Windows 7 64b. Another case of Bamital. I had even run a scheduled full scan the previous night with 0 threats only to somehow get the system infected with Bamital and Malware.gen the next morning.
I got a popup saying something about msnmgr and explorer.exe and that Windows Defender etc wants to download some update for a threat it supposedly detected. I don’t think I even had Defender running though because I usually run Avast. So, I immediately rebooted and found that even though the login screen still loads, I’m faced with a black screen because explorer.exe is not starting at all. I tried to start explorer.exe manually, but it refused saying that the file is infected. I can still run scans through task manager though, and all the other processes seem to load, including Avast services. I stopped 2 processes I didn’t recognize before running the scans though.
Then I got here, read the other threads about fixing this and downloaded a few more tools on another computer. I think I have everything else removed except I don’t know how to fix explorer.exe as Avast seems to be the only one even detecting a threat in there at the moment, but it can’t repair it nor move it…
mbam: Fixed a few issues after Avast.
Hitman Pro x64: Uploaded several files into some “cloud” without asking, dunno why. Fixed wininit though.
Norman Malware Cleaner: Fixed a few more issues
Dr.Web. didn’t find anything
Spybot S&D: Still managed to find something minor
CCleaner: I probably should have run this first to clean all the temporary files, cookies, etc.
I don’t think winlogon.exe was ever infected, but maybe I need to run all the scans in safe mode? However, this leads to another annoyance. In safe mode, I get explorer.exe process running with desktop and start menu, but there is also some safe mode help support window popping up in a loop every 5 seconds messing up with focus just so that I can’t run much of anything through the start menu. I’m avoiding running browsers on that system, so I’m using another computer to type this…
I was under the impression that Hitman Pro is supposed to replace the explorer.exe with a working one but as it’s not even detecting any threats, it’s not doing that. It was happy to ask me to activate the free trial to fix wininit though…
Afaik, in short, Avast still detects a threat in explorer.exe but I can’t do anything about it. That’s all though, no other threats detected.
So, is there something else I can do, or should I just call it a paper weight after all this work and start reinstalling windows 7? I hope the OEM disc still allows that, but it used to work with older Windows versions. I can attach the OTL log or other logs if still required.