| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 90267 | 2008-05-28 09:45:00 | \!\ folder | SolMiester (139) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 673404 | 2008-05-28 09:45:00 | Hi guys, a virus not sure what it is has created a folder shown above full of files but I cant find it probably due to ! name....any idea how to find and destroy Also explorer and desktop icons keep disappearing and reappearing.....??? |
SolMiester (139) | ||
| 673405 | 2008-05-28 09:50:00 | Might have to post a HJT log, or get Comobofix whatever its called. Have you scanned it ? Or can it be scanned? And where is it on the hdd? |
Speedy Gonzales (78) | ||
| 673406 | 2008-05-28 10:00:00 | Little tool I find useful sometimes, shows hidden folders/processes, give This a Go (www.wenpoint.com/), see if it locates the folder | wainuitech (129) | ||
| 673407 | 2008-05-28 10:17:00 | Thx guy, will try that hidden folder, have scaned the drive & killed 12 viruses but as i said, the desktop is doing some strange stuff, just reinstalling sp3 to see if it will fixed missing or corrupted files, then will try that hidden files... Saw them all when doing a boot scan, but of course illegal character folder and I cant use windows to find them! |
SolMiester (139) | ||
| 673408 | 2008-05-28 10:25:00 | See if Unlocker will delete it. Or disable system restore first then delete it in safe mode. If that doesnt work, disable SR and try Unlocker |
Speedy Gonzales (78) | ||
| 673409 | 2008-05-28 10:33:00 | By any chance was /is the virus called W32/Rjump.worm | wainuitech (129) | ||
| 673410 | 2008-05-28 10:37:00 | By any chance was /is the virus called W32/Rjump.worm Didnt see the names... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:47:22 p.m., on 28/05/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\nvraidservice.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\StartupMonitor.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Program Files\Desktop Sidebar\dsidebar.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\taskmgr.exe H:\PortableApps\PortableApps\PortableAppsMenu\Port ableAppsMenu.exe H:\PortableApps\PortableApps\ClamWinPortable\ClamW inPortable.exe H:\PortableApps\PortableApps\ClamWinPortable\App\c lamwin\bin\ClamWin.exe H:\PortableApps\PortableApps\ClamWinPortable\App\c lamwin\bin\clamscan.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\explorer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.co.nz/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Traffic Usage Checker.lnk = C:\Program Files\Traffic Usage Checker\TUC.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 6063 bytes |
SolMiester (139) | ||
| 673411 | 2008-05-28 10:41:00 | I did see a message about a svhost.exe wanting to register for startup, which I said no, but it keep asking and asking etc.....dont know what that winpcap is, may get rid of that! | SolMiester (139) | ||
| 673412 | 2008-05-28 10:43:00 | Hmm log looks ok. But you can tick these then tick fix checked Close browsers Whats H?? Internal or external hdd? O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe Does task manager / the firewall / regedit still open? Uninstall all versions of Java, then install the latest version Does Avast still work, or is it disabled? |
Speedy Gonzales (78) | ||
| 673413 | 2008-05-28 10:48:00 | avast still works, got rid of some of those above, h: is flash drive. Whats unlocker? |
SolMiester (139) | ||
| 1 2 3 | |||||