Virus Removed but Black Wallpaper and Icons Missing

Hi Guys,

I have a similar issue as this post: http://forum.avast.com/index.php?topic=79419.0 .

My computer was infected by the Alureon virus, but I think I deleted it (or most of it at least). Now the wallpaper is still black, and my desktop icons have disappeared.

I’m running windows 7 and the virus was DOS/Alureon.E.

Here is what I have done now that I think the virus is gone.

1.) Ran Unhide.exe. The Icons have come back, but my wallpaper is still black.

2.) Ran RogueKiller. It found a few items, but I did not delete them. Please see the report below:

RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Scan – Date: 03/20/2012 17:32:48

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKLM[…]\System : ConsentPromptBehaviorAdmin (0) → FOUND
[HJ] HKLM[…]\System : EnableLUA (0) → FOUND
[HJ] HKCU[…]\Advanced : Start_ShowMyGames (0) → FOUND
[HJ] HKLM[…]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) → FOUND
[HJ] HKLM[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) → FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS723232A7A364 ATA Device +++++
— User —
[MBR] 207ab831c214298abb57f13666f37bfb
[BSP] 2fab74a01c42e1238679852242b73846 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305134 Mo
User = LL1 … OK!
User = LL2 … OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

3.) Ran aswMBR.exe. Please see the report below:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-03-20 17:43:41 ----------------------------- 17:43:41.827 OS Version: Windows x64 6.1.7601 Service Pack 1 17:43:41.827 Number of processors: 2 586 0x603 17:43:41.827 ComputerName: ROB-NOTEBOOK UserName: 17:43:44.183 Initialize success 17:43:44.776 AVAST engine defs: 12032001 17:44:09.361 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 17:44:09.361 Disk 0 Vendor: Hitachi_HTS723232A7A364 EC2OA60W Size: 305245MB BusType: 11 17:44:09.408 Disk 0 MBR read successfully 17:44:09.408 Disk 0 MBR scan 17:44:09.424 Disk 0 Windows 7 default MBR code 17:44:09.439 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 17:44:09.455 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305134 MB offset 206848 17:44:09.471 Disk 0 scanning C:\Windows\system32\drivers 17:44:17.988 Service scanning 17:44:29.844 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32 17:44:42.527 Modules scanning 17:44:42.543 Disk 0 trace - called modules: 17:44:42.574 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 17:44:43.104 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ca4060] 17:44:43.104 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8007ca3450] 17:44:43.120 5 hpdskflt.sys[fffff880019842bd] -> nt!IofCallDriver -> [0xfffffa800783f1e0] 17:44:43.135 7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007852060] 17:44:44.680 AVAST engine scan C:\Windows 17:44:47.254 AVAST engine scan C:\Windows\system32 17:47:46.872 AVAST engine scan C:\Windows\system32\drivers 17:48:08.635 AVAST engine scan C:\Users\Administrator.Rob-Notebook 17:48:28.291 AVAST engine scan C:\ProgramData 17:49:24.950 Scan finished successfully 17:50:49.533 Disk 0 MBR has been saved successfully to "C:\Users\Administrator.Rob-Notebook\Desktop\MBR.dat" 17:50:49.549 The log file has been saved successfully to "C:\Users\Administrator.Rob-Notebook\Desktop\aswMBR.txt"

4.) Ran OST but the post keeps telling me that the txt file is too big to upload?

Thanks for your help!

Thanks for the quick response.

I did run mbam in safemode yesterday, and blew away a couple viruses.

Thanks for the personalize suggestion as I was able to get a wallpaper back up there!

Thanks… I ran TDSSKiller, too. :slight_smile:

Please wait for one of our malware specialists to pick up your thread. Go here and follow all instructions to the letter. Post all logs of programs run here in this thread, not in the LOGS topic.

http://forum.avast.com/index.php?topic=53253.0 A malware specialist will be by shortly.

You can attach all logs using “Attachments and other options” link below. We have three specialists here and you will be in good hands.