system fix infection and missing icons on Windows 7
I helped someone remove a fake antivirus called: System Fix
Fairly straightforward on an XP computer.
But the next day, my own Windows 7 PC got the same infection… but it seems a bit more difficult on Windows 7. Besides the warnings about disk corruption (which seemed genuine… I started to wonder about by drive failing… even though it was only 6 months old), I also developed other problems later.
It seems like it got in via a realistic-looking adobe reader update… We get so many adobe updates (it feels like they happen every day)… so its easy to just quickly click on the button that says: “yeah, sure, do your silly update and stop annoying me”.
Removing System Fix using MalwareBytes (while in safe mode), was easy, but after restarting the PC, I got all sorts of other problems:
- All my start menu icons, desktop icons, were missing
- The icons in the right-hand taskbar were no longer being hidden
- The “pinned” icons on the left of the task bar were missing
- I was getting a strange .net error at startup
- Some desktop gadgets were missing.
- resizing an internal window in event views would generate an MMC snap-in error
I soon figured it was the aftermath of the infection… and the solution is meant to be easy: all the icons, etc are hidden in a windows temp folder.
However: Since I don’t like the useless accumulation of temp files (which Microsoft still refuses to address as a real problem), I’m currently using CCleaner to automatically clear the contents of my temp folders… so there go my icons.
Ah, but a system restore should bring them back!
Darn! It seems System Fix also cleared out all system restore points!
But I still have a fall-back: Every week, I automatically copy my whole drive to a second drive in my PC… so my icons should be on my D: drive!
So, after a lot of digging around in folders I didn’t know existed (wow MS has changed the folder structure of Windows 7!), I managed to restore most things (although I had to cheat, since the pinned icons need a proper registry entry… but I got around that my just dragging the “pinned” shortcuts from their original folder, directly to the taskbar… thus creating a correct “pin”).
Many other items were restored quite simply… eg:
The start menu items: right-click on a blank part of the task bar -> properties -> start menu -> Privacy -> tick both “store and display recently opened…”. Then on the same window: customise… -> use default settings -> OK -> OK
The right-side task bar icons were restored to their original state (ie hiding some icons like the action centre) by right-clicking on a blank part of the task bar -> properties -> task bar -> Notification Area -> customise… -> untick: “always show all icons and notifications on the taskbar” -> OK
Next was to fix the .net error?
I tried the dotnetfx_cleanup_tool, and then re-installed .net, but that din’t help at all.
After looking closely at the error (and scrolling the non-resizeable error dialog box (using cursor keys!)), I could see that there was a permission problem with a file near:
C:Users{username}AppDataLocalMicrosoft
After checking with another Windows 7 system, I realised that all folders/files under the Microsoft folder were marked as hidden (and they shouldn’t be).
So I make all folders/files below that “un-hidden”.
That fixed the resizing event viewer problem, and the missing desktop gadgets.
Back to normal (at last).
It took a few hours to fix up all the “little” problems caused by all the settings and permission changes that this nasty little thing did 🙁
I think the worst i have had that was fake was called windows antivirus 2008 and it came out year after year. Lucky i use chrome now and viruses and mal ware find it a lot harder long as you shut the computer down when you see the virus well fake virus