Corrupted Shell

Question

Its me again. After fixing problems on both of my computers, I downloaded Microsoft Security Essentials, since I had no AV. A few days after, it said a file was corrupted, and that (I forgot what it was called, but its the fake anti-virus malware that says its from MSE, when infact its malware) needed to be downloaded. Well, seeing as how I have never used MSE, I thought it was legit, and then I got infected with malware. I already had Malwarebytes on my computer, so I ran a scan and fixed it, but I followed what they said on ( I've forgot the name, but I use them alot) and I downloaded their Shell to fix it because the malware ,messed up my explorer.exe) And now my explorer gets messed up some times. On booting up, I have to: Task manager>processes>close explorer.exe(says it running when its not)>new task>explorer.exe.  That fixes it, but it will also randomly go out and I need to do that again. I also have my theme set to Windows XP silver, and it will start flashing and change to the Windows classic theme--Also, I don't know if this has anything to do with it, but now my 'audio device' stops working, and the only way to fix it is to reboot. I don't know if it has anything to do with it, but it seems I didn't have these problems till I fixed my explorer.

Answer 1

>

There, I uploaded it to my photobucket, but the imageshack link works fine for me. Anywho, thats what I mean, its like they are both trying to be my taskbar. I'm not blaming BleepingComputer, but I just seems that since I used their shell to fix mine, that it has something to do with it.

Also, I have Norton Anti-virus, I know that not everyone likes it, and every one says its lame, but I got a year of it free, and I've never had any problems with it myself.

~Red

Answer 2

ThinkPoint is quite popular these days and the removal process is well documented and I have gotten infected with it many times on purpose to help understand how to remove it and used a few removal methods that are ineffective.  Sometimes it would appear that whoever comes up with these removal ideas has never gotten infected on purpose 50 times and then actually removed ThinkPoint successfully 50 times.  That would help.

But, I think the Bleeping Guide is the most reliable for ThinkPoint removal.

I also can't see your ImageShack picture.

Your msinfo32 stuff looks fine to me.

Sometimes malicious software removal leaves behind things that must be adjusted by hand since things like MBAM can't tell if some malicious software made the changes or you made the changes to settings, so it just leaves them alone (this is usually a good thing).

If you can't get satisfaction in this forum, Bleeping Computer is where I would go.  They also have a built in mechanism to their forum to upload/embed screenshots too... but ImageShack is also good.  Screenshots are really most helpful.

You can also post in the Bleeping Computer Am I Infected forum for concentrated malware help and they will help you to be sure you are free of the malware.

They will move your topic to the regular XP forum if/when they believe you are not infected if you have other issues and the regular folks can resume problem resolution.

Try your screenshot again and test the link to ImageShack yourself to be sure it works and edit your reply with the link until it does work.

---

Do, or do not. There is no try.

I need YOUR votes and points for helpful replies and Propose as Answers. I am saving up for a pony!

Answer 3

Alright. I couldn't remember then name of the malware, but I found it. It was ThinkPoint*.* The rogue anti virus that acts like its from MSE. I have never used MSE, so when it came up, I thought it was part of MSE. But anywho, I Googled how to remove it, and I found a guide on www.bleepingcomputer.com <-guide. If you go through the guide, they have a shell for you to download to fix what the virus messed up. It helped me get the malware off, but now my task bar and such are all messed up. It looks like the Windows classic and XP theme had a baby.

--> Here it is <--   

System info

OS Name Microsoft Windows XP Home Edition

Version 5.1.2600 Service Pack 3 Build 2600

OS Manufacturer Microsoft Corporation

System Name HP23691065722

System Manufacturer Hewlett-Packard

System Model HP Compaq dx2300 Microtower

System Type X86-based PC

Processor x86 Family 6 Model 22 Stepping 1 GenuineIntel ~1596 Mhz

BIOS Version/Date Phoenix Technologies, LTD MS7336 1.12, 5/13/2008

SMBIOS Version 2.4

Windows Directory C:\WINDOWS

System Directory C:\WINDOWS\system32

Boot Device \Device\HarddiskVolume1

Locale United States

Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"

User Name HP23691065722\Christopher

Time Zone Central Standard Time

Total Physical Memory 512.00 MB

Available Physical Memory 43.08 MB

Total Virtual Memory 2.00 GB

Available Virtual Memory 1.95 GB

Page File Space 1.39 GB

Page File C:\pagefile.sys

Oh and no I don't have a boot CD, either this computer(like my laptop) didn't come with one, or I lost it.

Current Anti-virus: MSE and Malwarebytes.

Working CD Drive: Yes, but not DVD.

~Red

Answer 4

You need to tell us more about your system and use some other malware scanning tools (besides MSE), make sure the system is reasonably clean, then start troubleshooting remaining issues.  

No single scanning tool can fix and detect everything and MSE is just "okay" (IMO).  You should be using more than one program to keep your system running smoothly. Remember that Microsoft is not in the malicious software prevention, detection and removal business - that is not their job.  

If you are compelled to use MSE (since it come from Microsoft), you need to supplement MSE with some other products from companies where malicious software prevention, detection and removal is their only job and that is all they do... and I read you ran MBAM already.

If your explorer.exe is afflicted or even suspicious, you can just replace it (this is not difficult).

What do you mean "I downloaded their Shell to fix it"?  Who has a shell you downloaded (where and what is this Shell you downloaded).

It does not make sense to try to troubleshoot problems on a system that one knows nothing about and might also be afflicted with malicious software.

Please provide additional information about your system:

What is your system make and model?

What is your XP Version and Service Pack?

Describe your current antivirus and anti malware situation:  McAfee, Symantec, Norton, Spybot, AVG, Avira!, MSE, Panda, Trend Micro, CA, Defender, ZoneAlarm, PC Tools, Comodo, etc.

Does the afflicted system have a working CD/DVD drive?

Do you have a genuine bootable XP installation CD (this is not the same as any Recovery CDs that came with your system)?

Click Start, Run and in the box enter:

msinfo32

Click OK, and when the System Summary info appears, click Edit, Select All, Copy and then paste the information back here.

There will be some personal information (like System Name and User Name), and whatever appears to be private information to you, just delete it from the pasted information.

This will minimize back and forth Q&A and eliminate guesswork.

Perform some scans for malicious software, then fix any remaining issues:

Download, install, update and do a full scan with these free malware detection programs:

Malwarebytes (MBAM):  http://malwarebytes.org/

SUPERAntiSpyware: (SAS):  http://www.superantispyware.com/

They can be uninstalled later if desired.

When the scans run clean, then troubleshoot any remaining issues.

---

Do, or do not. There is no try.

I need YOUR votes and points for helpful replies and Propose as Answers. I am saving up for a pony!