In the last few months the number of computers I have cleaned with the Win 7 Security 2012 virus, the Root.ZeroAccess virus, and their variants has greatly increased.
While I have been successful in eliminating these, with the help of tools like FixNCR.req, Rkill, and an arsenal of AV software, its the fallout damage they do thats a PITA; i.e., no Startup Program or desktop shortcuts, empty Administrative Tools folders, cannot turn the Windows Firewall on, or no internet access.
Heres a few tips Ive picked up from other forums and tech sites on how to restore these. If anyone has any others please add them to these.
No Startup Program or desktop shortcuts
Before I ran any AV programs I always ran Ccleaner first. Unfortunately this cleans out your temp files and deletes the %Temp%\smtmp folder making it harder to restore the shortcuts. I save it for last now.
1. Theres a utility called Unhide that you can download here that will help restore your shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html
2. They also show you how to manually restore them and recently have added .exe script files to restore the default Start menus.
3. Theres also a tutorial here that shows you how to restore them:https://www.sevenforums.com/tutorials/135246-start-menu-all-programs-windows-7-restore-default-shortcuts.html
Empty Administrative Tools folder
Another good tutorial from sevenforums on how to restore this: https://www.sevenforums.com/tutorials/29965-administrative-tools-restore-shortcuts.html
Cannot turn on the Windows Firewall
This is usually happens after getting rid of a Root.ZeroAccess virus. Try the simple stuff first.
1. Run this Microsoft FixIt tool: http://support.microsoft.com/kb/2271812
2. Using the Command Prompt, CMD, (right click on CMD and Run as administrator), type the following and press ENTER: netsh firewall reset
3. Try Methods 1 and 2 (first post): http://answers.microsoft.com/en-us/...firewall/430ae342-e16d-4b49-a726-20510bd559c4
4. Windows Firewall and Base Filtering services are missing. Now what? A few weeks ago, I posted this in another thread here. After everything else failed I tried narenxp's reg fix and it worked. Find it here: http://www.bleepingcomputer.com/forums/topic434478.html
Cannot Access the Internet
1. Again try the simple stuff first. In Internet Explorer under Internet Option Connections LAN settings make sure either nothing is checked or only Automatically Detect Settings is checked.
2. Under Network, right click on your Connection and click on Diagnose or Repair. While youre there click on Properties, TCP/IPv4, Properties; Obtain an IP address Auto and Obtain a DNS Server Address Auto should be ticked. Click on the Advanced tab, under IP Address it should read DHCP Enabled.
3. Download and run Winsock XP Fix V1.2, reboot http://www.snapfiles.com/get/winsockxpfix.html
4. Run the Microsoft Fixit tool or follow their instructions for the manual method, reboot: http://support.microsoft.com/?kbid=299357
5. Open up Services and check that the DNS Client, DHCP Client, and the Remote Procedure Call (RCP) services are started.
While I have been successful in eliminating these, with the help of tools like FixNCR.req, Rkill, and an arsenal of AV software, its the fallout damage they do thats a PITA; i.e., no Startup Program or desktop shortcuts, empty Administrative Tools folders, cannot turn the Windows Firewall on, or no internet access.
Heres a few tips Ive picked up from other forums and tech sites on how to restore these. If anyone has any others please add them to these.
No Startup Program or desktop shortcuts
Before I ran any AV programs I always ran Ccleaner first. Unfortunately this cleans out your temp files and deletes the %Temp%\smtmp folder making it harder to restore the shortcuts. I save it for last now.
1. Theres a utility called Unhide that you can download here that will help restore your shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html
2. They also show you how to manually restore them and recently have added .exe script files to restore the default Start menus.
3. Theres also a tutorial here that shows you how to restore them:https://www.sevenforums.com/tutorials/135246-start-menu-all-programs-windows-7-restore-default-shortcuts.html
Empty Administrative Tools folder
Another good tutorial from sevenforums on how to restore this: https://www.sevenforums.com/tutorials/29965-administrative-tools-restore-shortcuts.html
Cannot turn on the Windows Firewall
This is usually happens after getting rid of a Root.ZeroAccess virus. Try the simple stuff first.
1. Run this Microsoft FixIt tool: http://support.microsoft.com/kb/2271812
2. Using the Command Prompt, CMD, (right click on CMD and Run as administrator), type the following and press ENTER: netsh firewall reset
3. Try Methods 1 and 2 (first post): http://answers.microsoft.com/en-us/...firewall/430ae342-e16d-4b49-a726-20510bd559c4
4. Windows Firewall and Base Filtering services are missing. Now what? A few weeks ago, I posted this in another thread here. After everything else failed I tried narenxp's reg fix and it worked. Find it here: http://www.bleepingcomputer.com/forums/topic434478.html
Cannot Access the Internet
1. Again try the simple stuff first. In Internet Explorer under Internet Option Connections LAN settings make sure either nothing is checked or only Automatically Detect Settings is checked.
2. Under Network, right click on your Connection and click on Diagnose or Repair. While youre there click on Properties, TCP/IPv4, Properties; Obtain an IP address Auto and Obtain a DNS Server Address Auto should be ticked. Click on the Advanced tab, under IP Address it should read DHCP Enabled.
3. Download and run Winsock XP Fix V1.2, reboot http://www.snapfiles.com/get/winsockxpfix.html
4. Run the Microsoft Fixit tool or follow their instructions for the manual method, reboot: http://support.microsoft.com/?kbid=299357
5. Open up Services and check that the DNS Client, DHCP Client, and the Remote Procedure Call (RCP) services are started.
Facebook
Twitter