Re: No icons, No task bar, Nothing but a mouse pointer on a black desk


NO DESKTOP ICOS/START MENU IN XP SAFE MODE - SOLVED!!!!
by Valerian E Partenie

Virus name: virtumonde.ggx - no info on the internet about this
version!
Also it may be involved Troian.Fotomoto virus

As this is my FIRST "one on one" fight with a new generation of
viruses, I'll describe you with my own words
what the virus did to my computer, what are the attack aspects and how
I got rid of it!

Finally I MADE IT!!! After 3 days of work, trying to find the right
cure, I found it!

Description of the virus:

It is a virus, that has 3 main things installed on your computer:
1.a link to it's site - in Internet temporary files - that can not be
deleted (it comes back) if you are connected to the internet
2.an exe file - that is not identified by the scan program, because it
is harmles itself but it's doig its job.
3.a dll file - that is identified by bitdefender, can be deleted but it
comes back if you are on the internet
As he can be destroyed onl from the safemode with no internet, that is
the reason why he protects (hide) the safemode desktop!
(Try starting the computer in safemode with hnetwork support and you'll
see that the desktop is fine!!!)


Well, I don't really know what is he doing when he gets out, like what
information he sends and to whom,
but I can surely say that he is responsabile for the following sympoms:


SYMPTOMS:

1. I can not access Safe mode!!! Black screen with no ICONS/MENU.
2. I can access "Safe mode with network support"!
3. Can not delete for good Troian.Fotomoto virus ( it's coming back all
the time)
4. Computer is VERY SLOW. Can not do a virus scan (scans like 1
file/20sec!!!)
5. Slow folder icons refreshing.
6. Virus Warning on the desktop with a flashing exclamation mark in the
taskbar.

The ONLY Software needed:

I said the only, because this are the only TWO that worked, and I
tested PLENTY!!!

1.BITDEFENDER 2008 (TOTALSECURITY OR ANTIVIRUS)(works the TRIAL) - it
is the only one that finds virtumonde.ggx
2.FILE ASSASIN (FREEWARE do a google to download) - it can delete
active dll, otherwise you'll get the message that the computer is using
the file and it can not be deleted.

PROCEDURE (While you are Internet connected):

1. Download and install the above software.
2. Disable System Restore (Start>control panel>click system> system
restore tab> check "Turn off System Restore"
you have to do this because the antivirus will not scan these files
otherwise, and you could have viruses "saved" there! (as I did)
2. Do a Deep SCAN with Bit Defender (it takes a lot of time!)
3. Let BitDefender to delete the founded viruses.

DISCONNECT THE INTERNET

1.Restart the computer.
2. Open c:/Windows/system32 folder
3. BitDefender will popup with a message that virtumonde.ggx has been
blocked by him.
4. Search the infected dll (it has each time a different name but the
same size 308kb and no company signature; for the right name
you got to look for the one pointed by the bitdefender)
5. As it could be many of infected dll, sort the files by the size.
6. Once you found them, right click on each of them and select "delete
file with fileASSASIN".
7. As you kill the virus, a message will popup that the computer will
restart in "..."seconds.
That's his last breath!!!
8. Cold restart the computer (push the button to restart), don't wait
for it to shut down your computer.
9. Restart in "Safemode". The Desktop is back now!BUT...you are not
done yet...the virus is still there...
While you are in Safe mode, go to Controlpanel>Internet options>general
tab>browsing history click settings> click view files.
Now select them all and delete them.
10. Delete the files from c:/Documents and Settings/ Owner(or whatever
account you use)/Local Settings/Temp (you have to have the "show hidden
folders" active)
11. Open c:/Windows/system32 folder and sort the items by the date
12. As look here for the dates close to the present day. You'll find
here some exe files with nonsense names like:xhwgjj.exe size 381kb
13. Do the delete procedure with "fileassasin" also delete any nonsense
names dll made in the same days.
14. Restart in normaly.

NOW YOU ARE FULLY DONE. THE COMPUTER RUNS AS IT IS BRAND NEW

PLEASE NOTE: YOU ARE DOING THIS ON YOUR OWN RISK! iF YOU ARE NOT
FAMILIAR WITH WHAT YOU ARE DOING YOU MAY DO SOME IREVERSIBILE CHANGES.
HOWEVER, IN ORDER TO GET RID OF THE VIRUS, THIS PROCEDURE IS YOUR LAST
CHANCE BEFORE FORMATTING THE HARDDRIVE!

Procedure developed by Valerian E Partenie


--
vpartenie
------------------------------------------------------------------------
vpartenie's Profile: http://forums.techarena.in/member.php?userid=33146
View this thread: http://forums.techarena.in/showthread.php?t=822320

http://forums.techarena.in

.