We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Please help! Had Defender virus warning - Now desktop icons have vanished!
Comments
-
Thanks Browntoa, that's fantastic!
Given your recent replies, I was really worried that the pc was definitely still infected, until I saw your last post!
Should I do the scans in safe mode, as before?
One final thing - has all the personal data on my machine, including stuff saved in my e-mail account been exposed to goodness knows whom during the last 48 hours? :eek: I've only just changed my e-mail password (and typically for Virgin, it now refuses to recognise the new one, and when I request "forgot password" it says, error, come back later)! Anyway, I digress!
Thanks again, guys! :T0 -
was still infected , do the scans in normal mode , the first one empties all the temp files and other crap on the system , the 2nd may catch stuff that Malwarebytes missed
theres a chance that personal stuff has been compromised so I suppose a change of passwords is in order
less likely to affect email , would normally log keystrokes if ANYTHING was keylogging (no sign of that but)Ex forum ambassador
Long term forum member0 -
Is it safe to have the internet on now then? I'll have to stay up tonight to clean and scan, just to be sure! :sad:
I usually use the on-screen keyboard for any transactions, but I'm concerned about the possibility of info being compromised.
Will post the results.0 -
Hi Guys, I completed scans with ATF cleaner SuperAntiSpyWare, and no problems were found.
I've just turned on my pc and the following message came on (some of the text is oddly displayed or missing - I've highlighted this in blue text - it looks as though this may have been caused by a missing (blank) strip on the right hand side of the dialogue box).
System Configuration Utility
You have used the System Configuration Utility to make changes to the way windows . .
The system configuration Utility is currently in Diagnostic or Selective startup mode causing this message to be displayed and the utility to run every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made during the System Configuration Utility.
[There is a blank box to check here that I can't reproduce on MSE]
Don’t show this message or launch the System Configuration Utility when Windows sta
Is it normal for this box to be displayed? It never has before when I've used safe mode in the past? Why is part of it missing? What should I do?
Just checking this out with you guys, because I'm feeling a bit paranoid, after the recent viral attacks!
Thanks!0 -
The box you describe can appear when you have unchecked something in msconfig for instance. Having looked at you last malwarebytes log these does not appear to have been a start up item removed so I am not sure why this has appeared.
Please start up malwarebytes and update it it prior to running a full scan.0 -
Thanks Reluctant_spender.
I did another MalwareBytes scan (sorry I forgot to update it first - I was busy doing other stuff at the same time!).
Here's the log file:
Malwarebytes' Anti-Malware 1.31
Database version: 1482
Windows 5.1.2600 Service Pack 3
12/12/2008 17:32:35
mbam-log-2008-12-12 (17-32-35).txt
Scan type: Full Scan (C:\|)
Objects scanned: 131906
Time elapsed: 1 hour(s), 36 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad:
(C:\WINDOWS\system32\userinit.exe,(,C:\DOCUME~1\XXXXX\LOCALS~1\Temp\init.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume
Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP481\A0038982.ocx\GTDownDE_87.ocx(Adware.Gdown) -> Quarantined and deleted successfully.
I'm getting fed up now - will I ever get rid of this?
0 -
I would be happier if you were to update and run another scan - A quick Scan should be sufficient.
How is your computer running?0 -
Thanks Reluctant_spender.
I realised that this would be the case, so I updated and started a (full) scan straight after my last post!
Its been running about half an hour now - I'll report back asap.
I've tried not to use the pc much in the last 3 days - I'm on a friends laptop again just now. I used my machine for about an hour earlier today (to e-mail and to change my password again - I wish I hadn't, now)! The desktop icons and taskbar have returned, but the system config display always pops up when the pc is turned on. Otherwise nothing else seems to be amiss!0 -
Do you have spybot installed on your machine?0
-
At this stage id sugegst downloading HIJACK THIS
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
SCAN and post the log here to show us exactly whats happening with your computer:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards