Exdplain This Please.

[gennisis]

Shut down the computer last Thursday after a normal days use.

Started up Friday morning....greeted by the standard Windows XP meadow....not my own desktop picrure and no shortcut items,apart from Refuse bin and Incredimail logos.

Could not access anything.Up came a pop up welcoming me to XP and did I wish to explore its features.

The computer was acting as if I had never used it before....My documents....empty...my emails...empty...all my past gone into ?????....but the Refuse Bin contained all the items I had been dumping over the last few weeks.

I accessed System Restore and reset for 3 days earlier....success..... everything back as it should be.

Not liking this event I thought that perhaps some virus was to blame,so got Nod 32 to scan and clean.......report said':no infections detected',but I did notice that it reported many files sealed and could not be opened.

The computer has been working as normal now for 4 days.

Called in a guy who was reccomended as a expert....he played arround for a while but didnt find anything wrong.

So....can anyone explain??

[sulasno]

suggest you allow someone you trust to have remote access to your system for a look and see

try downloading the latest version of Dr Cure and see whether it detects anything

[welo]

Seems that your profile directory was wiped or you were logged in under a different user account. The recycle bin is not specific/tied to your user account AFAIK, so I would expect it to contain all items even if there are problems with your account's profile directory.

Might be an attack by malicious software or just some Windows 'anomaly'.

Maybe others have experience with this kind of problem and possible reasons?

Using System Restore was a smart choice!

If the problem appears again you might want to verify the user account name you are logged in with. You can also check the C:\Users folder - each account has its own subdirectory, plus one for the 'All Users' and one for 'Default User'.

I guess a malware attack is possible, not sure if it would the most likely reason though. Of course, if you do use your computer for serious stuff (work, internet banking, credit card transactions, etc) you might want to make sure that your PC is not infected. Don't rely on one antivirus scanner only. Some free scanners that come without a resident shield/guard and will not interfere with your main antivirus scanner: Malwarebytes Anti-Malware, Hitman Pro, Kaspersky Virus Removal Tool. Search the forum for posts on this topic and links to these programs.

Don't think that your computer is clean just because one program said so.

Did you have NOD32 installed and updated before or did you just install it after the 'crash'?

Some malware likes to hide/infect the System Restore directory, in case of an infection it is recommended to disable System Restore, then restart, actually wiping the whole System Restore data, then re-enable and set a new System Restore point. This should be done AFTER the computer is cleaned from any malware, otherwise it might be infected again. Of course you will loose all System Restore points.

welo

[Supernova]

Started up Friday morning....greeted by the standard Windows XP meadow....not my own desktop picrure and no shortcut items,apart from Refuse bin and Incredimail logos.

Could not access anything.Up came a pop up welcoming me to XP and did I wish to explore its features.

The computer was acting as if I had never used it before....My documents....empty...my emails...empty...all my past gone

Sounds to me like user profile corruption. When this happens, user-defined settings are lost and Windows automatically reverts to the default user profile. Hence, the "Welcome to Windows XP" pop up.

Have you scanned your computer for malware? Anti-virus programs work best for viruses, but not (always) for malware. Download and install Malwarebytes. Perform a quick scan to make sure your system is clean.

You might also want to check your hard disk for errors.

[astral]

Or even a Memory check

I recently had a computer with missing windows files on boot up.

The first suspicion was the hard disk, but it turned out to me a memory problem.

[zaphodbeeblebrox]

Your user profile file has become corrupted. Very tricky to repair. I once successfully repaired mine, and the other time I had to do a OS system restore.

You have a defect in your computer. It's called Microsoft.

[gennisis]

suggest you allow someone you trust to have remote access to your system for a look and see

try downloading the latest version of Dr Cure and see whether it detects anything

[/quote

I downloaded Dr Cure.....it did not find anything.....shows that Nod 32 worked I suppose.

I also downloaded the Malwarebytes program.....interesting...it detacted 39 suspects.36 of which were in the 'Spy Bot' files.

My computer appears to be behaving itself,so Im gonna leave things as they are and wait and see.

[welo]

Spybot is OK as well. What kind of threats did Malwarebytes find? Just one trojan infection is a serious problem!

Maybe Malwarebytes found files that have been quarantined by Spybot.

