TechSpot

WIn32 Heur, AVG erased automatically aprox 1000 files

By Runefaust
Apr 24, 2009
Topic Status:
Not open for further replies.
  1. Hi all. First of all thank you for the wonderful work you all do. It sure is helpful.
    I'll explain my problem. AT first, I came across this sit, and soon after I started following the 8 step guide you guys have. Thing is, my AVG had in its Shield Resident "erase files immediately", so after the mandatory computer boot, explorer.exe wont show up in the process window, and my desktop doesnt show up or anything. I managed to connect here manually executing firefox. Can you help me, first managing to get my desktop back up and then getting rid of this virus?
    Thanks in advance
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Can you boot into Safe Mode?
    Reboot the computer> let the logo load> AFTER the logo BEFORE Windows begins to load, start tapping the F8 key and continue tapping until Safe Mode comes up.

    Once there:
    * Launch AVG Anti-Spyware.
    * From the "Status" menu, select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
    * Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".

    Boot back into Normal Mode and run the cleaning programs. When finished, attach the three logs for review.
  3. Runefaust

    Runefaust TS Rookie Topic Starter

    Thanks for replying. I tried in safe mode too and "last known configuration to work", but they both gave the same result: a completely blank wallpaper with no menu bar or icons in the desktop.

    Did the AVG Anti-Spyware thing, and well, it found 36 infections. It deleted them, but when I reboot back to Normal Mode, I get something along the lines of this:
    "Instruction in 0x006b6b97 references to memory in 0x0000000c, memory can't be read", and the blank desktop is still there.
    Oh, and I forgot to add, before this happened (the blank desktop) I started to run the 8 step thing, and ran twice the CCleaner. After that, I coudlnt continue

    Please help, I can't even update Malwarebytes Anti Malware
  4. kritius

    kritius TS Guru Posts: 2,087

    @ Bobbye,

    Maybe do an online scan, find out what exactly is infected?
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    There are a lot of people with malware- many more than there are helpers, so please be patient.

    You misunderstood my AVG Spyware instructions. I didn't want you to run it, I wanted you to shut down the Resident Shield!

    You were suppose to go into Safe Mode to do that.

    kritius, we were posting at same time. Got to find out if the system can be accessed at all!
  6. Runefaust

    Runefaust TS Rookie Topic Starter

    I'm sorry if I came out ad impatient, I'm just really scared about this. I did run the AVG Spyware and after the scan and clean, I shut down the Resident Shield, IN safe mode. Still, wouldnt let me see Desktop in normal mode. And, I dont know how to uncheck the "Start with Windows" option, since there's no visible system tray, not even in Safe Mode
  7. kritius

    kritius TS Guru Posts: 2,087

    Good point, does starting explorer manually work?

    ctrl alt del, new task "explorer.exe"
  8. Runefaust

    Runefaust TS Rookie Topic Starter

    I tried, both in Safe Mode and Normal mode, and says that windows couldn't find the file
  9. kritius

    kritius TS Guru Posts: 2,087

    Thats not good.

    It looks like explorer.exe may have become infected and was deleted.

    Would suggest running a repair installation and get the missing files back.
  10. Runefaust

    Runefaust TS Rookie Topic Starter

    OK, any suggestions on which programs I could use for that?
  11. kritius

    kritius TS Guru Posts: 2,087

     
  12. Runefaust

    Runefaust TS Rookie Topic Starter

    OK, the repair installation failed, but I managed to download another explorer.exe file. Thing is, it wont let me update Malwarebytes because I can't change the firewall setting. Whenever I try to change it, it says rundll32.exe is missing

    -------------

    I now can't install or uninstall any programs, thus preventing me from doing the 8 steps, and firewall settings are completely off liumits to me now, both in Safe Mode and iNormal Mode. I only managed to get an un updated Malwarebytes log before the installing was prevented. Please, pease help me
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    We will do what we can to help. It will be to your advantage to read carefully what we tell you and to follow the directions on the cleaning programs.

    Unfortunately, you did not check this when you ran Malwarebytes:
    When that isn't done, the malware entries, although found, weren't removed. show:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> No action taken.

    The system is badly infected with malware. Even if it can be cleaned, it's going to take additional special cleaning programs. Going by the system symptoms and the malware I see, I strongly suggest you follow what ktitius has suggested: Do a Repair Install. If this does not work, you will likely have to reformat and reinstall the operating system.

    You say that failed- how? what happened?
  14. Runefaust

    Runefaust TS Rookie Topic Starter

    it said some files were corrupted, and that there was a critical error. I guess I'll just reformat and reinstall. Thank you very much for the help, anyways
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I assume this means you got a message telling you to contact the Administrator- this means you have a policy issue.

    Good luck with the reformat/reinstall.
    I'm not convinced that's the only option you have, but troubleshooting isn't something you want to do.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.