Expert: James Filmer - 2/23/2010

Question
QUESTION: Hi James:

I was recently the victim of some type of cyber-attack that partially disabled my system, not allowing me to go online and slowing everything down. It appeared that some fake program installed itself posing as a Windows anti-virus, anti-maleware removal software claiming to be able to remove all of the bad things it found on my system (for a fee of course). I didn't take the bait but instead installed and ran a free anti-spamware program called "Super Anti-Spyware Free Edition". This seemed to work well and I can now get online. The problem I now have is that most of my shortcuts don't work anymore. Whenever I double click on an icon, the "open with" box opens and I can get into MOST programs that way. I cannot do so however with IE or my Quicken program. I know these programs are still installed because I can see them listed under "add and remove programs" with the program size indicated next to it. How do I fix these issues? I am running Vista Home on a Dell Insiron desktop. I also run McAfee VirusScan and personal Firewall. Thanks in advance.

ANSWER: Hi KEVIN,

Try going to Computer > C drive > Program Files > pick a program that doesn't work, find the .exe file and double click. Does it open from there?

If that doesn't work, it could be your not using the true administrator account. Try starting your computer in safe mode and see if the shortcuts work there.
For more details about how to access safe mode (and why) see: http://www.vistax64.com/tutorials/67567-administrator-account.html

Let me know.

---------- FOLLOW-UP ----------

QUESTION: Unfortunately, going thru Program Files didn't work. I have not tried safe mode yet but I am leaning towards a system restore. I have all of my files backed up except for iTunes so I will lose all of that data. Do you concur with my decision? Thanks.

ANSWER: That might be a way to fix the problem, but I wouldn't recommend it just yet. If you do it now, let me know if it works.

Since it happened as a result of spyware/rogue app it could be that something about your system configuration changed, or some spyware or virus is still on it. Plus, there might be some risk that you could restore your system to a point where malware returns.

You said the only two programs you couldn't open were IE and Quicken.
OK. IE not opening is a major system stability and security issue since you can't get critical system updates. (As a side note, this may be related to the Quicken problem).

I would suggest testing IE in it's own Safe Mode, add-ons and plugins disabled.

Go to All Programs > Accessories > System Tools > Internet Explorer (No Add-ons)
If that doesn't work, we can try a few other things. System Restore (for me at least) is always a last resort when it has to do with any kind of malware.




---------- FOLLOW-UP ----------

QUESTION: No good with regular and IE SAFE MODE. Also, the # of programs that will not open is now more than 2 as I continually find new ones to attempt to open. If I do a system restore successfully, can't I "catch up" with system updates by downloading them? (alot of good those updates did me here).

Answer
KEVIN,

If you mean restoring to a point before you installed the rogue software and reinstalling any missing updates, that should work.

There's another option too: disabling System Restore, and scanning with SuperAntispyware again. It could be the rogue program (if I knew the exact name it might help) and/or other malware is in your System Restore cache and has reinfected your system. I'd also run a full system anti-virus scan before re-enabling it.

For future reference, I'd also use Spybot R&D (free,) and one or more anti-spyware applications like Malwarebytes, a-squared free or free-trial, or Windows Defender (free) - no anti-spyware program find and removes everything (links on enrgy21.com)