BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Folder.exe Removal
   
BullGuard Antivirus Forum > Virus Removal > Removal Tools > Folder.exe Removal  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Folder.exe Removal
[ << Previous Thread | Next Thread >> ]

JenPick
New Member


Date Joined May 2006
Total Posts : 3
 
   Posted 5/14/2006 4:38 PM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
Hi,

I have Virus in My System.. Its Creating .EXE (Application ) files in all the Folders.

For example, if the Folder Name is One, In side the Folder One, its Creating One.exe

if the Folder Name is First, In side the Folder First, its Creating First.exe

Any Solution for this? I don't have internet facility to my system, all i need is one simeple tool to remove that.

Thanks in advance
Jen
Back to Top
 

JenPick
New Member


Date Joined May 2006
Total Posts : 3
 
   Posted 5/15/2006 12:09 PM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
Hi AnyBody,

Got Any solutions??
Back to Top
 

simon2
New Member


Date Joined May 2006
Total Posts : 1
 
   Posted 5/28/2006 10:33 AM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
Testing.
Back to Top
 

channappa
New Member


Date Joined Jun 2006
Total Posts : 1
 
   Posted 6/13/2006 7:17 PM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
hop JenPick said...
Hi,

I have Virus in My System.. Its Creating .EXE (Application ) files in all the Folders.

For example, if the Folder Name is One, In side the Folder One, its Creating One.exe

if the Folder Name is First, In side the Folder First, its Creating First.exe

Any Solution for this? I don't have internet facility to my system, all i need is one simeple tool to remove that.

Thanks in advance
Jen
Back to Top
 

HendrixChains
New Member


Date Joined Jun 2006
Total Posts : 17
 
   Posted 6/14/2006 8:19 AM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
Heycool
 
I need more info to help you further remove this stuff.
 
1. A couple questions that need answering..
--What Anti-Virus do you have? If Any.
--Do you have any sort of Virus/Spyware scanner?
 
2. Necessary Downloads..
--Ewido Security Suite 3.5 (14-day free trial)(Update to latest protection but clicking update when program opens)
 
3. Creating a HijackThis and Ewido Security Suite Log.
---Hijackthis: Execute recently downloaded program from where ever you downloaded it to.  After the program opens, the selected item/button will be: Do a System scan and save a logfile.  This is what you want to click on.  It will save a file called hijackthis.txt  to where the program was downloaded.. Open this and do CTRL+A to select all then copy and paste into here.
 
---Ewido Security Suite: Open program.  Make sure you updarted protection.  Click "Scanner" and do a complete system scan.  When finished click "Save Report"  a file close to the name of Scan report_20060612.txt should be where teh program was downloaded... press CTRL+A and copyt and paste into here.. then submit.
 
 
Please post logs for these two programs.
WIll help further after looking through the logs.
Thanks,
Trevor
Back to Top
 

ginish_g
New Member


Date Joined Jun 2006
Total Posts : 4
 
   Posted 6/15/2006 9:27 AM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
hey even i need help for this same problem i have , i receoved one of my Pc Using
SYMANTAC ANTIVIRUS-  just start ur Pc in a safe mode & run for a complete scan
also dont 4get to get the live update for the new virus.
 
but one of my pc is still infected, & In MY COMputer- Tools - folder option  is missing,
& im not able to acees any of my hidden file , is there any way to recover this ????
please help me too with this folder.exe virus
 
thanks in Advance frnd
Back to Top
 

Ellena
New Member


Date Joined Jun 2006
Total Posts : 16
 
   Posted 6/27/2006 4:44 AM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
Hi,
It seems your computer is infected by "Brontok".
I had removed it! ;)
 
The steps I did are :
1. I boot my computer with the XP LifeCD (I use XP - OS). The XP
    LifeCD made by Bart PEBuilder (http://www.nu2.nu/pebuilder). or  
    can use Knoppix LifeCD.
 
2. With the LifeCD, all of the hidden files can be shown. So I can
    rename the MSVBVM60.dll (it's a hidden file) with the new one
    name (example : MSVBVM60-old.dll). If this file missing/
    unavailabled, the virus can't active.
 
