Computer Help forum


Very Annoying Reacurring Virus/Malware Help

by Dingotar / September 12, 2013 7:36 PM PDT

Hello, i come to you in a time of need.
Here goes...

Yesterday i came to my pc and turned it on, everything seemed normal. I went to open my documents folder and was horrified to find it empty, along with Music, Pictures and all the folders accoiated with the Mike (me) user. After some fiddling i found out that the documents folder was linking to a user called TEMP which i have never come across before. So, glad that my files were safe i started the arduous task of linking all the folders to the Mike user and got back my files. After many hours of fiddling and scanning with various virus scanners etc i took it as beaten and went to bed.
Waking up the morning i am very annoyed. I turn on my pc to find a default wallpaper on my monitors, default start menu icons, and yet again my documents folders etc seemingly empty. After finding out the the documents origins they are now linking to C:\Windows\System32\config\systemprofile which is just ridiculous,
I really need help to get rid of this annoying virus that keeps re-linking all my folders and wiping any user settings in programs such as Google Chrome. Also once i get rid of this virus is there a quick and easy way of linking my documents back correctly rather than doing it all manually.

Thankyou for your time and hope to hear from you soon

Post a reply
Discussion is locked
You are posting a reply to: Very Annoying Reacurring Virus/Malware Help
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Very Annoying Reacurring Virus/Malware Help
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
I hope you have a copy of
by glb613 / September 12, 2013 8:53 PM PDT

your data. What security programs do you have installed?

Collapse -
Here's Grif's Advice To Remove That Malware
by itsdigger / September 12, 2013 9:42 PM PDT

Try Cleaning Out The Junk With These Free Tools

by Grif Thomas Moderator - 9/6/13 2:34 PM

In Reply to: c net by trenta16

First, open each of the browsers you use, click on "Tools" in the upper left, then choose "Add-Ons" or "Manage add-ons" or something similar. Once there, look for the offending add-on and remove or disable it from there.. Once that's done, access your browser's homepage settings and reset it back to one of your choice.. (For example, for Internet Explorer, click on "Tools", select "Internet Options", "General" tab, and in the "Homepage" section, change the listed homepage there.

Once that's done, proceed on with the instructions below to scan the computer for adware/spyware.

If you can download the tools listed below on the problem computer, great, but you may need to use a separate, clean computer, download the tools, copy them to a DIFFERENT flash drive or CD, then transfer them to the infected computer.

Once that's done, then restart the computer into "Safe Mode with Networking" and use the instructions below. If you can't start in Safe Mode, then run all the tools while in "normal" Windows first, then run them in Safe Mode afterward.:

After downloading or transferring it to the problem machine, run the
following tool to help allow the removal programs below to run.
(courtesy of Grinler at are 3 different
versions. If one of them won't run then try to run the other one. Be
patient.... as a black window should open, then close after finding all
the background programs.Vista and Win7 users need to right click and choose Run as AdminYou only need to get one of them to run, not all of them.



IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and
SuperAntispyware installer and update files from the links below which
you've also copied to a CD or flash drive, and transfered to the problem
machine. Do NOT restart the computer after running Rkill. After that, run a full system scan
and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)

Next, install and run a full system scan with the SuperAntispyware program
and the manual updater from the links below. As before, you may need to
rename the installer file to get the program to install.:


Manual Update

And after that, if everything's fine by you can't connect to the internet,
then follow the procedures below to check your network "proxy" settings
again.Open Internet Explorer and go to Tools-Internet
Options-Connection Tab. Click on the LAN settings button. IF there is a
check mark next to "Use a proxy server for your LAN", uncheck it. Click
OK. Then OK, again.


And finally, download and run the tool below to bring back any files that may have been hidden by the malware on the computer.

Hope this helps.


Collapse -
Here's how it goes
by itsdigger / September 12, 2013 10:01 PM PDT

you don't go through every file. The tools Grif provided does all of that. Follow his instructions to the letter and your woe's will disappear...Digger

Collapse -
thanks again
by Dingotar / September 12, 2013 10:14 PM PDT

Thanks for clearing that up digger,
when i try and run Rkill i get this message "There was a problem retriving the neccasry environment variable, appdata and the text in the black little window says it cant find appdata. any ideas? thanks again

Collapse -
by Dingotar / September 12, 2013 9:55 PM PDT

Thankyou you guys for replying.

When the event accoured i had and still do have AVG installed to answer GIBs question.
Thankyou itsdigger for such a long reply, i will try and use some of those programs to remove the stupid software which is causing my folders to be set to weird directories. I think if my Mike user linked to the corrent folders instead of the TEMP one all my problems will be solved (after removing said software of course) is there anyway of just doing one big change to the default folder of that user or does it involve clicking on each folder (my documents, my music) etc and doing it that way

Collapse -
Are you absolutely sure it's malware?
by Steven Haninger / September 12, 2013 10:31 PM PDT

There are other reasons that profiles can become corrupt and Windows will create a new one. In these cases, your data may be fine. I believe the recommendation is to make a new account with the same privileges as the old and just copy your documents and other data into the corresponding folders in the new account. You probably still would be curious as to the cause so run all the scans you want. You can even do hardware testing for bad RAM or hard drive sectors just to rule those out.

Collapse -
possibly restart anyway
by Dingotar / September 12, 2013 11:01 PM PDT

Hey guys, thanks so much for all your replies, i am thinking to myself that i might do a vista reinstall as i was due to give my pc a nice clean reinstall anyway and this gives me a good excuse as any. Will put all my important files onto discs and make it feel clean again lol.


Popular Forums
Computer Help 51,224 discussions
Computer Newbies 10,453 discussions
Laptops 20,090 discussions
Security 30,722 discussions
TVs & Home Theaters 20,937 discussions
Windows 10 1,295 discussions
Phones 16,252 discussions
Windows 7 7,684 discussions
Networking & Wireless 15,215 discussions


Roku Streaming Stick 2016

Roku has the most apps, the simplest interface and the best search, making it CNET's favorite way to stream Netflix, Amazon, Hulu, HBO and all the rest.