Tech Support Forum banner
Status
Not open for further replies.
1 - 1 of 1 Posts

· Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
Hi all,
Firstly, sorry if this belongs in security, I don't feel this is malware related, but I could be wrong... if so I'll shuffle over there.

I've come across a problem machine that I've been beating my head against for the last few days and thought I would seek some advice here. Here's the problem. Customer of ours brought in a pc, said that he was missing all the desktop icons after he logs in. I hook the pc up on our bench to take a look, It's a Dell Dim E310 running XP-MCE that I had updated to sp3 on it's last visit to our shop back around 10/27/09. Windows loads, and I log in and get the background wallpaper, but no icons or task bar.

Here's what I've done so far... Firstly I attempted to run explorer.exe from the task manager. I see the process fire up in the task list, I get the task bar at the bottom, then bam it's gone. Process dies and task bar is gone. No errors or any indication of why it died. So I figure probably some sort of infection.. take the typical steps. I pull the drive and hook it to our tech machine. After imaging the disk I scan it with Kasperskys online scanner, and the Microsoft security essentials beta.

Kasperskys finds two items, a 'Suspicious: Trojan-Spy.HTML.Fraud.gen' in the inbox.dbx file and in a deleted file in the recycle bin. MSE finds 2 files in the java temp folder that it removes as well. At this point, I mount the software hive of the registry and check several critical keys (run list, appinit, shell, userinit, notify list, etc.) all of which are clean and as they should be. I reinstall the drive and get back to where I was, and copy over Malwarebytes, Super anti-spyware, Combofix and a few other tools to my jumpdrive.

I scanned the pc with mbam and sas, which results in finding a few cookies, but no other items. I test running explorer again, and have the same results. At this point I'm thinking it has to be some form of corruption in the windows install, I run sfc, check the event log which is clean of errors, and even re-check the registry for anomalies. Everything checks as it should that I can think of. At this point wondering if it's a broken explorer, I pull out of the i386 folder on the drive a fresh explorer.exe, and attempt to run it which results in a 'program too big to fit in memory' error. I also attempted to run combofix, which resulted in an absolute 'access denied' which I find baffling.

I can only think of one last thing to try... I drag out our Dell cd's and perform a repair install. It completes successfully, but after the reboot... still fails. I've spent the weekend thinking about this problem and it's really bugging me. I've put the image back, so it's now as it was when it came in... but I'm out of ammo for now. Does this sound like infection or broken install? Does anyone have any suggestions, because I'll try about anything.

Awaiting a rope,
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top