February 9, 2009
Some Nifty Utilities
Just thought I'd keep a note of this site: http://www.nirsoft.net/
Some very useful system utilities and password recovery programs.
System Tray Blank or Missing
Here's an interesting problem that I just came across. One of my customer's XP computers would boot normally, except the system tray was completely blank. No icons -- just a blank bar where you wold normally see the system icons.
I checked to make sure the system tray hadn't been move to the side or the top of the screen.
I eventually found this note on one of the forums that solved the problem.
Basically you press CTRL-ALT-DELETE to bring up the task manager. From that application you can run REGEDIT from the File > New Task (RUN) option.
Once in REGEDIT you delete the following keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamsMRU
Reboot and the system tray should be accessible. In my case the system tray was squished down to just a sliver. However, I was able to move the cursor over the sliver and resize it so it looked normal.
Weird, but it worked.
February 7, 2009
How To Remove Udchniv.exe and Atthdop.exe
The symptoms of these two spyware infections is that some Windows functions such as Add/Remove Programs and the Task Manager will automatically close before you have a chance to run them.
Also, doing searches for keyphrases like udchniv.exe will cause the Internet Explorer window to suddenly close.
To remove these two spyware programs is relatively easy using Malwarebyte's Anti-Malware program.
However, there is one gotcha: These spyware programs run in the background and prevent you from running the Malwarebyte installation and application.
So here's the trick to use. What you do is rename the mbab-setup.exe file to something like fred.exe. This will allow you to run the installation program since the spyware program is actually looking for the filename mbab-setup.exe.
Now once the program is installed, you'll also have to change the name of the application as well before running it since the spyware is also monitoring the application filename.
Navigate to C:\Program Files\Malwarebytes' Anti-Malware\ and rename the file mbam.exe to fred.exe or bob.exe or any of your favorite relatives. :) Run the renamed application filename and Mal's program should remove both udchniv.exe and atthdop.exe
January 4, 2009
Unable to Install or Run Malwarebyte’s Anti-Malware
I recently had to clean up a case of MS Antivirus 2009. As usual, I went straight for Malwarebyte's Anti-Malware program.
However, when I clicked on the mbab-setup.exe icon nothing happened.
After a bit of research I found that this is because some variants of the Antivirus 2009 spyware will actually block the installation of certain spyware cleaners.
The easy fix for this is to rename the mbab-setup.exe program to something else -- like joe.exe.
This allowed me to install Ma'ls program -- with one caveat. I could only install the program from Safe mode and I could only run the application from Normal mode!
Be that as it may, Mal's program was able to clean up the majority of the Antivirus 2009 spyware and I later ran SuperAntispyware to clean up the rest of the spyware bit and pieces.
*Note - Antivirus 2009 infections could also have TDSServ Rootkit infections so keep an eye out of TDSSxxx files in the c:\windows\system32 directory. One of their side effects will be a hijacked browser so if you see any TDSSxxx files in that system32 directory then manually delete them if you have to.
October 8, 2008
How To Remove AntiVirus 2009 Spyware
Recently a customer got fooled into thinking that AntiVirus 2009 was a legitimate antivirus program and somehow downloaded the program.
Suffice it to say that Anti Virus 2009 is really another sad bit of spyware disguised as a legitimate program.
Luckily it seems easy to remove. Just download Malwarebytes' Anti-Malware program and run a quick scan to remove the Antivirus 2009 spyware.
http://www.malwarebytes.org/mbam.php
July 21, 2008
Restoring The Task Manager and Desktop
I recently cleaned a computer that had scores of spyware infections. I noticed after the cleaning there were still two problems:
1) I was unable to press CTRL-ALT-DELETE to bring up the mananger
2) The desktop properties were missing tabs
To restore these features, go into regedit and navigate to this key:
HKEY_LOCAL_MACHINE
SOFTWARE
MICROSOFT
WINDOWS
CURRENTVERSION
POLICIES
SYSTEM
Set the data for any desktop or task manager keys to 0 and that will restore their functionality.
How To Remove Fling Fubar Boomj and System Defender
Yet another strain of spyware going around the net. This one pops up windows with a variety of titles and URLs such as:
Fling.com
Fubar.com
System-defender.com
Boomj.com
After running my usual list of cleaners that I use for removing adyieldmanager, I found that I also needed to run Malwarebyte's Anti-Malware program which you can find here:
http://www.malwarebytes.org/
The system I was cleaning showed a lot of trojan.vundo infections. I ran Mal's program twice and that seemed to clean it all up.
November 20, 2007
Windows File Protection: Files that are required for windows
Recently came across this error: Windows File Protection: Files that are required for windows to run properly have been replaced by unknown versions; Windows needs to restore these files to function properly.
There seems to be lots of fixes to this related to re-registering DLLs.
The first DLL I tried seemed to work:
Click Start, click Run, type regsvr32 initpki.dll, and then click OK.
What luck! :)
October 3, 2007
Missing Control Panel on XP
A recent WinSys virus caused the control panel on an XP system to go missing.
There are two way to try and restore it:
1) Right click on the Start.
2) Click Properties.
3) Select the Start Menu tab.
4) Select Customize.
5) Go through the list. If you're lucky, you'll see Control Panel that you can check.
If the above doesn't work, then try this set of procedures I found on http://www.annoyances.org/exec/forum/winxp/1191368503
1) Click Start, Run and type "regedit.exe" Press {ENTER}
2) Navigate to the following branch:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorÂer
3) Backup the key by exporting it (from the File menu, choose Export) as a REG file.
4) In the right pane of the above key, delete the value named "NoControlPanel" (if found)
5) Repeat the same in this branch:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ExploÂrer
6) Exit the Registry Editor.
The second procedure worked for me.
October 1, 2007
Winsys.exe Virus Unable To Run Regedit
Winsys.exe virus recented infected one of my customer's computers. Two side effects:
1) Regedit is disabled.
2) No Control Panel under the start menu.
Boot to Safe Mode and run SDFix.exe. You can download it from this site:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
You may also need to run Hijackthis to remove a regedit disable key. Run Hijackthis and search for regedit. Check off the item to remove it.
This should allow you to run Regedit.
To restore the Control Panel, see the next posting.