|
1. Been infected with spyware? Tell us about your problem. 2. Protect your PC from viruses, spyware. 3. For fast automatic spyware removal, try CounterSpy, SUPERAntiSpyware |
How to fix shell.exe, spoolvs.exe problem
Symptoms:
- Start > Settings -> Control panel is missing
- Task bar icons informing you of an infection and taking you to legit looking security panel
- System pop ups and IE pop ups
- When you start PC, you can get a message: “Windows cannot find ‘C:\Windows\shell.exe’ Make sure you typed the file name correctly….”
Download HijackThis and save the file to your desktop. Double click on the file for install.
Download CCleaner. Double click on the file for install.
Download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your desktop.
Download VundoFix and save the file to your desktop.
Download SDFix and save the file to your desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)
Boot your PC in Safe Mode.
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode
Open the SDFix folder and double-click RunThis.bat.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard).
Double-click VundoFix.exe to run it.
- When VundoFix opens, click the Scan for Vundo button.
- Once it’s done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo. - When completed, it will prompt that it will reboot your computer, click OK.
Reboot in SafeMode again.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd.
- Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).
- You will be prompted : “Registry cleaning - Do you want to clean the registry ?“; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.
- The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.
- The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.
Backup Your Registry with ERUNT
After that you should post your logs:
- hijackthis log
- smitfraudfix log (can be found at the root of the system drive, usually at C:\rapport.txt)
- sdfix log (usually at C:\sdfix\logReport.txt)
- vundofix log (usualy at C:\vundofix.txt )
to spyware help forum and wait answer (before you should create a free forum account).
November 26, 2007 on 9:53 am | In Spyware protection and removal, Tutorials - "How to" | |Submit to: Digg | SlashDot | Del.icio.us
8 Comments »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Previous Posts:
- AntiSpywareMaster and RegistryGreat | How to remove
- How to remove new rogue antispywares Malware Bell and IE Antivirus
- How to remove softwarereferral/safewebnavigate hijackers and etlrlws toolbar
- How to uninstall combofix
- Found new rogue antispyware programs
- How to remove braviax.exe/cru629.dat/users32.dat malware
- VirusHeat rogue antispyware - How To Remove
- Fresh updates to Ad-Aware and SpyBot-search & Destroy
- How to remove core.cache.dsk and parportt.sys
- How to remove CID popups
- How To Remove cyberstoll.com, search-daily.com hijacker and WebHancer spyware
- How to remove Video Add-on and antispyware/security toolbar 7.1
- Trojan Vundo/Virtumonde turns a good file into a Trojan-Dropper
- How to make Internet Explorer more secure
- New updates to Ad-Aware and SpyBot-search & Destroy
- How to remove webcry.com hijacker
- Found first Christmas malware
- Found some new fake codecs
- Cannot View Hidden Files And Folders. How to fix
- Hijacker will not let me download anti spyware program - how to fix
Categories:
- Pop-Up Blockers and Firewalls (rss) (5)
- Adware (rss) (10)
- Anti Virus Software (rss) (11)
- Best Programs (rss) (3)
- Browser Hijacking (rss) (13)
- Critical patch (rss) (21)
- Exploits & Vulnerabilities (rss) (58)
- FAQ (rss) (8)
- Free Software (rss) (63)
- Identity Theft (rss) (8)
- Internet Browsers and Mail and News readers (rss) (12)
- Linux (rss) (4)
- Malware (rss) (11)
- Online Scanners (rss) (11)
- Phishing (rss) (2)
- Rogue Anti Spyware (rss) (35)
- Rookit (rss) (3)
- spyware (rss) (2)
- Spyware protection and removal (rss) (74)
- Tips (rss) (78)
- Trojan (rss) (35)
- Tutorials - "How to" (rss) (65)
- Updates (rss) (16)
- Virus (rss) (19)
- Worms (rss) (14)
Archives:
- May 2008 (2)
- April 2008 (1)
- March 2008 (4)
- February 2008 (3)
- January 2008 (2)
- December 2007 (7)
- November 2007 (27)
- October 2007 (4)
- July 2007 (2)
- June 2007 (3)
- April 2007 (1)
- March 2007 (6)
- February 2007 (6)
- December 2006 (1)
- November 2006 (2)
- October 2006 (7)
- September 2006 (2)
- August 2006 (10)
- July 2006 (7)
- June 2006 (22)
- May 2006 (18)
- April 2006 (12)
- March 2006 (24)
- February 2006 (33)
- January 2006 (52)
- December 2005 (50)
- November 2005 (66)
Blogroll
- Sans Org - Internet Storm Center
- Spyware RU
- Sun Belt Blog
Help Us:
- MyAntiSpyware needs your support. Please make link from your site to us.
Use the button:
MY ANTI SPYWARE Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds.
Valid XHTML and CSS. ^Top^
Thanks fix problems nicely!!!!!!!!!!!
Comment by Tiff — December 27, 2007 #
thanks myantispyware.com, your solution fixed the problem with no harm done. I’ll recommend your site to anyone in need. Cheers
Comment by Luke — December 31, 2007 #
Thanks - your procedure helped and saved me a lot of headaches! However, I might have other \’by-product\’ of the restoration and don\’t know if it is somehow related to the spyware removal. I cannot Change/remove software from the \’Add or Remove programs\’ panel. I am going to post the logs to the help forum now.
Comment by alibaba — January 9, 2008 #
hi i have had this problem for a while and was very excited when saw this walk through but i cant seem to find vundofix anywhere does anyone have any ideas on where to go for it? thanks
Comment by Richard — January 23, 2008 #
Richard, vundofix home site unavailable now, try download later
Comment by Patrik — January 23, 2008 #
Procedure does a great job….just wonder why the need to download HiJack This. It is not used in the procedure.
Comment by Ray — February 7, 2008 #
HijackThis needs only for one, if procedure don`t work, then you should post all logs,include a hijackthis log.
Comment by Patrik — February 7, 2008 #
Thank you. This site is great. No where else was I able to find the answer to this problem.
Comment by Tim — May 9, 2008 #