Hi there…panic mode is setting in. I’ve found others have experienced this issue too and I’ve been trying to follow the advice from previous posts. I’ve run the pre-scan and scan with RogueKiller and I’ve attached the report to this post. The version of RogueKiller doesn’t have the icon for “ShortcutsFix”, so I’m not sure what to do next . PLEASE HELP!!!
I should have mentioned I am using Windows 8.
What malware name did avast give the detected file(s) ?
I have no idea what malware/viruses Avast found…all I know is that when I turned on the computer this morning, it automatically did a boot scan. At the end I hit ESC to exit from it not really knowing how to proceed (didn’t want to foul anything up) and when Windows 8 rebooted and came to the home screen, only a few standard icons were there…like it had been set back to the factory defaults. I’ve been digging into the files on the computer, and my stuff is there, but previous programs are not loading properly with the data that had been stored over time, and everything has been re-arranged. Just trying to get my home screen and applications back to normal, so that when I open/launch an application, the programs load all of their files and things function properly. Does that make sense.
Check avast chest / quarantine
Ah…I found 2 things in the virus chest:
CvFVb9Ua.exe.part
SPSetup[1].exe
That is the file name … we want the malware name given by avast
I’m sorry…I must seem like a real idiot. Is this what you are looking for?
Win32:Dropper-gen[Drp]
Win32:Conduit-B[PUP]
I included a screenshot of the Virus Chest as well.
go here https://forum.avast.com/index.php?topic=53253.0
scroll down to Farbar Recovery Scan Tool … run it according to instructions and attach the two diagnostic logs here in your next reply
Thank you, Pondus, and everyone else, for your assistance thus far. I’ve run the Faber program and attached the 2 logs!
Now you wait for a log expert … It may take some hours
Thanks so much!
How did this happen as it appears that the links were moved to a temporary file and that includes the user dat file
2014-10-23 08:37 - 2014-10-23 08:38 - 16281688 _____ () C:\Users\TEMP\Desktop\RogueKiller.exe 2014-10-23 07:50 - 2014-10-23 11:24 - 00000000 ____D () C:\Users\TEMP\AppData\Local\GoldenCheetah 2014-10-23 07:44 - 2014-10-23 07:44 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Samsung 2014-10-23 07:41 - 2014-10-23 07:41 - 00001214 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk 2014-10-23 07:39 - 2014-10-23 09:19 - 00000000 ____D () C:\Users\TEMP\Documents\TrainingPeaks 2014-10-23 07:38 - 2014-10-23 07:38 - 00000000 ___RD () C:\Users\TEMP\OneDrive 2014-10-23 07:38 - 2014-10-23 07:38 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\AVAST Software 2014-10-23 07:36 - 2014-10-23 15:25 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Adobe 2014-10-23 07:36 - 2014-10-23 07:38 - 00000000 ____D () C:\Users\TEMP 2014-10-23 07:36 - 2014-10-23 07:37 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Packages 2014-10-23 07:36 - 2014-10-23 07:36 - 00001442 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-23 07:36 - 2014-10-23 07:36 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini 2014-10-23 07:36 - 2014-10-23 07:36 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Synaptics 2014-10-23 07:36 - 2014-10-23 07:36 - 00000000 ____D () C:\Users\TEMP\AppData\Local\VirtualStore 2014-10-23 07:36 - 2014-10-23 07:36 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google 2014-10-23 07:36 - 2014-09-19 09:28 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-23 07:36 - 2014-07-30 15:31 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-23 07:36 - 2014-07-30 12:57 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\ATI 2014-10-23 07:36 - 2014-07-30 12:57 - 00000000 ____D () C:\Users\TEMP\AppData\Local\ATI 2014-10-23 07:36 - 2014-03-18 06:13 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2014-10-23 07:36 - 2014-03-18 06:13 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2014-10-23 07:36 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-23 07:36 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
Hi Essexboy…just curious, are you asking me or someone else? Cuz I have noooooo idea!
You, as that is what your system is telling me.
Ah. Avast did a bootup scan on it’s own over night, and when I woke up yesterday morning, it had come to a blank screen with text that said to continue with windows bootup choose 1 of the options…I chose ESC so as not to make any changes. The system booted into Windows with everything missing/moved. So how do I get that files/folders/programs out of those temp files and back to where they were before?
First you need to copy the following from C:\Users\TEMP to C:\Users :
ntuser.ini
Desktop
AppData
Documents
OneDrive
Right click the file and folders one at a time then select copy
Then go to C:\Users right click that folder and select Paste, allow it to overwrite files if requested
Then repeat until all are copied over
Reboot and let me know if the desktop is back to normal
You the man…thank you. I’m gonna give it a go right now!