Help! facemoods infection

By spkenny
Jan 27, 2012
  1. I am currently working on a computer that was reported as working fine before a program called facemoods was installed. As it is, the registry seems to have been affected as anything I try to install from kaspersky to malwarebytes, leads me to an incomplete install screen, meaning the buttons for next and cancel for example show but dont have the words next or cancel, they're blank. Going to system restore, or msconfig for another example, the window opens up, but there is nothing inside the window to navigate or see. I have done external scans with the hard drive with malwarebytes, pctools spyware doctor, and kaspersky pure. I know that with other infections I have dealt with, the 'open with' problem was dealt with by merging a downloaded .reg file that I have on disk for xp and vista. Is there a .reg download I can merge for windows 7 to fix this issue so I can actually install programs to scan within the system? Or is there a step I'm missing that you might suggest. I should finally mention the owner of this computer did not have any protection on whatsoever to begin with. Might just need to do a reformat
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You shouldn't have to reformat for this. The entries should be visible in the logs. It would be best if you stop attempting fixes and let us help you.

    I need to clarify a couple of things though: if sounds like you have more than just Facemods. When you open a Window, does it appears that the contents are 'missing'? If this is the case, please do the following:
    Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    Note: Unhide does not remove the malware- only the attribute causing the 'missing' feature, so it's important that you continue.

    When you say you've had the 'open with' problem, when does this come up? As you may have seen, there are some nasty rogue program making the rounds and they cause a variety of problems. The 'fix' for ll is not the same though, so maybe you can pin it down:
    1. Do icons, programs desktop seem to be missing?
    2. Are you having a problem opening .exe files?
    3. Are you getting error messages and alerts about 'critical' system problems or fake scans?
    4. Do you have an internet connection?
    Answers to the above and the following preliminary scans will help me determine how to resolve the problems.

    Please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry- this was my mistake on dup. Please post the logs when ready.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...