XP Home - many strange issues

[jakkwb]

Howdy folks. This one has been fun thus far. XP Home.

1. Start button is empty, except All Programs, and log off, turn off -

2. You can't see the start button because it is either off the screen to the left, or covered up by a large gray box in the task bar (see below)

3. Large gray box covering most of the taskbar except the notification area on the far right. Cannot move it, remove it, etc....(Have tried everything).

4. The start menu is on the top of the screen...

5. Ctrl-Alt-Del does nothing.

6. When you click on most programs, you get: this application has failed to start because the application configuration is incorrect. Reinstalling the app may fix this problem.

7. I can get online with IE, but the menu bar is gone - cannot fix it.

8. When I try to run a online scan, when I go to install the activex part, it says that " your security settings do not allow web sites to use ActiveX controls installed on your computer" - I have all security settings at default.

9. Safe mode does same thing.

* I have tried a repair install - no change.
* Pulled the HD and scanned it offline - nothing to speak of except "shopperreports"
* Hijackthis log looks clean (to me). I'm surprised it actually ran.

I cannot format this drive....

Where to start?

Thanks in advance.

[CCT]

Slave the drive and get anything you can.

Then zero fill, reformat, reinstall.

There are times you need to cut bait!

[Zonie]

The first thing to do would be to download Combofix from HERE Then download Malwarebytes from HERE install and update. Restart PC in safemode, turn off system restore. Run the combofix, when it reboots the PC, make sure to go back into safemode. When it is done and displays the log, close the log, then start Malwarebytes, and run full scan. Sounds like you may have a rootkit or one of the nasty trojans. Good luck.

[Niclo Iste]

The first thing to do would be to download Combofix from HERE Then download Malwarebytes from HERE install and update. Restart PC in safemode, turn off system restore. Run the combofix, when it reboots the PC, make sure to go back into safemode. When it is done and displays the log, close the log, then start Malwarebytes, and run full scan. Sounds like you may have a rootkit or one of the nasty trojans. Good luck.

I agree on trying this first. I've encountered a few infections that did exactly what you describe. it's gonna be a pain in the butt to get out if it's rooted in enough too however it can be removed.

[jakkwb]

Yah, I thought about running Combofix on it - its a regular running tool here. Wasn't sure if it would be able to run....I'll try it in a little bit.

Malwarebytes is awesome. Its the first scanner I run on boxes - I also like Asquared's scanner.

I'll post results later. Thanks for the suggestions.

[jakkwb]

Swing and a miss.

Combofix in safe mode gives me the same error message: "this application has failed to start...." as above.

[Zonie]

Swing and a miss.

Combofix in safe mode gives me the same error message: "this application has failed to start...." as above.

Try renaming Combofix to something like 123A.exe. If this does not work, run the Malwarebytes first. I have found this helps in some cases and allows the other tools to work.

[NooNoo]

You need a rootkit analyser too.

[jakkwb]

There are many apps that will not run for getting the error message listed above. Hijackthis and a few windows apps are all that I've found so far that I can use.

[NooNoo]

Then you are better off rescuing what data you can and zero filling the drive.

[Niclo Iste]

Just for future reference since this helped me on the tough infections.
1. Re-enable administrator control for applications to be run by making the appropriate changes in the registry.
2. Always rename the exe files of your tools even the installers to something that's not the same name as it would be on acquisition.
3. make a batch file for each exe and run the batch files to activate the programs.

[slgrieb]

Then you are better off rescuing what data you can and zero filling the drive.

Personally, I'd try plugging the drive into another machine and scanning it first. Assuming of course you have a machine you don't mind exposing to some risk, and the space and time requirements aren't too much of a production bottleneck. I think its worth the investment to have a machine (fairly old and slow works) that just exists to do data recovery and malware removal, along with a quiet corner for it and perhaps a KVM switch. When you have a machine where you don't trust the backup, if it has a recent one at all, it takes a lot of time to get the machine back to where it was when things went wrong. How much software has to be reloaded, how many years of updates and service packs, how many plugins, addons, and patches for them? Still, sometimes only the Nuclear Option works.

[jakkwb]

I gave up. Reformatted. I like a challenge, but....

Owner is just upset b/c I'm not going to reinstall all their pirated (maybe) software.

No original CDs, no install.

Cheers.

[slgrieb]

I gave up. Reformatted. I like a challenge, but....

Owner is just upset b/c I'm not going to reinstall all their pirated (maybe) software.

No original CDs, no install.

Cheers.

So, jakkwb, seems like there was something you forgot to mention in your previous posts. Not like that might have violated forum policy or anything.

[Niclo Iste]

I'm not taking sides but I am just going to say it is possible he wasn't aware the client was using pirated software until he requested the CDs. I come across that quite often. A client will dance around the topic and say they are still looking for them but in the end run I usually get them to admit the CD never existed. Typically I get that answer AFTER I blow away windows.