3. I boot the computer by the HDD and turned off the System
   Restore.
4. Delete all the task in Schedule Task.
5. I remove all the entries in the Registry. (to unlock the registry, I
    install the UnHookExec(right click this file and choose install), it
    can be downloaded in www.symantec.com
    This virus entries names like :
    "kesenjangansosial","rakyatkelaparan","brontok","rontok".
     just find these items in the registry.
examples :     HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 
6. I install the Antivirus with the newest Definition Files.
7. I scan it.
8. Done.
 
Back to Top
 

Ellena
New Member


Date Joined Jun 2006
Total Posts : 16
 
   Posted 6/27/2006 10:05 AM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
oop's I've forgot something..
to show up/unhidden the "Folder Option"
go to : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
delete the entry : "NoFolderOption"
 
OK.. hope it'll be usefull!
 
Cheers!
Ellen.
Back to Top
 

ginish_g
New Member


Date Joined Jun 2006
Total Posts : 4
 
   Posted 7/6/2006 3:53 PM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
thanks for the reply a lot,,
 please help he out in this one too, i am not able to find out the winxp life cd, can u please give me the link, does life cd means Xp bootable- or can i run my pc on safe mode & do the same
 
please give me the link of Knoppix LifeCD / or LifeCD
 
also my regedit option is not available  please help me . the virus has almost infected my pc completely
Back to Top
 

Ellena
New Member


Date Joined Jun 2006
Total Posts : 16
 
   Posted 7/11/2006 8:42 AM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
Hi,
sorry for late reply..
the XP Life CD can be build with BartPE www.nu2.nv/pebuilder
Make it in a 'healthy XP PC'. You will need the master of Windows XP.
Just follow the instructions. It's a simple way. It's easy.
If it is finnish, you will have the XP Life CD.
 
With XP Life CD you can boot the computer with no risc to be infected.
FYI, Brontok will active even in safe mode or DOS booting system.
So, this XP Life CD is so usefull (just boot the PC with this CD).
'n follow the intructions that I have posted before to eliminate this kind of virus.
 
To open the locked registry (caused by the virus) using program "UnHookExec" can be downloaded in  :
 
OK..
That's all for now..
Success for you!
Cheers!
Ellen.
Back to Top
 

ginish_g
New Member


Date Joined Jun 2006
Total Posts : 4
 
   Posted 7/11/2006 9:13 AM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
thanks for the solution Allan..
 
i have already removed the infection from my pc , thanks to you & some other sorurce,
now im goin to make life easy for Jen by givin him the solution if not yet solved.
 
 
jen please down load this antivirs n run it on ur Pc ,
1) trn off any antivirus , windows program & sytem restore b4 doing this .
 
please down load this  antivirus frm the below link called brontok washer
 
bye take care
cheers
ginish
Back to Top
 

maesiva
New Member


Date Joined Jun 2006
Total Posts : 1
 
   Posted 7/19/2006 8:44 AM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
hey ginish,
this tool, "bw-beta.zip" is buggy, it restarts the pc as soon as clicking "Clean Now" button!

take care of u n pc too !!
maes
Back to Top
 

ginish_g
New Member


Date Joined Jun 2006
Total Posts : 4
 
   Posted 7/19/2006 8:53 AM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
this happened to few off my frends PC after i suggested this  BW- brontox washer-
but it was ok after you turn off ur antivirus running in ur pcs & other a window applications
Back to Top
 

craxx
New Member


Date Joined Oct 2006
Total Posts : 1
 
   Posted 10/31/2006 3:27 PM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
hi ellen! thanks for the advice!! ive been having the same very problm..

but now i am realy newbie in this PE thingy...XP LIFE cd? ive successfully reboot but now i have no idea on how to remove the file.. please help me.... thanks in advance!!
Back to Top
 

harleyfan
New Member


Date Joined Nov 2006
Total Posts : 2
 
   Posted 11/14/2006 8:20 AM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
i am unable to install the unhookexec.inf file into my pc so what can i do now i ve the same woem in my pc.
Back to Top
 

9kare_Hedieh_Tehrani
New Member


Date Joined Dec 2006
Total Posts : 1
 
   Posted 12/23/2006 10:10 PM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
Hello
I am Hossein from North of IRAN.

