for you. It is imperative that your system be reformatted and your Windows operating system be reinstalled. This is necessary because Virut is a virulent file infector that will infect -.exe -.scr -web page files (.htm & .html and possibly .asp & .aspx files) -archived files (.rar and .zip also) with mentioned file types inside.. As an added "bonus," Virut is a poorly written and buggy file infector, which is why our scanners cannot properly disinfect the files and, since many of these infected files will be vital system files, they cannnot simply be removed.

So, the situation is that the files cannot be removed, nor can they be properly disinfected. This leaves only one choice, reformat and reinstall the Windows operating system.

Prior to reformatting the system, the hard drive could be removed and attached to another system as a "slave," thereby allowing you to remove and salvage your data files. Also, under no circumstances should you plug a USB device into the infected computer in order to transfer data as any such device could become infected and may then transfer the infection to other computers. If you are unable to slave the HD to back up your data files, then you should burn them to CD or DVD. No files should be saved other than documents and pictures. No screensavers, no executables, no program set-up files... just documents and pictures. Otherwise, the infection will be reintroduced to the newly reinstalled operating system. All data files should be scanned with anti-virus and anti-spyware programs prior to being returned to the hard drive after it has been reformatted. If you are not comfortable performing this procedure yourself, we would advise you to take the computer to a reliable, local, computer repair shop and have them do the work for you.
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am

Re: No Desktop!

Unread postby NonSuch » April 16th, 2009, 7:47 pm

As the resolution of this issue requires a reformat, and there have been no questions posted regarding that process, this topic is now closed.

You can help support this site from this link:
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware