My system got some kind of virus, which crashed Explorer.exe, Iexplore.exe Now I get only blank desktop no status bar and startup panel. All I have is Task Manager (clt+alt+del). I can open application via Task manager.
I tried below steps after going through some of the forum messages
1. I tried with sfc /scannow It failed to bring up explorer back as well as iexplore
2. I tried the steps in http://www.geekstogo...udc-t17676.html
3. Even using Windows XP installation CD, I tried to Repair my system still not working
4. Also copied C:\program files\internet explore\iexplore.exe to C:\windows\system32
and renamed above copied iexplore.exe to explorer.exe
This also not working out. I found explorer.exe under c:\windows\system32 is created automatically. Even if you delete it is created automatically.
Note:- My control panel is also not working I tried to type 'control' in the task manager command line it says 'the path is not correct try using searching'
5. Here the result when I scanned my system using Norton Virus scan
***NOTE: Close this window to continue installing the product.***
=========================================================
===============PRE-INSTALL SCANNER RESULTS===============
=========================================================
Summary:
Scan finished at 11:57:18 PM on 5/26/2004.
Number of Files Scanned: 55624
Number of Infections Found: 3
Number of Files Repaired: 0
Number of Files Deleted: 3
Number of Files Left Infected: 0
=========================================================
Details:
C:\Documents and Settings\tekadm.SAPSRV\Local Settings\Temporary Internet Files\Content.IE5\8B5FIMFD\1[1].htm was infected with Bloodhound.Exploit.6. (DELETED)
C:\WINDOWS\system32\eliteuhe32.exe was infected with Bloodhound.W32.EP. (DELETED)
C:\WINDOWS\system32\ole32vbs.exe was infected with Bloodhound.W32.EP. (DELETED)
=========================================================
Here is hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 9:28:54 AM, on 5/28/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
c:\orant\bin\oracle80.exe
C:\orant\BIN\TNSLSNR80.EXE
C:\Program Files\Common Files\Panda
Software\PavShld\pavprsrv.exe
C:\Program Files\IntraPort Client\vpn5000service.exe
C:\WINDOWS\System32\taskmgr.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\InternetExplorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\InternetExplorer\Main,Search Bar =res://C:\WINDOWS\fwtdi.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\InternetExplorer\Main,Search Page =res://C:\WINDOWS\fwtdi.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\InternetExplorer\Search,SearchAssistant =res://C:\WINDOWS\fwtdi.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\InternetExplorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\InternetExplorer\Toolbar,LinksFolderName =
O2 - BHO: Class -{6F4B23DA-F796-90AD-CDF9-FF9C25D11F73} -C:\WINDOWS\mfcbq.dll
O3 - Toolbar: &Radio -{8E718888-423F-11D2-876E-00A0C9082467} -C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\CommonFiles\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\ProgramFiles\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hfyybbki]c:\windows\system32\hfyybbki.exe
O4 - HKLM\..\Run: [jjq623op] C:\ProgramFiles\jjq623op\jjq623op.exe
O4 - HKLM\..\Run: [etbrun]C:\windows\system32\elitehai32.exe
O4 - HKLM\..\Run: [sys10-859017304]C:\WINDOWS\sys10-859017304.exe
O4 - HKLM\..\Run: [SystemCheck]C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [STOPzilla] C:\ProgramFiles\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [WindowsUpdate]C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [MSN Messenger]C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\ProgramFiles\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\ProgramFiles\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SRFirstRun] rundll32srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [ipyf32.exe]C:\WINDOWS\system32\ipyf32.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe/firstlogon
O4 - HKLM\..\RunServices: [CPQDFWAG]C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\ProgramFiles\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin]C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [sysmonnt]C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [Aarr] C:\Documents andSettings\SAPServiceTEK\Application Data\ueol.exeO4 - Global Startup: Microsoft Office.lnk = C:\ProgramFiles\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search -res://c:\programfiles\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -res://c:\programfiles\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page- res://c:\programfiles\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages -res://c:\programfiles\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -res://c:\programfiles\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related -{c95fe080-8f5d-11d2-a20b-00aa003c157a} -C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -{c95fe080-8f5d-11d2-a20b-00aa003c157a} -C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\InternetExplorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\InternetExplorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE}(TDServer Control) -http://www.kumudam.com/wfplayer/tdserver.cabO16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} -http://www.alwaysupdatednews.com/install/aun_0009.exe
O16 - DPF: {D05F33E0-3F75-11D3-A176-006008944486}(Audible Words Codec) -http://download.audible.com/AM36/awrdscdc.cabO20 - Winlogon Notify: STOPzilla -C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: Network Security Service (NSS) (11Fßä#·ºÄÖ`I) - Unknown owner -C:\WINDOWS\system32\ntag32.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner -C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: Compaq Remote Diagnostics EnablingAgent (CpqDfwWebAgent) - Compaq Computer Corporation -C:\WINDOWS\Cpqdiag\Cpqdfwag.exeO23 - Service: iPod Service (iPodService) - AppleComputer, Inc. - C:\ProgramFiles\iPod\bin\iPodService.exeO23 - Service: LexBce Server (LexBceS) - LexmarkInternational, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: OracleAgent80 - oracle -C:\orant\agentbin\DBSNMP.EXEO23 - Service: OracleClientCache80 - Unknown owner -:\orant\BIN\ONRSD80.EXE
O23 - Service: OracleDataGatherer - Unknown owner -C:\orant\bin\vppdc.exe
O23 - Service: OracleExtprocAgent - Unknown owner -C:\orant\BIN\EXTPROCT.EXE
O23 - Service: OracleServiceTEK - Oracle Corporation -c:\orant\bin\oracle80.exe
O23 - Service: OracleTNSListener80 - Unknown owner -C:\orant\BIN\TNSLSNR80.EXE
O23 - Service: Panda Process Protection Service(PavPrSrv) - Panda Software - C:\Program Files\CommonFiles\Panda Software\PavShld\pavprsrv.exe
O23 - Service: SAPOSCOL - Unknown owner -C:\usr\sap\TEK\sys\exe\run\SAPOSCOL.EXE
O23 - Service: SAPTEK_00 - SAP AG -C:\usr\sap\TEK\sys\exe\run\SAPSTARTSRV.EXE
O23 - Service: Symantec Network Drivers Service(SNDSrvc) - Symantec Corporation - C:\ProgramFiles\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: VPN 5000 Service 1.00.00(VPN5000Service) - Unknown owner - C:\ProgramFiles\IntraPort Client\vpn5000service.exe
O23 - Service: ZESOFT - Unknown owner -C:\WINDOWS\zeta.exe (file missing)
Above log is also available as file
Please help, I am struggling lot to get it fixed. I appreciate if some one fix for me.