A friend of mine dropped off her Compaq laptop the other day, apparently it had been running slow and a friend of hers came round and “did stuff” to “sort it” – unfortunately it didn’t go to plan, and instead of the system performance improving as a result of the activity – it deteriorated to the stage where XP would display a blank desktop on startup (as in no taskbar, start menu, desktop shortcuts or anything).
So this was the state it was in when I got it. Here’s what I did:
Step 1: Get access to Windows Explorer
Hit ctrl-alt-delete – this only worked after leaving it alone for a couple of minutes after boot-up. Click “File>New Task (run) and type “explorer”. This brings up the windows desktop furniture.
Step 2: Find out why it isn’t loading
I wondered what her friend did.. I looked at the most recent installed apps in Programme files – there was an app called “TuneUp Utilities 2009″. A likely suspect I thought. In the wrong hands these tweak/tuneup utils can do more harm than good. I loaded up the app and undid all the “fixes”
Step 3: Check a little deeper
Restoring the TuneUp files didn’t solve the explorer.exe problem, so I figured that something else must be up with it. I suspected malware. I have rescued several Windows systems from malware (spyware, trojans etc) before using a great bit of software called MalwareBytes AntiMalware. I couldn’t get the faulty system to read the installer from my USB drive, so I had to burn it off onto CD. While I was doing that – I also stuck ‘FixShell‘ on there (a visual basic script that restores explorer.exe to the XP shell).
Step 4: Safe mode scanning
I restarted the PC and hit F8 repeatedly as the laptop started up, which brought up the XP menu with the option to load ‘safe mode’. I did this and logged in as administrator (which for some reason had not appeared during normal startup). This time it loaded up with explorer.exe no problem. I ran MalwareBytes AntiMalware quick-scan and it picked up 27 items. Some were trojans, mentions of rootkit (eek) and other registry entries (including disabling security centre). I opted to ‘fix’ them all and restarted again as prompted (some nasty bits of malware can only be deleted on boot). This still did not fix the issue. I ran another scan just in case. It found a few more bits. Restart.
Step 5. Manual(ish) restore of explorer.exe
…. this is where it got quite interesting… after several unsuccessful attempts to restore command.exe, including creating a slipstreamed SP3 disc to run
sfc /scannow – I finally installed Avast Antivirus Home Edition and did a boot time scan (AVG8 was already installed but I removed it, finally realising it hadn’t done its job). Avast picked up lots of win32:JunkPoly infections. JunkPoly is Avast speak for Virut.
Format and reinstall is the only option. Backing up is risky.
So now I need to get the photos off, scan them thoroughly and format the hard-drive and reinstall XP.
It probably came from a P2P service, somehow got passed AVG8 (outdated virus def probably), and started infecting the system with all kinds of malware.
Just downloading Ubuntu now – will attempt to back the data up tomorrow…