Can you provide the log file of the Malwarebytes scan? Start the program, open the tab 'logs', open the latest log file, copy/paste here.

It might also be a good time to make a backup of your data now that your PC is working again / still working. In any case (hardware problem or malware problem) you might run into the same or more problems soon.

welo

[gennisis]

Spybot is OK as well. What kind of threats did Malwarebytes find? Just one trojan infection is a serious problem!

Maybe Malwarebytes found files that have been quarantined by Spybot.

Can you provide the log file of the Malwarebytes scan? Start the program, open the tab 'logs', open the latest log file, copy/paste here.

It might also be a good time to make a backup of your data now that your PC is working again / still working. In any case (hardware problem or malware problem) you might run into the same or more problems soon.

welo

copy of the scan Welo

mbam-log-2010-07-17 (17-32-30).txt

[welo]

The log shows no trojan infection but an installed rogue security software that has been removed.

I thought that when you mentioned 'Spybot' you referred to 'Spybot Search & Destroy' which is a respectable anti-malware software. BPS Security Console as well as probably other products from Bulletproofspyware(dot)com are considered Rogue Software or maybe worse.

Rogue Software is a fake software that claims to do something which it does not do well (or not at all), and at the same time reporting fake warnings and alerts trying to scare you into purchasing software (real or fake as well) to get rid of a problem that is not there.

this is what WOT (Web of Trust): http://www.mywot.com/de/scorecard/BulletProofSoft.com

this is what McAfee's SiteAdvisor says: http://www.siteadvisor.com/sites/BulletProofSoft.com/summary/

People even report trojan and malware infections with software downloaded from this website. Verifying the exact threat level is not possible for me.

It could be possible that this software messed with your profile or system settings to create problems which might lure you into a purchase of their software.

Do NEVER download software from the internet without cross-checking its credibility. One way is to download only from respectable download sites such as download.com, filehippo.com, softpedia.com - and read the reviews on download.com. If the program is not listed there, better stay away.

Install the WOT plugin from www.mywot.com - this will warn you about many unsafe and untrusted websites (but remember that the listing can NEVER be complete)

How to proceed from here?

I recommend either one of those options

• Reinstall the OS
  
• Have a (real) professional check your system
  
• Run several respected antivirus solutions to check your system
  

I also want to remind you again that you better backup your data NOW!

Recommended antivirus software:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol

http://download.cnet.com/Hitman-Pro-3/3000-2239_4-10895604.html?tag=mncol

http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

[gennisis]

The log shows no trojan infection but an installed rogue security software that has been removed.

I thought that when you mentioned 'Spybot' you referred to 'Spybot Search & Destroy' which is a respectable anti-malware software. BPS Security Console as well as probably other products from Bulletproofspyware(dot)com are considered Rogue Software or maybe worse.

Rogue Software is a fake software that claims to do something which it does not do well (or not at all), and at the same time reporting fake warnings and alerts trying to scare you into purchasing software (real or fake as well) to get rid of a problem that is not there.

this is what WOT (Web of Trust): http://www.mywot.com...etProofSoft.com

this is what McAfee's SiteAdvisor says: http://www.siteadvis...ft.com/summary/

People even report trojan and malware infections with software downloaded from this website. Verifying the exact threat level is not possible for me.

It could be possible that this software messed with your profile or system settings to create problems which might lure you into a purchase of their software.

Do NEVER download software from the internet without cross-checking its credibility. One way is to download only from respectable download sites such as download.com, filehippo.com, softpedia.com - and read the reviews on download.com. If the program is not listed there, better stay away.

Install the WOT plugin from www.mywot.com - this will warn you about many unsafe and untrusted websites (but remember that the listing can NEVER be complete)

How to proceed from here?

I recommend either one of those options

• Reinstall the OS
• Have a (real) professional check your system
• Run several respected antivirus solutions to check your system

I also want to remind you again that you better backup your data NOW!

Recommended antivirus software:

http://download.cnet....html?tag=mncol

http://download.cnet....html?tag=mncol

http://download.eset...staller_enu.exe

http://devbuilds.kas...builds/AVPTool/

Thanks for your advises Welo.....The Bulletproof program was preloaded when I bought the machine 4 years ago .I dont surf the net a great deal and rarely download anything.

Edited July 19, 2010 by gennisis