Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win64-Sirefef (Windows 7 - 64bit) [Solved]


  • This topic is locked This topic is locked

#61
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
I don't have any idea how to fix that. :whistling:

I have one more shot. Try again and select the option Lock Web Itens on Desktop.

:thumbsup:
  • 0

Advertisements


#62
AnthonyOhio

AnthonyOhio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
WhiteHat,

I understand, it would be impossible to know every virus, malware and varient. I do appreciate your help so far and I can use the computer; which was not possible before.
Thank You very much!

Should I post another topic to get help on the icons?

Again, Thank you.

Anthony
  • 0

#63
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Sorry for delay, I'm almost without time to access Geeks To Go.

I received help from EssexBoy, let's see if his tips will work:

Right clicking in blank area of the desktop, click on "personalize", then in the upper left corner is an option to click on "change desktop icons". In the drop-down box is a line that says "Allow themes to change desktop icons." The box to the left was checked on mine, so I clicked on the box to uncheck it.
Posted Image
  • 0

#64
AnthonyOhio

AnthonyOhio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hello WhiteHat,

The box was unchecked on my system. I checked it and logged off and back on. All icons moved back to the left again.

Some part of this virus is lingering....

What should I do next?

-Anthony
  • 0

#65
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
- Lock icons on desktop
- Set a new restore point first

To lock your desktop icons into place, first arrange it carefully the way you want it to be, then start>run>type regedit>registy editor will open
click on the + NEXT TO THE FOLLOWING

+ HKEY_CURRENT_USER
+ Software
+ Microsoft
+ Windows
+ CurrentVersion
+ Policies
then click on
Explorer.

Right-click in the right pane and hover over New,
choose DWORD Value
in the high lighted box type NoSaveSettings and press the Enter key.
Right-click on the new NoSaveSettings item and select Modify.
Enter 1 in the Value data box.
exit registry editor
After this, whenever you restart Windows, your settings will return to their current state.

if you dont want this function any more just go back in and delete nosavesettings key
  • 0

#66
AnthonyOhio

AnthonyOhio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
WhiteHat,

I tried this a couple times and it does not work. Icons move to the left every time.

Thoughts?
  • 0

#67
AnthonyOhio

AnthonyOhio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
WhiteHat,

Running a RogueKiller scan revealed registry issues related to ZeroAccess

Here is the report:

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : A [Admin rights]
Mode : Scan -- Date : 10/02/2012 11:16:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\A\AppData\Local\{a486cfc5-6118-a1ec-04a1-c8635ee18d0e}\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Seagate ST95005620AS +++++
--- User ---
[MBR] 7e41b9b220840e53479af199657ec43b
[BSP] 043484c3b9126deab5df41705fa6fa64 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 461010 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 947222528 | Size: 14429 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA MK7575GSX +++++
--- User ---
[MBR] 4967f38a7e382545a4c1487c0b66fc75
[BSP] ee6117e6635ec72348fabcbc75883941 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 2048 | Size: 715403 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt
  • 0

#68
AnthonyOhio

AnthonyOhio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
That appears to be the fix, WhiteHat.

I allowed RogueKiller to delete the entries and the Icons are staying where I put them.

I will continue to watch and scan the computer over the next few days.
  • 0

#69
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Sorry for delay.

I allowed RogueKiller to delete the entries and the Icons are staying where I put them.

Good to know.

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove OTL

Run OTL and hit the Posted Image cleanup button. It will remove all the programmes we have used plus itself.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.
  • 0

#70
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP