Hi guys, this morning I had the fright of my life just by clicking onto a website via google. My gf and i were discussing baby names so I decided to do a google search on modern names for boys. I clicked on this one particular link form google (cant remember name) and as soon as i did I got lots and lots of windows trying to open. Comodo isolated a couple of .exes to the sandbox (restricted). I thought CIS had caught everything so carried on chatting with my gf on msn. I then happened to notice that the shortcut to msn had gone off my desktop along with various other programs inc' CCE. So I rebooted thinking all would be ok upon reboot. How wrong I was...most of my programs were still missing from the desktop. numerous folders were missing doc, vids, pics etc. internet explorer had lost all of my favourites. Windows security had been disabled and the clock was an hour fast. Also some of the programs that were left wouldn't open. I did a sys restore and most of my progs came back (although CCE couldn't connect to the internet to update so i imported from CIS did a scan and all was fine. I checked killswitch all safe. Opened quick repair and security center had been disabled so i repaired that. I did a scan with mbam all ok. Did a scan with TDSSKiller all ok. Rebooted and my folders were still missing. To cut a very long story short-ish
I did a google search and found a piece of software on bleeping computers.com called unhide.exe. I ran it and hey presto all my hidden folders/shortcuts were restored (after reboot). So here is the log of what the malware changed and my question is...can these lines be added to the protected registry keys without causing any problems??
Log hereSearching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoActiveDesktopChanges policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_TrackDocs was set to 0! It was set back to 1!
Thx in advance
win7 sp1 64bit (IE8)
CIS 5.10 fully updated Config internet security - sandbox - enabled set to restricted AV stateful - FW safe - D+ safe
CCE (not open/running at the time of infection)
MBAM (on demand)
TDSSKiller (on demand)
UAC disabled at the time (now enabled and put up with the popups + using Comodo dragon as default browser)