I see 2 version of this worm yet , one have 104 kb size and the other have 45 kb size.
one make new folder.exe in each folder you opened and the other make *.exe in each folder that * is the same as the original folder name.
both of 104 kb & 45 kb versions disable the registery and folder option.

but 45kb is more bad from the 104 kb , because it cause restarting computer when you execute a dos or exe file and also if you search internet about anti brontok or anti new folder , it restart your computer !!!!!!!!!!!! very bad !


but do not worry :))

http://jeruk.padinet.com/~ertanto/software/bw-beta.zip
910 Kb

you can download it . it is brontok washer !

be lucky !
Iranian Queen & Persian Princess is mrs Hedieh Tehrani.
Back to Top
 

Ellena
New Member


Date Joined Jun 2006
Total Posts : 16
 
   Posted 1/5/2007 6:48 AM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
Hi,
Sorry for late reply..
to install the UnHookExec is too simple. Just right click that file, choose install.
It will show nothing, it just open the locked registry.
You may now open the registry editor, OK!
Try it!
For further information, read bout the manual instruction of UnHookExec installation step in the Symantec.com.
 
Good Luck!
 
Ellen.
Back to Top
 

Cstrikedish
New Member




Date Joined Jan 2007
Total Posts : 36
 
   Posted 1/9/2007 12:24 PM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
Hi, if you want to search more anti-virus tool, you can visit www.qweas.com/download/antivirus/anti_virus_tools. I downloaded Kaspersky Anti-Virus to try for free.

It supports most popular operating systems, e-mail gateways and firewalls.
It is very easy to use. Try it!

Good Luck! :p

Post Edited (Cstrike dish) : 1/10/2007 1:09:01 AM GMT

Back to Top
 

shankshere
New Member


Date Joined Apr 2007
Total Posts : 5
 
   Posted 4/2/2007 11:20 AM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
Hi this is shanks here i m new to this forum, have gone thru ur suggestions regarding folder virus and downloaded hikak and scanned my systems here is its log ;
Logfile of HijackThis v1.99.1
Scan saved at 1:45:04 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\SVIQ.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\WinGate\WinGate.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SHAKTI~1\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe
C:\WINDOWS\system\Fun.exe
C:\WINDOWS\dc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quicknews.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\WinSit.exe
F3 - REG:win.ini: load=C:\WINDOWS\inf\Other.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\config\Win.exe
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe
O4 - HKCU\..\Run: [dc2k5] C:\WINDOWS\SVIQ.EXE
O4 - HKCU\..\Run: [Fun] C:\WINDOWS\system\Fun.exe
O4 - HKCU\..\Run: [dc] C:\WINDOWS\dc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8516FCCC-631C-426B-A99B-321E40A1AE43}: NameServer = 202.88.152.6,202.88.130.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{8516FCCC-631C-426B-A99B-321E40A1AE43}: NameServer = 202.88.152.6,202.88.130.67
O17 - HKLM\System\CS2\Services\Tcpip\..\{8516FCCC-631C-426B-A99B-321E40A1AE43}: NameServer = 202.88.152.6,202.88.130.67
O20 - AppInit_DLLs: 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 4/2/2007 1:18 PM (GMT +3)    Quote: Folder.exe RemovalAlert an admin about: Folder.exe Removal
Hi shankshere


You´ve got reply here -
I've locked this thread since the issue is old


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 
New Topic Locked Topic Printable version of : Folder.exe Removal
 
Forum Information
Currently it is Tuesday, July 29, 2014 9:52 AM (GMT +3)
There are a total of 60,529 posts in 13,304 threads.
In the last 3 days there were 1 new threads and 1 reply posts. View Active Threads
Who's Online
This forum has 36180 registered members. Please welcome our newest member, Ianathuth.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard removes CODWAW.exe says its a trojen generic (1)7/26/2014 5:56:15 PM (Andreea-Luciana Ostache)