cancel
Showing results for 
Search instead for 
Did you mean: 
Jegalt
Level 7
Report Inappropriate Content
Message 1 of 11

Desktop and startmenu diapeared - after removing virus desktop is still disappeared

I removed virus with mcaffee, name was sth like "backdoor". following steps i already tried: login as admin, create new user account, launch msconfig and disable/enable all, launch computer administration and disable/enable all services, uninstall and install IE 7. before virus infected pc, i updated mcaffee.
desktop and start bar dont appear. windows key isnt working. only thing work is task manager. also mcaffee seems to be affected - i can not start shield.
OS is Win XP SP3
thank you for advise
10 Replies
vinod_r2
Level 11
Report Inappropriate Content
Message 2 of 11

RE: Desktop and startmenu diapeared - after removing virus desktop is still disappeared

try this and post the results
Jegalt
Level 7
Report Inappropriate Content
Message 3 of 11

resolved desktop disapered

the rcommended prog worked well. after quick scan, four infected files were found. after reboot, desktop and all aplications appear, also the MS windows malware tool deleted one more file and linked to microsoft page where described following:
Backdoor:Win32/IRCbot!8497 (Microsoft)
Win32/Checkout.A (CA)
Backdoor.Win32.IRCBot.aaq (Kaspersky)
W32/Checkout (McAfee)
W32/IRCBot-WB (Sophos)
W32.Mubla (Symantec)

thanks a lot
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 4 of 11

RE: resolved desktop disapered

The name in brackets means that Microsoft discovered that infection and reported it to the community at large.

Glad you are OK now. Moving this to the solved area if it's OK with you? Are you completely cleared now?
Jegalt
Level 7
Report Inappropriate Content
Message 5 of 11

RE: resolved desktop disapered

One more problem i detected is that i cannot start mcaffee shield. neither from task panel nor from pc administration services. error message is: error 123 - wrong syntax. mcaffee update succeeded.
I'm not used to this forum so please move thread where it would be best. i'm never sure whether pc is completely clean but works well now. some preinstalled progs from toshiba doesnt work. I experienced this before too, the other time my pc was infected. think I cannot restore them but they are not important. only the error messages at startup look ugly 😉
thanks to all
vinod_r2
Level 11
Report Inappropriate Content
Message 6 of 11

RE: resolved desktop disapered

Perhaps this might help

CAUTION:
Registry cleaners are never fully safe but atleast this one is much better than others...

Its my personal suggestion McAfee does not support or ratify the claim!

Use it at your own Risk.;)
Jegalt
Level 7
Report Inappropriate Content
Message 7 of 11

RE: resolved desktop disapered

The registry cleaner didn't fix the above described problem. J'll try to reinstall virus-scanner and all concerned progs.
Anyway thanks for the smart tools and for all the help.
Jegalt
Level 7
Report Inappropriate Content
Message 8 of 11

Anti-Malware with virus?

After scanning other time my pc some more viruses were found. Some of them in the directory of the above recommendet anti-malware.:mad:
The log-file said that some of the infected files weren't removed. How can I get my PC clean now?
Here is the log, sorry but its german:


04.10.2008 20:30:27 =5300.2777
04.10.2008 20:30:27 =5398.0000
04.10.2008 20:30:27 =
04.10.2008 20:30:27 =
04.10.2008 20:30:22 Scanvorgang wurde gestartet SASKIA\User Anforderungsscan
04.10.2008 20:53:52 1051 User e:\DATEIEN\JEG\JegsFonts\COMAC.EXE\COMACB.TTF
04.10.2008 21:06:36 1027 User E:\PROGRAMME\MALWAREBYTES' ANTI-MALWARE\MBAM-DOR.EXE Generic.dx
04.10.2008 21:06:36 1027 User e:\Programme\Malwarebytes' Anti-Malware\mbam-dor.exe\0004c714.EXE Generic.dx
04.10.2008 21:09:39 1027 User E:\SYSTEM VOLUME INFORMATION\_RESTORE{F1419A33-2D7D-49BF-B21A-822D4794E60A}\RP2\A0000290.EXE Generic.dx
04.10.2008 21:09:39 1027 User e:\System Volume Information\_restore{F1419A33-2D7D-49BF-B21A-822D4794E60A}\RP2\A0000290.exe\0004c714.EXE Generic.dx
04.10.2008 21:09:39 Scan-Zusammenfassung SASKIA\User Scan-Zusammenfassung
04.10.2008 21:09:39 Scan-Zusammenfassung SASKIA\User Gescannte Prozesse: 74
04.10.2008 21:09:39 Scan-Zusammenfassung SASKIA\User Erkannte Prozesse: 0
04.10.2008 21:09:39 Scan-Zusammenfassung SASKIA\User Gesäuberte Prozesse: 0
04.10.2008 21:09:39 Scan-Zusammenfassung SASKIA\User Gescannte Boot-Sektoren: 2
04.10.2008 21:09:39 Scan-Zusammenfassung SASKIA\User Erkannte Boot-Sektoren: 0
04.10.2008 21:09:39 Scan-Zusammenfassung SASKIA\User Gesäuberte Boot-Sektoren: 0
04.10.2008 21:09:39 Scan-Zusammenfassung SASKIA\User Gescannte Dateien: 46723
04.10.2008 21:09:39 Scan-Zusammenfassung SASKIA\User Dateien mit Erkennungen: 2
04.10.2008 21:09:39 Scan-Zusammenfassung SASKIA\User Dateierkennungen: 4 - files found
04.10.2008 21:09:39 Scan-Zusammenfassung SASKIA\User Gesäuberte Dateien: 0 - cleaned files
04.10.2008 21:09:39 Scan-Zusammenfassung SASKIA\User Gelöschte Dateien: 2 - deleted files
04.10.2008 21:09:39 Scan-Zusammenfassung SASKIA\User Nicht gescannte Dateien: 42 - not scanned files
04.10.2008 21:09:39 Scan-Zusammenfassung SASKIA\User Laufzeit: 0:39:17
04.10.2008 21:09:39 Scanvorgang wurde beendet SASKIA\User Anforderungsscan

thanks one more time
melboy
Level 7
Report Inappropriate Content
Message 9 of 11

RE: Anti-Malware with virus?

Is this Mcafee Enterprise? these are definite False positives:

04.10.2008 21:06:36 1027 User E:\PROGRAMME\MALWAREBYTES' ANTI-MALWARE\MBAM- DOR.EXE Generic.dx
04.10.2008 21:06:36 1027 User e:\Programme\Malwarebytes' Anti-Malware\mbam- dor.exe\0004c714.EXE Generic.dx
melboy
Level 7
Report Inappropriate Content
Message 10 of 11

RE: Anti-Malware with virus?

I suspect these are the SR copies of the false positives:
04.10.2008 21:09:39 1027 User E:\SYSTEM VOLUME INFORMATION\_RESTORE{F1419A33-2D7D-49BF-B21A-822D4794E60A}\RP2\A0000290.EXE Generic.dx
04.10.2008 21:09:39 1027 User e:\System Volume Information\_restore{F1419A33-2D7D-49BF-B21A-822D4794E60A}\RP2\A0000290.exe\0004c714.EXE Generic.dx

http://vil.nai.com/vil/systemhelpdocs/disablesysrestore.aspx (don't forget to re-enable.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community