Can't unhide files and folders

Posted 2/24/2007 7:13 AM
#43634
User avatar

Aqeel Member

Date Joined Nov 2016
Total Posts: 8
I got a virus and dont know what its name is... it has made that I cant unhide files and folders from Tools---> Folder Options... every time I select Show Hidden files and folders and click to OK.. next time when i open that window it shows it unselected and also the files and folders remain hidden.... Kindly tell me the solution.... I am using symantic antivirus and it is not even detecting thay virus..... Is there any cure...
Posted 2/24/2007 7:36 AM
#43635
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hi Ageel :smile:




Have You done it exactly as described here -


Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.






[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/24/2007 7:52 AM
#43636
User avatar

Aqeel Member

Date Joined Nov 2016
Total Posts: 8
I followed all the step except following three steps

Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.


and with that "hiding" problem i got another problem which is , the floppy drive is trying to read/write the disk after some time intervels and the system is getting slow....
Posted 2/24/2007 8:03 AM
#43637
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Sounds odd. Let´s see what´s running on Your computer



1. Get this version of Hijackthis from http://danborg.org/spy/hjt/alternativ.exe

2 Save it in a permanent folder of your choice, such as C:\HJT\. To create this specific folder on your hard drive: Double click the 'My Computer' icon on your desktop, then under the category hard disk drives: double click Local Disk:, then select file->New -> Folder and name it HJT

3 Run hijackthis. (alternativ exe).

Choose the "Do a system scan and save a log file" option to perform your scan.

HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.

Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.
From within the browser window and with the message body text box selected, click Edit -> Paste.

Post hijackthis log here

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/24/2007 9:02 AM
#43638
User avatar

Aqeel Member

Date Joined Nov 2016
Total Posts: 8
here it is


Logfile of HijackThis v1.99.1
Scan saved at 2:00:51 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SVCHOST.EXE
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\alternativ.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts: Site Unavailable
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:

O1 - Hosts:

O1 - Hosts:

O1 - Hosts:

O1 - Hosts:

O1 - Hosts:

O1 - Hosts:
Sorry, this GeoCities site is currently unavailable.

O1 - Hosts:

The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later.


O1 - Hosts:

Are you the site owner?
O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit!
O1 - Hosts: Find out how.


O1 - Hosts:

Learn more about data transfer.


O1 - Hosts:

O1 - Hosts:

O1 - Hosts: Yahoo! GeoCities
O1 - Hosts:
SPONSORED LINKS

O1 - Hosts:
O1 - Hosts:

O1 - Hosts:
O1 - Hosts:
Reliable plans include domain & 24x7 support.

O1 - Hosts:
O1 - Hosts:

O1 - Hosts:

O1 - Hosts:
O1 - Hosts:
Includes starter web page, email & domain forwarding, 24x7 support.

O1 - Hosts:
O1 - Hosts:

O1 - Hosts:

O1 - Hosts:
O1 - Hosts:
Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.

O1 - Hosts:
O1 - Hosts:

O1 - Hosts:

O1 - Hosts:
O1 - Hosts:
$50 setup fee waived. A reliable ecommerce plan, 24x7 support.

O1 - Hosts:
O1 - Hosts:

O1 - Hosts:

O1 - Hosts: Get your own web site at
Yahoo! GeoCities
O1 - Hosts: Hosted by Yahoo! Web Hosting
O1 - Hosts:

O1 - Hosts:

O1 - Hosts:

O1 - Hosts:

O1 - Hosts:

O1 - Hosts: Copyright ©
O1 - Hosts: 2005 Yahoo! Inc. All rights reserved

O1 - Hosts: Privacy Policy
O1 - Hosts: - Copyright Policy
O1 - Hosts: - Guidelines
O1 - Hosts: - Terms of Service
O1 - Hosts: - Help
O1 - Hosts:

O1 - Hosts:

O1 - Hosts:
O1 - Hosts:
O1 - Hosts:

O1 - Hosts: 1
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NILM License manager - Macrovision Corporation - E:\Program Files\National Instruments7\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Posted 2/24/2007 9:54 AM
#43639
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Wauw, Your hosts file are certainly corrupted :shocked:





Please download SDFix from http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

and save it to your desktop.

