Please Help, desktop inaccessible issue

[Steltek]

What make and model of SSD are you running? Also, if you haven't yet done it,, a MEMTEST86+ diagnostic wouldn't hurt at this point either. Does the problem occur if you boot to safe mode?

If you have to reinstall, you should be able to download the Win7SP1 ISO from Digital River. You'll probably have to call in to activate it, but it shouldn't otherwise be a problem.

 

[schmuckley]

Wipe it and start anew.

 

[Cyberia123]

I am performing a repair..will get back when I know more.

 

[Cyberia123]

The Repair from the Windows Install disk DID.NOT.FIX.IT.

@Steltek - It's a OCZ Vertex3

 

[Virgorising]

The Repair from the Windows Install disk DID.NOT.FIX.IT.

@Steltek - It's a OCZ Vertex3

Cyberia....I felt immediately you were infected. As I posted. Why, after U said you had run AV and nothing....I put up link to MBAM.

Then, Ketchup79 was smart enough to ask the details of what it had found.

Bad part: I was too ignorant to know the reality of what it found!

But Bubbaleone....wasn't! He knew every part of each one!!!! And that was the most important thing of all!

I also put up as link to Combofix as U may recall. Please use it and run it. As Bubbaleone said, the only shot u have at maybe getting a repair install to work...and no guarantee---is, if you get rid of every trace of those very serious PUPs. It was they that messed U up!

So, please use my link somewhere above and run Combofix..... THEN, try another repair install. If it then works, that will be awesome. If it doesn't, you will know, even if all traces of them are gone, one or more messed up yr system files beyond repair you have to do a clean install.

Pls report back.

 

[Steltek]

The Repair from the Windows Install disk DID.NOT.FIX.IT.

@Steltek - It's a OCZ Vertex3

The fact that it is an OCZ SSD may be part of the problem - I've replaced more of them than I can count and some multiple times. If you have a spare hard drive you might try cloning an install over to the hard drive, running a repair, and seeing if it will boot.

 

[Cyberia123]

Hi guys, thanks for the replies. I didn't do anything with it today, I just wanted to let the failure of the Repair roll around in my brain and figure out what that meant.

At this point I agree, it's GOT to be a malware infection. That's why the repair failed, the files aren't corrupt, it's a setting or config that the malware changed and the repair imported it too.

I've run Memtest, Intel Burn, chkdsk, sfc, and a few other diagnostics, I don't think it's a hardware issue. It's too consistent. A memory or cpu problem would manifest in other aspects, programs crashing graphical glitches in games, etc

I suspect malware butchered some inproc process or config or registry setting, but in some "legal" way that Windows or utilities shrug it off as "that's the way he has it setup".

I also finally remembered what I was doing right before this happened and I did get forwarded to a nefarious DL site with a thousand links and I did click one accidentally (yea, surrrre I did. Beat ya to it. But no, really) and then immediately click BACK. It happened so fast I didn't even remember later. Normal websurfing erata, stuff we all tune out. But that's where it happened, I'm sure of it now.

I'll try combofix

 

[Cyberia123]

Combofix found a number of xxxx.msi files, in users/apps/roaming/...
and two more in windows/syswow64

But the problem still exists

 

[Ketchup]

Combofix found a number of xxxx.msi files, in users/apps/roaming/...
and two more in windows/syswow64

But the problem still exists

When I find a computer that far gone, I usually suggest the person back up and re-install everything.

Having said that, you might give Kaspersky Rescue Disk a try. You will actually burn it to a CD and boot from it.

 

[Virgorising]

When I find a computer that far gone, I usually suggest the person back up and re-install everything.

Having said that, you might give Kaspersky Rescue Disk a try. You will actually burn it to a CD and boot from it.

Excellent. Sad, but excellent.

Good you remembered the event re the nefarious DL site!

You were hit by some kinda uber, decimating infections, boy!:|

When you get up and running again pls consider revisiting your protection apps, you need a good firewall & real time protection from an AV with good protection/detection stats, and maybe also getting MBAM pro to run along with it in real time, to preclude those evil PUPs from getting in in the first place.

