No Desktop After Login

GoodScout
 Share Followers 0

Recommended Posts

GoodScout

GoodScout

Posted
Posted

I know better, and I didn't listen to myself.

I was trying to help a friend with his clogged up laptop.

HP Pavilion ze4900, 1 GB RAM, XP home SP2. Does not have the rescue disk and not available from HP.

I have run CCleaner hundreds of times on maybe 70 PC's, never had a problem. It removed TONs of Crap. On the registry cleanup I saved the changes.

I SHOULD have rebooted at this point. Duhh!

I have had great success running ASquared - virus, adware, malware, worm - scanner many times. It removed 20 high risk worms and malware, and 15 low and medium risk malware/adware.

I should have created an image before I started. Poor excuse, I didn't have my external HDD with me.

The computer will boot up fine, Windows comes up fine, log into the user account I created, and then I just get a blank blue screen (same as the wallpaper -none- that I chose for the login, not the blue screen of death). The desktop does not apear, just a hourglass/cursor.

Same with Safe Mode. Last good configuration. Repair installation with XP Pro SP2 disk will only try to install 'another' OS.

I can get to a C:\Windows promt and thus to the C:\.

Can someone please suggest a course of action. I promise to not do this again. No good deed goes unpunished.

Link to post
Share on other sites
shanenin

shanenin

Posted
Posted

You could try system restore. After the computer boots up, open the task manager, then choose "File", then "New Task(Run..)" . Once the run box opens enter the following command to start system restore c:\windows\system32\restore\rstrui.exe

Does that laptop have a restore partition? Is it an option to reinstall using a generic xp oem cd(use the key on the bottom of the computer)?

edit added later//

you can also use the technique of running programs with the task manager in the following way. If any of the programs you used have a quarantine feature, you may want to restore any files they removed.

Link to post
Share on other sites
Pete_C

Pete_C

Posted
Posted
You could try system restore. After the computer boots up, open the task manager, then choose "File", then "New Task(Run..)" . Once the run box opens enter the following command to start system restore c:\windows\system32\restore\rstrui.exe

Does that laptop have a restore partition? Is it an option to reinstall using a generic xp oem cd(use the key on the bottom of the computer)?

edit added later//

you can also use the technique of running programs with the task manager in the following way. If any of the programs you used have a quarantine feature, you may want to restore any files they removed.

Try doing Ctrl+alt+del to bring up task manager and choose File +> New Task

Type

Explorer.exe

hit enter

This should give you the windows gui.

Basically, CCLeaner deleted a registry entry needed to load windows, and it is jamming up there.

Hopefully this will let you load the gui, and restore the damage.

Link to post
Share on other sites
GoodScout

GoodScout

Posted
  • Author
Posted

You are right Martymas. This is a tool that has been very helpful.

The problem turned out to be the Trojan's that ASquared deleted. I am removing a few at a time to determin which one is attached to the GUI.

I have removed 6 instances of Trojan - Dropper.Win32.Agent .son successfully.

I'm working on removeing Trojan.Win32.Monderb.a.

I have had to use the Task Master to restore the GUI at least 3 more times.

I havn't had the chance to do this type of recovery in quite a while. At work I don't have the time to spend on recovery of the existing system. If a workstation is bad I usually just do a complete reinstall.

Thanks again for the help.

GoodScout

Link to post
Share on other sites
Pete_C

Pete_C

Posted
Posted (edited)
You are right Martymas. This is a tool that has been very helpful.

The problem turned out to be the Trojan's that ASquared deleted. I am removing a few at a time to determin which one is attached to the GUI.

I have removed 6 instances of Trojan - Dropper.Win32.Agent .son successfully.

I'm working on removeing Trojan.Win32.Monderb.a.

I have had to use the Task Master to restore the GUI at least 3 more times.

I havn't had the chance to do this type of recovery in quite a while. At work I don't have the time to spend on recovery of the existing system. If a workstation is bad I usually just do a complete reinstall.

Thanks again for the help.

GoodScout

It is always best to take advantage of those who studied and learned malware removal in cases like this.

It is dangerous trying to remove trojans by yourself; it is best to get some help. You should go to the malware board and post a hijackthis log for assistance since there are many places where malware can hook itself to the windows gui and shell.

This is quite a common effect when the file in question is removed before the entry loading it has been removed and the correct one restored.

In fact, many malware infections are specifically written to produce just this result if automated removal tools are used. This is why it is important to have an expert identify the infection and determine what steps should be taken and in which order.

Make sure to link to this thread and inform any analyst helping you that previous automated removal attempts resulted in the windows gui not loading.

Edited by Pete_C
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing