Computer Taken over by GOD :P

[Magoo]

Every Couple (reboots maybe around 10 approx)the godmode icon appears on my desktop, Don't ask me how or why it just does, I delete it and keeps coming back. I would like to just get rid of it for good! I also get an error msg about are you sure you wanna delete this file "desktop.ini" I delete it and it will just sudeendly decide to come back whenever it wants too! Pictures are attached to make it more clear.

Thanks,
Magoo

 

[zigzag3143]

Every Couple (reboots maybe around 10 approx)the godmode icon appears on my desktop, Don't ask me how or why it just does, I delete it and keeps coming back. I would like to just get rid of it for good! I also get an error msg about are you sure you wanna delete this file "desktop.ini" I delete it and it will just sudeendly decide to come back whenever it wants too! Pictures are attached to make it more clear.

Thanks,
Magoo

First have you run a system wide virus scan?

Second reboot in safemode (F8) and navigate to the folder c:\users\your username\desktop. the godmode shortcut should be there, delete it.

Third do a search for "godmode" on the entire C:\ drive and where ever you find it delete them as well.

If you have any problems deleting them from within windows boot from the win 7 dvd go to the cmd window and navigate to where they are from there then delete them.

This works I have done it on many recalcitrant godmode shortcuts.

Ken

EDIT: the desktop.ini file also has a fix. search sevenforums for it. (I just dont remember what it is atm.

 

[Bill2]

1) Check in MSCONFIG=> Startup tab for something that may be triggering that.

2) Try deleting the folder in Safe mode, the run a registry cleanup with CCleaner.

 

[Magoo]

ok thanks for the help guys, will do the above and report back, It just wierd something is triggering it to show up , but I have no idea what ????????

 

[Magoo]

Well it keep coming back, Virus and malware scan is Clean, Went into safe mode and deleted it, 20 mins it later its back, I notice it has a read only permission, which I can remove no problem. Could it be something in the registry making it pop up? Checked msn config and startup nothing there at all, hmmm I'm stumped!

 

[Bill2]

Boot into safe mode, take ownership of the folder, then delete.

http://www.sevenforums.com/tutorials/1911-take-ownership-shortcut.html

 

[Magoo]

OK did exactly as you said , took owership, rebooted into safe mod, took owership again and deleted , I got that msg are "The file desktop.in is a system file are you sure you want to delete it" again.... Same as the picture I posted above. I guess time will tell.

 

[Dinesh]

Go to Folder Options and check these 2 boxes:

 

[Magoo]

Those are checked, It gives me that msg, when I try to delete the godmode folder, I guess cause maybe its a hack trick whatever you wanna call it...

 

[DeaconFrost]

This may sound drastic, but I would consider wiping the drive and reinstalling. The GodMode folder doesn't just appear...it has to be put there. If your computer has been compromised that much...I'd have no faith using it any further.

 

[Magoo]

Wow tooo drastic for me............ Are you think virus or malware that kinda thing? Something is telling it do creat that folder on the desktop, No sure what though.

 

[DeaconFrost]

You have to create a folder with a very specific string of characters to get the GodMode icon to appear. Unless someone else has physical access to your computer, such a friend, that could have put it there, you have somekind of serious malware or hack. I've never heard of malware creating that folder.

 

[Petey7]

Hold on. Deacon, are you saying GodMode actually exist in Win7?

 

[DeaconFrost]

Yes, absolutely. It's been a pretty well known trick, Easter Egg, whatever you want to call it, in the enthusiast arena since a little after Windows 7 was release last August. If you create a new folder with a specific name and character string, you'll get the GodMode folder, which gives you access to many configuration options in your system, all in one place. That's why I'm telling the OP that it just doesn't happen by mistake.

http://news.cnet.com/8301-13860_3-10423985-56.html

 

[Petey7]

I used the RC, I looked up all kinds of way to change all kind of stuff and never heard of this. Its cool.

 

[Magoo]

Well I did a MBAM scan and nothing was found, Also did A Nod32 scan (clean) , Went threw my hijack this log and found nothing out of the ordinary. Very strange.

 

[DeaconFrost]

That's why I asked if someone had physical access to your system. I've never heard of malware creating this folder, because it is useless without access to the system, or a remote desktop app, etc. I would be very weary of how it got there, and that's why I wouldn't trust the system's integrity.

A friend of mine had something like this once. Turns out he was hacked, and someone dropped VNC on his system, and could take control anytime they wanted. When a system is compromised like that, you really only have one option.

 

[Petey7]

You might want to check the network map (control panel>newtwork and sharing center>see network map), and check networks places (explorer>network). Make sure no one else is connected to your network. If anyone lives with you, then ask them if they touched your computer.

 

[Petey7]

You might also want to make sure both remote access services and remote registry are disabled in services. As long as you don't stream media to anything, you won't notice any ill effects.

 

[Magoo]

Well did everything suggested and even renamed it to blah , it will still come back every 5-6 reboots , with the Folder showing blah, read only properties and when I delete it , Windows thinks its a system.ini file? Anyway to remove by registry? or make windows think it's not system.ini file?