Geeks, Lend Me Your Knowledge


#1

It’s been bugging me for a bit. After getting rid of malware on my PC (I have Windows 7) the convenient Libraries folder seems messed up in which where it usually looks like this http://www.howtogeek.com/wp-content/uploads/2010/02/2library.png is now blank. Also I can no longer change my desktop background it is still stuck on my Super Mario one I’ve had on it since November.

I went to the Windows website and tried following their instructions on what the problem could be, but in the instructions it instructs me to do a specific search on my computer, but the search gives me no results so I could never finish that method. Also if it’s any help whenever my computer tries to do an update it gives me a message telling me that it fails to update.


#2

You are boned. Back up your important files, format your hard drive, hide your kids, and reinstall Windows.


#3

Are you serious? I can’t tell if you’re joking.


#4

he’s not joking


#5

Yep, backup and reformat. And make sure to pump your comp full of anti-malware programs after you reinstall windows.


#6

Sorry, yep, I was being serious. :slight_smile:

I would consider all of your executables forfeit, just back up the data (pictures, documents, etc), format the drive, and start with a fresh install. Once your system is compromised to this extent, there is really no fixing it in place if you want to be sure.


#7

Agreed. Modern malware is so nasty that, once a computer’s been compromised, the entire Windows installation is forfeit until a reinstall; no joke. Modern bugs have the ability to hide themselves all over your system to the point that they can modify how Windows views files to hide themselves better. It’s safest to assume that the bad guys are one step ahead of the good guys (antimal vendors), because that’s usually the case.

What’s more, I would make sure not to connect your back-up drive until you’ve thoroughly bolstered your new install with anti-malware software, and then connect it and do an immediate scan of the drive until you copy the files back over. If it were me, I’d do the scan from a boot DVD (non-writable/infectable environment), but that’s a little trickier to set up. The idea is to make sure that there’s no infected data files (data files can carry malware too!) in your backup; you know what’s worse than having to do a backup and reinstall? Having to do two.

To make it a little less painful, I recommend running System Information for Windows before the wipe, and saving an HTML log from it on your backup drive; it lets you grab all the software keys of everything you have installed currently, so that they’re all in one place when you reinstall. It’s one of my favorite little utilities for computer recovery work.


#8

I’m going to assume you’ve tried this: http://www.sevenforums.com/tutorials/581-libraries-restore-default.html

If not, I’d give that a shot.

Afterward, boot into safe mode and run a scan with Malwarebytes Anti-Malware and ComboFix; just to make sure your malware problem is really gone.


http://www.bleepingcomputer.com/download/anti-virus/combofix

If the malware can’t be removed, run rkill in safe mode.

http://www.bleepingcomputer.com/download/anti-virus/rkill

This will kill any known malware programs and prevent them from interfering with a malware/virus scanner. Run Malwarebytes and ComboFix again.

For the future, consider investing in backup software, as this will save you boatloads of time instead of the old reformat/reinstall routine. There’s a lot of great third party backup software; personally I use Acronis True Image Home. I backup twice a week and I haven’t had to reformat/reinstall in years. My computer still runs good as new.


#9

Before I wipe this computer is there a way to save Microsoft Office on a usb, when I tried to all I got was mostly the shortcut files, I didn’t see the installer or exe file. From looking online some say that it would be too big, but my flash drive does hold 8gb. I also notice that they only mention of this is with the disc. I never had the disc from office. Would it still be possible to install it onto my usb stick?


#10

Office requires a proper installation. How as it installed in the first place? Install it the same way after reformatting.

Is your computer store-brand? If so, what brand?


#11

I think it was installed online. I wasn’t the one who did it, but that was the impression I got. I have an e-machines pc.


#12

you can try malware bytes to clean it and hijackthis to see if you really cleaned it. granted, you will need many years of experience to know whats going on in the hijackthis report.

I’m not sure I agree %100 with underwing that a reformat is required but I can see how a tech would hold that view. its very common in IT to have symantec Ghost ready and waiting for an office f*ck up. many times, they dont even need to leave the admin’s office to do a complete reinstall over the network. its not even technically a reinstall anyway, its a disk image but almost the same thing. I’m more oldskool. I like to do battle with said virus. there are lots of known places for a virus to be booting from. most virus’s use the internet so its not that hard to see whats going in and out and what process it comes from. you can even trace the virus back to some network address and start fucking with the russians who got you in the first place.


#13

I can relate to that; I used to be a huge fan of trying to track down where a virus came from, what it did, etc.; reading peoples’ HJT logs used to be a hobby of mine. The problem comes with rootkits; the tech is always progressing, so even anti-RK techniques are oftentimes still behind. From a boot environment you can almost always find the stuff, but I’m anal about my security once I’ve seen evidence a machine’s been compromised. Also, I’m out of the security game now (no longer do IT professionally or on the side), so I honestly wouldn’t know the latest and greatest tools to use. My primary personal machine is a Mac these days, so I have little worry of intrusion

As for the Office install: You most likely won’t have the installer on the computer itself, and you’ll get a corrupted install if you try to just copy over the application files. You need to find someone who has the same year of Office as you, then use software like System Information for Windows to recover your product key and reinstall from the original media.


#14

Fuck. Well thanks anyway guys. I guess I’ll just use Open Office in the meantime.