 

[C1]

Actually have been thru things like this with other people's stuff. Malware can be seemingly impossible to remove manually.

NEVER SURF OR OPERATE ROUTINELY WHILE IN AN ADMINISTRATOR PRIVILEGE ACCOUNT WHILE YOUR ON LINE. THIS IS A SECURITY VIOLATION ! (You can infect a business' whole internal network/LAN in this way.) If that's what you did then consider it a lesson learned.

Always create a separate non-Administrative account for use with normal on line activities.

What happened to you BTW, is why I prefer using Centurion's "DRIVE SHIELD" for security (ie, a Sandbox solution).

 

[Virgorising]

What happened to you BTW, is why I prefer using Centurion's "DRIVE SHIELD" for security (ie, a Sandbox solution).

I right off went to find out what this is.....but it seems it is only compatible thru XP? Is that possible???
http://www.driveshield.com/about.htm

 

[Cyberia123]

Guys, I think I got it!

Bad News - I figured it out AFTER I did a secure erase and reinstall of Win7, so I have to reinstall EVERYTHING, then re-tweak EVERYTHING. I soooooo wish I figured this out an hour earlier.....

Good News - Besides fixing the issue, my SSD needed a Secure Erase and reinstall anyway.

I'll get back with the details, but in short it WAS hardware, not malware.

You won't believe it.

 

[Virgorising]

I'll get back with the details, but in short it WAS hardware, not malware.

Errrrrr.....I disagree. You truly were seriously infected, and at this juncture, given all we've learned, it does seem that was your initial issue.

 

[Cyberia123]

Oh there was an infection, but it wasn't causing the taskbar issue/drag-and-drop/windows issues.

IT WAS THE MOUSE.

Of all the things. Mouse3, the Scroll BUTTON (not the scrolling, but the button itself) was permenentlt depressed, and that caused all sorts of focus and drag-and-drop problems.

I noticed this in rage, because after a full erase on the SSD and full reinstall, the problem reoccurred. I squeezed the mouse in anger and ding... things started working!!
I noticed I could force Mouse3 sometimes and toggle the problems away. So I put a new mouse in and voila! Fixed!

I've never seen this type of issue before, but it makes sense.

Again, no doubt about the malware, and I'm glad it's gone too. And the SSD needed an erase (I keep telling myself that to make this whole thing not taste so bad)

Now, can someone recommend a good imaging program? I want to make a full snapshot of the C drive right now and archive that.

 

[Ketchup]

Thanks for sharing the outcome Cyberia123. Not something I would have guessed without being there.

I don't image very much outside of VM's. In those situations, however, Todo Backup has been a great (and free) resource for me.

http://www.todo-backup.com/products/home/free-backup-software.htm

 

[Virgorising]

IT WAS THE MOUSE.

That you came to that.....was brilliant.:thumbsup:

 

[VirtualLarry]

Once that's been accomplished then you can perform an in-place upgrade to repair the damage, but remember this cardinal rule: The media must be the same bitness and service pack version as the system being repaired.

This is a new rule for Win7 (and beyond). In WinXP, you could run a repair install on a different SP revision than your current install. If it was a lower SP, it could break things, that would need to be re-installed, and if it was a newer SP, it would upgrade you. (Yes, I've tested this.)

In Win7, MS added the restriction that the repair media had to be the same SP as the currently-installed version. Which was just great if you had original retail media, but had installed SP1. Thankfully, I have the DR downloads for SP1-U too, so I should be covered.

 

[Virgorising]

This is a new rule for Win7 (and beyond). In WinXP, you could run a repair install on a different SP revision than your current install. If it was a lower SP, it could break things, that would need to be re-installed, and if it was a newer SP, it would upgrade you. (Yes, I've tested this.)

In Win7, MS added the restriction that the repair media had to be the same SP as the currently-installed version. Which was just great if you had original retail media, but had installed SP1. Thankfully, I have the DR downloads for SP1-U too, so I should be covered.

Good info. I hadda do a repair install in this system a while back....worked normally. But I can't remember if I had SP1 at the time. Pretty sure I did, tho!!!

I do adore "break things." :biggrin: