Problem Now Solved-thank You Conor

PeachyJem

Hi, earlier tonight, me and my brother downloaded a virus on a vista OS laptop, (we downloaded a program against our better judgement!! ) After running malware bytes and being asked to reboot to completly remove the virus, after log in all we get is a blank screen showing my documents page and a movable mouse. Im only able to access windows explorer by opening task manager and starting a new process. I have been searching the internet for a solution since about 6:30pm and have no luck, i have tried most suggestions. The laptop came with vista installed on it and wasn't given the disk so can't run a repair. Also Zone alarms has twice asked to allow lsass.exe to run as a server?! Is this normal? and could it be related to this problem? I have ran malare bytes again and it seems that there is no trace of the virus now. Any help would be very appreciated!

Thanks in advance

Jem :o:o:o:o:o

Conor_3

Do what you've been doing but this time, instead of running explorer.exe, run c:\windows\system32\rstrui.exe and that should fire up System Restore, allowing you to restore to a time before you downloaded the virus. I suggest going back a week if possible.

PeachyJem

Conor wrote: »

Do what you've been doing but this time, instead of running explorer.exe, run c:\windows\system32\rstrui.exe and that should fire up System Restore, allowing you to restore to a time before you downloaded the virus. I suggest going back a week if possible.

Hi, Thanks but I've already tried this, it will only allow me to go to one minute after the virus was downloaded . Im usually pretty good on a p.c(which is why i'm annoyed that i let a too good to be true program be downloaded against my better judgement!!!) but this has stumped me. i've tried various things including pressing f8 on reboot/start up also and none of the options have worked....?!?

Just to let you know that once i load explorer off task manager, everything reverts back to normal, no blank screen and all functions work, its only on boot up/ restart.....

Regeneration

Start up My Computer, then go to Tools > Folder Options > View, and under Hidden Files and Folders, uncheck the option "Launch folder windows in a seperate process". If it's not checked check it then uncheck it. Click Apply then OK. Now restart your PC and you should be all up and running again

PeachyJem

Regeneration wrote: »

Start up My Computer, then go to Tools > Folder Options > View, and under Hidden Files and Folders, uncheck the option "Launch folder windows in a seperate process". If it's not checked check it then uncheck it. Click Apply then OK. Now restart your PC and you should be all up and running again

Hi, The box was already unchecked but i still did as you said...restarted but i still have the same problem??!

Conor_3

OK...

Two things to try. First is quickest and might be the problem if you've had malware.

OPTION 1.

Fire up computer, get your desktop going as you have been then run regedit.

Navigate in the left pane to:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\

In the right pane, make sure the "Shell" entry is set to "explorer.exe". You can alter it by right clicking on shell and selecting "Modify"
If the "Shell" entry doesn't exist at all, right click anywhere in the right pane and select New then String Value. Call it Shell and then enter explorer.exe as the value.

OPTION 2.
If you have a Windows Vista installation disc, you need to restart (boot) your computer using the installation disc. If you do not restart your computer from the disc, the option to repair your computer will not appear.

If you have a Windows Vista installation disc:

1. Insert the installation disc.

2. Restart your computer. Click the Start button Picture of Start button, click the arrow next to the Lock button Picture of Lock button, and then click Restart.

3. If prompted, press any key to start Windows from the installation disc.

Note: If your computer is not configured to start from a CD or DVD, check the information that came with your computer. You may need to change your computer's BIOS settings. For more information, see BIOS: frequently asked questions.

4. Choose your language settings, and then click Next.

5. Click Repair your computer.

6. Select the operating system you want to repair, and then click Next.

7. On the System Recovery Options menu, click Startup Repair. Startup Repair might prompt you to make choices as it tries to fix the problem, and if necessary, it might restart your computer as it makes repairs.


If Startup Repair is a preinstalled recovery option on your computer:

1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer. Click the Start button Picture of Start button, click the arrow next to the Lock button Picture of Lock button, and then click Restart.

2. Do one of the following:

If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you will need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.

If your computer has more than one operating system, use the arrow keys to highlight the operating system you want to repair, and then press and hold F8.

3. On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press ENTER. (If Repair your computer is not listed as an option, then your computer does not include Startup Repair as a preinstalled recovery option.)

4. Select a keyboard layout, and then click Next.

5. Select a user name and enter the password, and then click OK.

6. On the System Recovery Options menu, click Startup Repair. Startup Repair might prompt you to make choices as it tries to fix the problem and, if necessary, it might restart your computer as it makes repairs.

PeachyJem

Conor wrote: »

OK...

Two things to try. First is quickest and might be the problem if you've had malware.

OPTION 1.

Fire up computer, get your desktop going as you have been then run regedit.

Navigate in the left pane to:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\

In the right pane, make sure the "Shell" entry is set to "explorer.exe". You can alter it by right clicking on shell and selecting "Modify"
If the "Shell" entry doesn't exist at all, right click anywhere in the right pane and select New then String Value. Call it Shell and then enter explorer.exe as the value.

OPTION 2.
If you have a Windows Vista installation disc, you need to restart (boot) your computer using the installation disc. If you do not restart your computer from the disc, the option to repair your computer will not appear.

If you have a Windows Vista installation disc:

1. Insert the installation disc.

2. Restart your computer. Click the Start button Picture of Start button, click the arrow next to the Lock button Picture of Lock button, and then click Restart.

3. If prompted, press any key to start Windows from the installation disc.

Note: If your computer is not configured to start from a CD or DVD, check the information that came with your computer. You may need to change your computer's BIOS settings. For more information, see BIOS: frequently asked questions.

4. Choose your language settings, and then click Next.

5. Click Repair your computer.

6. Select the operating system you want to repair, and then click Next.

7. On the System Recovery Options menu, click Startup Repair. Startup Repair might prompt you to make choices as it tries to fix the problem, and if necessary, it might restart your computer as it makes repairs.


If Startup Repair is a preinstalled recovery option on your computer:

1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer. Click the Start button Picture of Start button, click the arrow next to the Lock button Picture of Lock button, and then click Restart.

2. Do one of the following:

If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you will need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.

If your computer has more than one operating system, use the arrow keys to highlight the operating system you want to repair, and then press and hold F8.

3. On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press ENTER. (If Repair your computer is not listed as an option, then your computer does not include Startup Repair as a preinstalled recovery option.)

4. Select a keyboard layout, and then click Next.

5. Select a user name and enter the password, and then click OK.

6. On the System Recovery Options menu, click Startup Repair. Startup Repair might prompt you to make choices as it tries to fix the problem and, if necessary, it might restart your computer as it makes repairs.

:j:j:j:j THANK YOU!! Option 1 worked...the shell line did say explorer.exe but was also followed by another command, so that was the problem! Im so grateful for your help! Thank you very much. :beer: Here's a few drinks on me

Jem x :D:D:D:D

Conor_3

Glad to help. Looks like the malware had tried to hijack explorer by getting it to load the malware as well on startup. Apologies for having a kip before getting back to you...

LOL.