Relatives machine -- infected files -- cleaning up the damage

[explorer2012]

ESET anti-virus found 4 infected files which were quarantined. The files were "probably a variant of Win32/InstallIQ potentially unwanted application". Examination of the machine shows a few problems.

In the root of C drive, there are several directories that are composed of strings of characters. Some of these strings are 30 characters long. I'm assuming these directories were created by windows updates over time. One of these directories is:

c:\980b8ba83e25aa813c

and it contains a subdirectory called "Start Menu". This Start Menu gives "access denied" error if I attempt to enter it. The permissions "read only" and "hidden" are unchecked.

Now -- To the point -- If I right-click the "Start" button and select "explore", XP complains:

----------------

C:\980b8ba83e25aa813c\StartMenu is not accessible

Access is denied.

----------------

So .... something has taken the explorer pointer from C:\windows and has set it to C:\980b8ba83e25aa813c\StartMenu.


Also, all the menu items in my Start --> Programs menu are gone. Clicking on the "programs" entry shows: (Empty)

Any ideas on how to fix these problems?

 

[hang-the-9]

Best thing is to make sure they have their files backed up and format the drive, re-install Windows. Or run a repair setup of Windows.

Even if you clean out the viruses, the damage they did will be almost impossible to fix on that system.

 

[ktownmike]

I would try this before a reinstall, note when it starts cancel and pick full scan.
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

 

[hang-the-9]

I would try this before a reinstall, note when it starts cancel and pick full scan.
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

Anti-virus programs may remove the virus, but will not fix the damage once it's changed files and the registry.