Question

  • Creator
    Topic
  • #2206632

    Document window opens randomly

    Locked

    by jimchoate ·

    Running Vista Home Premium

    The document window randomly opens. I have scanned using norton, spy-bot, no help. Searched the web for advise, no help.
    Looked for hidden windows….none of this has worked. I am at my wits end on this one.

    Any help on this would be greatly appreciated.

All Answers

  • Author
    Replies
    • #2836210

      Clarifications

      by jimchoate ·

      In reply to Document window opens randomly

      Clarifications

    • #2836207

      Check these settings

      by rob miners ·

      In reply to Document window opens randomly

      My Document appears at Start Up

      1.Click Start Run, and type regedt32 and press Enter.

      2.Now navigate to the following key:-
      HKEY_ LOCAL_ MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

      3.Look down the list in the Right Hand pane,scroll down to the value Userinit This value should read: C:\WINDOWS\system32\userinit.exe, (The comma at the end must also be there)

      4.If the value is different from that mentioned above then Right Click on the Userinit value and, from the drop down menu, select Modify. Type in the value C:\WINDOWS\system32\userinit.exe,in the Modify dialogue box click OK.

      5.Exit the Registry.Restart your computer.

      Tip! Backup the Registry Keys before proceeding. If you right click on the Key and select Export it will save to My Documents. All you have to do is give it a meaningful name.

      It could also be a QuickLaunch setting. Check if a link to My Documents is on it. If there is right click it and select Delete.

    • #2836194

      thanks

      by jimchoate ·

      In reply to Document window opens randomly

      Thank you much for your quick reply.

      The registry entry was already there. Nothing to change or delete.

      The document folder continues to open at will, randomly.

      • #2836192

        It isn’t normal behaviour

        by rob miners ·

        In reply to thanks

        Follow the steps below with the System started and restarted in Safe Mode with Networking. Running in Safe Mode loads a minimal set of drivers for the Operating System. You can use these options to start Windows so that you can modify the registry or load or remove drivers. If you can access the Internet use it to download and install the files.

        If you can’t access the internet to update MBAM try the instructions below to clear a path to the internet to be able to run MBAM. You can also download the updates for MBAM and run them from the USB.

        From another System download and install Spybot, update it and copy the the installed folders to a USB Stick. Copy MBAM and the Update as well.

        With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.

        Removing malware from System Restore points:

        When your infected with any trojans, spyware, malware, they could have been saved in System Restore and can re-infect you. It’s best to remove them.

        XP
        Press the WinKey + r type sysdm.cpl and press Enter.
        Select the System Restore tab and check “Turn off System Restore”.

        Vista
        Press the WinKey + r type sysdm.cpl and press Enter
        Select the System Protection tab. Untick the box next to Local Disk C: and any other drives and click on Turn System Restore off.

        After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from “Turn off System Restore”.
        When all is clear you may need to tidy up the Registry. Link is at the bottom.

        Once you have restarted the Infected System in Safe Mode, navigate to the USB stick and run Spybot.

        Download Spybot – Search & Destroy and install it. Update it. http://www.safer-networking.org/en/download/index.html

        When you first start Spybot, click on the Mode menu and select Advanced mode. Under the Tools options (bottom left) select View Report. On the screen in the right hand pane, select View report to create a new report. Save the report as it may come in handy later. Spybot will also keep log files in this location in Vista:

        C:\ProgramData\Spybot – Search & Destroy\Logs

        Spybot will also keep saved log files in this location in XP:

        C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\Logs

        Download Malwarebytes Anti-Malware, install it and update it.

        Malwarebytes

        * Double-click mbam-setup.exe and follow the prompts to install the program.
        * At the end, be sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
        * If an update is found, it will download and install the latest version.
        * Once the program has loaded, select Perform Quick Scan, then click Scan.
        * When the scan is complete, click OK, then Show Results to view the results.
        * Be sure that everything is checked, and click Remove Selected.

        If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
        mbam-rules

        I would keep scanning with it until it is clean by closing out and rebooting and running it again.

        Run this Rootkit Revealer GMer
        Gmer

        FAQ
        FAQ

        • #2836185

          Try this first

          by rob miners ·

          In reply to It isn’t normal behaviour

          Use System Restore
          After you’ve decided to use System Restore to revert your system to a previous state, start the System Restore Wizard and follow the prompts. To use the System Restore Wizard, make sure you’re logged on as an administrator, and then follow these steps:

          1.
          Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.

          2.
          On the Welcome screen, click Restore my computer to an earlier time, and then click Next.

          3.
          On the Select a Restore Point page, select the date from the calendar that shows the point you’d like to restore to and then click Next.

          4.
          On the Confirm Restore Point Selection page, verify that the correct restore point is chosen, and then close any open programs.

          5.
          Click Next if you are ready to proceed or click Back to change the restore point.

          6.
          The computer will shut down automatically and reboot. On reboot, you’ll see the Restoration Complete page, and then click OK.

          After reviewing the stability of your system, you can choose another restore point or undo this restoration. Just open System Restore and make the appropriate choice. After you use System Restore, you’ll have an additional task, Undo my last restoration, on the System Restore Welcome page. Remember that you’ll have to reinstall any programs that were installed after the restore point.

          If System Restore doesn’t work in Normal Mode, it might work in Safe Mode. To use System Restore in Safe Mode, press the F8 key during reboot and choose Safe Mode. When your computer starts in either Safe Mode or Normal Mode, System Restore can be used to capture a working previous state. System Restore can’t be opened unless the system is bootable into one of these modes.

          Edit: tidy up

    • #2836020

      many thanks

      by jimchoate ·

      In reply to Document window opens randomly

      It took awhile to reply because I ended up having to do a restore as you stated in your last notice and kept me offline for most of it.
      It took several tries I kept getting an error at the end of each restore.
      However the final restore I did just before I was going to do a complete format and reinstall….worked!! Did so without loosing to much. Way much easier then the alternative.

      Thanks again!! Your reply to my plea for help was GREATLY appreciated, timely, knowledgeable and most of all….worked!

      Jim Choate

Viewing 3 reply threads