locked
Gadgets not working after Virus/Hijack removal RRS feed

  • Question

  • The computer is a desktop unit running Windows 7 Ultimate 64bit.  It was infected after attempting to open a rar file with Winzip7.  Symptoms were redirected internet traffic.  Advertisement playing over the speakers with no program running.  Multiple instances of ml#.exe (# being a sequential number, first instance was 0) running in processes.   Initial scan with MSE returned nothing.   Search & Destroy was installed from a USB flash drive but could not complete its search.  Prior to restarting in safe mode, MSE notified of an issue with Worm:Win32/Vobfus.gen!D.  Item was removed and computer was restarted in Safe Mode.  Malwarebytes was installed and run.  An additional 17 items were detected and removed.  After restart, both browsers on the computer were acting correctly.  However, the gadgets still appear to have lost their connection: MSN Weather, Network Monitor and a Game Server Monitor.

     

    After searching for answers, Java was removed and reinstalled and the suggestion below was followed.  Neither actions have cured the problem.

     

    1. Open a command prompt by being Administrator (Right click on Command Prompt and click Run as Administrator)
    2. CD c:\Program Files\Windows Sidebar ........(CD is a DOS COMMAND for CHANGE DIRECTORY )
    3. Run these commands in this order:
    1. regsvr32 -u sbdrop.dll
    2. regsvr32 -u wlsrvc.dll
    3. regsvr32 atl.dll
    4. regsvr32 sbdrop.dll
    5. regsvr32 wlsrvc.dll

     

    Are there any other suggestions for reconnecting these gadgets to the network?

    Friday, October 29, 2010 1:41 AM

Answers

  • Here's what worked for me after everything else failed. I didn't attempt repair/update install though. This is much simpler.

    Stop the sidebar.exe process. Use regedit and delete this key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\].

    Restart sidebar process.

    Have no idea why it works but it does. Found it on another forum. I applied this fix several days ago and system has been running fine.
    • Proposed As Answer by popeye1953 Tuesday, November 16, 2010 7:15 PM
    • Proposed as answer by Ed Kucinski Friday, November 19, 2010 9:27 PM
    • Marked as answer by Arthur Xie Friday, December 3, 2010 3:29 AM
    Friday, November 19, 2010 9:24 PM

All replies

  • The computer is a desktop unit running Windows 7 Ultimate 64bit.  It was infected after attempting to open a rar file with Winzip7.

    Exactly the same set up and circumstances as me and I also have lost my desktop gadgets. I've tried everything so far with no joy so I'm hoping

    Microsoft will take notice of this vulnerability and eventually come up with a fix for it.

    • Proposed as answer by Ed Kucinski Friday, November 19, 2010 9:26 PM
    Saturday, October 30, 2010 5:18 PM
  • I also had a similar problem on Thursday and had a Trojan on my computer. Ran Malwarebytes and I got the same thing. My gadgets will not work now...
    Sunday, October 31, 2010 3:26 PM
  • Boot from the installation DVD, enter language options, select repair, and select system restore. Choose a restore point prior to infection. Hopefully not too old. This restores the system files only. You will not lose data.

    Also, you could the complete pc restore option, but this requires that you regularly create one for an updated system image.

    These system backup and recovery tools are very useful for recovery from hardware failures and malware infections.

    Takes less time, and you will never know if you have completely removed infected\corrupted files or new files introduced using removal tools.

    • Proposed as answer by Swiss Toni Tuesday, November 2, 2010 5:34 PM
    Monday, November 1, 2010 12:45 PM
  • Boot from the installation DVD, enter language options, select repair, and select system restore. Choose a restore point prior to infection. Hopefully not too old. This restores the system files only. You will not lose data.

    Tried that and it kept asking for a password which doesn't exist as I never set one initially, so I couldn't get to system restore. I also tried system restore in safe mode and that only offered one restore point which was too recent.

    System restore when normally booted into C: offers the correct restore point but when I try that it fails every time!

    Monday, November 1, 2010 11:05 PM
  • If there is no password, what happens if you leave it blank and next?

    One more try at WinRE-immediately after POST, hit F8, repair system, select a restore point.

    Are you disconnecting the ethernet cable or turning off the wireless network connection? ET likes to phone home.

     

    Swiss Toni: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fVobfus.gen%21D&ThreatID=-2147329608

    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Vobfus

    Nasty, a disk wipe and clean install is probably in your future. 

    • Edited by Nano Warp Tuesday, November 2, 2010 2:22 AM added malware description links
    Tuesday, November 2, 2010 2:07 AM
  • How does it work if you reinstall these gadgets?
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Tuesday, November 2, 2010 9:10 AM
  • How does it work if you reinstall these gadgets?
    How do you reinstall them?
    Tuesday, November 2, 2010 5:33 PM
  • right-click the desktop=>select gadgets=>select the gadgets that were using and add it again.
    Tuesday, November 2, 2010 5:52 PM
  • Or you can find the folder of them. They may under:

    C:\Program Files\Windows Sidebar\Gadgets

    Remove the folders of the problematic gadgets. Then reinstall them.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Wednesday, November 3, 2010 3:53 AM
  • Same thing happened to me yesterday.  Had 24 trojans on my computer after doing a google search and now my gadgets don't work.  Windows 7.
    Friday, November 12, 2010 4:01 AM
  • Here's what worked for me after everything else failed. I didn't attempt repair/update install though. This is much simpler.

