desktop not loading-virus?

[skbehan]

Hi,

Im having problems with loading windows explorer. I think I got a virus from torrents that I was downloading. I ran scans with Malwarebytes anti-malware and NIS. Here's what came up in the last 2 malwarebytes scans:

Files Infected:
C:\Windows\System32\sSmNhhIy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\yIhhNmSs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yIhhNmSs.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ugoacipi.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\ipicaogu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\urqqNgDV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ptgttuaq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5HT4LEQ\tuhvzqdrv[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\tem6747.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\tem8091.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\tem823A.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\tem825.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\temA11F.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\temD4B9.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Windows\System32\gsbgqpwwfw.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Windows\System32\crypts.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\iiFwtUNE.dll (Trojan.Agent) -> Delete on reboot.
C:\d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mssrv32.exe (Rootkit.Agent) -> Delete on reboot.
C:\Windows\System32\pmnlkHBr.dll (Trojan.Vundo) -> Delete on reboot.


Files Infected:
C:\Windows\System32\iiFwtUNE.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\pMddBTNF.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mssrv32.exe (Rootkit.Agent) -> Delete on reboot.
C:\Windows\System32\pmnlkHBr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fCRhHyXq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iifcyYoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully


If you could help at all that would be great.

Thanks,
Sarah

[koala]

Hi Sarah, welcome to TSF

Please follow these instructions (5 pages) and post the requested logs in a new thread here.

The security forum is extremely busy, so please be patient and you will receive a reply as soon as possible. If you go to Thread Tools > Subscribe at the top of your new thread you will receive an email as soon as a reply is posted.

[cesarhc]

I had the same problem after removing viruses using Avast!. Finally, after rebooting the computer, the desktop does not load. I pressed Ctl-Alt-Del to open Task Manager, then from File menu, I chose the New Task (run) option, I typed regedit and opened Windows Registry for editing. In HKLM\Software\Microsoft\WindowsNT\CurrentVersion\winlogon I noticed that the value for Shell was blank, so I typed C:\windows\explorer.exe. And the problem was solved..

[Townx]

Quote:

Originally Posted by cesarhc

I had the same problem after removing viruses using Avast!. Finally, after rebooting the computer, the desktop does not load. I pressed Ctl-Alt-Del to open Task Manager, then from File menu, I chose the New Task (run) option, I typed regedit and opened Windows Registry for editing. In HKLM\Software\Microsoft\WindowsNT\CurrentVersion\winlogon I noticed that the value for Shell was blank, so I typed C:\windows\explorer.exe. And the problem was solved..

I just registered only to thank you caesarhc! You saved me a lot of work and time.

And just in case someone else found this thread through a google search and your desktop also keeps blank after log on:
I had a trojan which was routing my explorer start-up through its own routine. Cleaning caused the virus to die, and my Explorer did not start anymore.
So you just have to set (for Vista)
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
to C:\windows\explorer.exe (like caesarhc decribed it already- again thx!)


oh... and so for resurrecting an old post....