    Stop the sidebar.exe process. Use regedit and delete this key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\].

    Restart sidebar process.

    Have no idea why it works but it does. Found it on another forum. I applied this fix several days ago and system has been running fine.
    • Proposed As Answer by popeye1953 Tuesday, November 16, 2010 7:15 PM
    • Proposed as answer by Ed Kucinski Friday, November 19, 2010 9:27 PM
    • Marked as answer by Arthur Xie Friday, December 3, 2010 3:29 AM
    Friday, November 19, 2010 9:24 PM
  • Here's what worked for me after everything else failed. I didn't attempt repair/update install though. This is much simpler.

    Stop the sidebar.exe process. Use regedit and delete this key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\].

    Restart sidebar process.

    Have no idea why it works but it does. Found it on another forum. I applied this fix several days ago and system has been running fine.
    • Proposed As Answer by popeye1953 Tuesday, November 16, 2010 7:15 PM

     

    I can confirm that this method works fine. After having the same worm as mentioned above, none of my sidebar tools worked and I was plagued by the "Black clock". After deleting this registry key the clock and other gadgets started working again.

    However, it made Internet Explorer say it was at risk, so you'll need to reapply all of your internet security settings again. Basically just open IE, read the toolbar message that says "Security is bad to surf the web", right-click it and then "Fix it for me". Worked fine.

    Thanks a lot for a solution, much appreciated.

    Saturday, November 20, 2010 2:55 PM
  • Super. thank you so much, that help me
    Saturday, November 20, 2010 9:00 PM
  • Can u explain me step by step please

    cuz i did it but my gadgets r stiil the same :(

    Sunday, November 21, 2010 5:02 AM
  • Can u explain me step by step please

    cuz i did it but my gadgets r stiil the same :(


    1. When you computer is logged on, go to the start menu.

    2. In the start menu, type in "Regedit.exe" into the search bar.

    3. When it appears, right-click it and "Run as Administrator"

    4. The registry editor should then open. In the left window, make sure it's scrolled to the top so you see 5 folders starting with "HKEY".

    5. From there, navigate to: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\]. You do this by clicking the arrows next to the folders.

    6. When you get to the Zones folder, right-click it and "export". This is to create a backup in case something goes wrong and you need to fix it later.

    7. Right click the folder "Zones" again, then delete it.

    8. Window's assistant will then tell you that your internet security is at risk. This is normal, so don't worry.

    9. Boot up Internet explorer, and it should have a bar at the top that states your internet settings are at risk. Right-click the banner, then "Fix for me".

    10. Reboot your PC.

    11. If all is well, all gadgets should work.

     

    Hope this helps.

     

    If not, then you need to make sure of the following:

    -You're running Windows 7, not Vista.

    -You have actually encountered the Win32/Vobfus.gen!D virus and dealt with it.

    -You have replaced the gadgets and put them on your desktop.

     

    If you are running Vista, attempt the solution posted in the original post.

    Sunday, November 21, 2010 5:19 PM
  • Amazing thanks Ed Kucinski
    • Proposed as answer by kimarley Friday, November 26, 2010 8:36 PM
    Monday, November 22, 2010 9:35 AM
  • So I made a boo-boo.  I deleted the entire "Zones" folder in the registry.  It didn't fix the problem and I didn't export it.  Do you have any idea if I can replace or recreate that registry folder?

    Some functions already don't work due to my error.

     

    Thanks.

    Thursday, December 2, 2010 2:40 PM
  • i had a similar kind of problem on my windows 7 64 bit version. I dont think that i had any virus attack. Some gadgets disappeared and the clock turned black. After a long time found a solution.

    Deleting the Zone setting from Registry can help fix the Gadgets issue.

    1. Open regedit and navigate to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings Here, delete the Zones Key

    2. Restart the Computer and test it

     

    it worked for me..check it and let me know!!

    Wednesday, December 29, 2010 10:41 AM
  • I did this and it work ... Thanks; but every time I restart my computer I have to repeat this routine .... any ideas?
    Friday, January 7, 2011 2:13 PM
  • This worked for me......

    Thanks mate........

     

    Thursday, February 3, 2011 6:31 AM
  • Dude you're frikin amazing :)

    Worked perfectly.. :D

    Tuesday, February 8, 2011 8:49 PM
  • Thank you, it worked.
    • Proposed as answer by Ahmad Fadli Sunday, March 27, 2011 12:47 PM
    • Unproposed as answer by Ahmad Fadli Sunday, March 27, 2011 12:47 PM
    Thursday, March 10, 2011 1:44 PM
  • This thing happen because of the virus. I already tried to delete "Zones" folder in the registry editor but it works only for a while because the virus infected the "Zone" folder again. So I download the Malwarebyte's anti-malware and made a scan. I found that there a virus that my current anti-virus did'nt detect. After remove the virus the Gadget working fine again.
    Sunday, March 27, 2011 9:34 PM
  • Excellent solution to this problem, how could IE9 have become infected, Firefox, Opera and Google Chrome were ok. Thank you again.
    Friday, June 24, 2011 10:01 PM