When you have done this, please boot into Safe Mode (Tap F8 during startup).

Rightclick on the SDFix.zip folder and choose Extract All. Open the extracted folder normally - C:\ SDFix and doubleclick on RunThis.bat to start the script.

Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. When you hit any key, your computer will reboot. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When your desktop loads, the utility will complete the removal and display Finished. Press any key again to end the script and load your desktop icons.



Finally open the SDFix folder on your desktop and copy and paste the contents of Report.txt back in this thread along with fresh hijackthis log, and tell how things are running

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/24/2007 10:50 AM
#43642
User avatar

Aqeel Member

Date Joined Nov 2016
Total Posts: 8
ok I did as u said and here is the report


REPORT

==========================================


SDFix: Version 1.68

Run by Aqeel - Sat 02/24/2007 @ 15:33:43.37

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\svchost.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Vypress Chat\\vyc.exe"="C:\\Program Files\\Vypress Chat\\vyc.exe:*:Enabled:Vypress Chat Main Executable File"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Program Files\\Commandos2\\COMANDO2\\mpserver.exe"="D:\\Program Files\\Commandos2\\COMANDO2\\mpserver.exe:*:Disabled:mpserver"
"D:\\Program Files\\Commandos II\\comm2.exe"="D:\\Program Files\\Commandos II\\comm2.exe:*:Enabled:comm2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"\\\\kami\\Fun Club\\srv.exe"="\\\\kami\\Fun Club\\srv.exe:*:Enabled:srv.exe"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"E:\\Program Files\\National Instruments7\\LabVIEW 7.0\\LabVIEW.exe"="E:\\Program Files\\National Instruments7\\LabVIEW 7.0\\LabVIEW.exe:*:Enabled:LabVIEW 7.0 Development System"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\System32\\mmc.exe"="C:\\WINDOWS\\System32\\mmc.exe:*:Enabled:Microsoft Management Console"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\RavMon.exe
C:\Program Files\Outlook Express\msimn.exe

Add/Remove Programs List:

ECHO is off.
Cleantouch Urdu Dictionary
DivX Pro Codec
DivX Player 2.1
Download Accelerator Plus Beta
Equation Grapher DEMO
HijackThis 1.99.1
HSP56 Modem Drivers
iolo technologies' System Mechanic
LabVIEW RunTimeEngine
LiveUpdate 2.6 (Symantec Corporation)
Mathematica 4.1
MATLAB 12-25-2005
Mozilla (1.7.3)
Mozilla Firefox (1.0.1)
National Instruments Software
Macromedia Flash Player 8
Urdu To English Dictionary
WinRAR archiver
Yahoo! Messenger
ZTE_USBDriver
NI Distribution Information - PDS English
NI LabVIEW Application Builder 7.0
NI LabVIEW 7.1 Core Essentials
Google Talk (remove only)
NI Example Finder 2.0
NI Instrument IO Assistant for LabVIEW 7.1
NI LabVIEW 7.0
NI LabVIEW 6.0
Symantec AntiVirus
NI LabVIEW Advanced Analysis 7.0
Virtual CD v4
NI LVBrokerAux71
upapp
NI LabVIEW Run-Time Engine 7.1
NI LVBroker
NI LabVIEW Advanced Analysis 7.1
Matrix Calculator
NI LVBrokerAux70
NI LabVIEW Run-Time Engine 7.0
NI LabVIEW CIN Tools 7.0
NI LabVIEW Professional Tools 7.1
NI LabVIEW Picture Control and CIN Tools 7.1
Microsoft Firewall Client
NI LabVIEW Professional Tools 7.0
Microsoft Office Professional Edition 2003
NI LabVIEW Run-Time Engine 6.0
Microsoft Visio Professional 2002 [English]
NI LabVIEW Application Builder 7.1
NI Uninstaller
Adobe Reader 6.0
NI LabVIEW Picture Control Toolkit 7.0
Commandos 3 - Destination Berlin
NI LabVIEW Full 7.0
MSN Messenger 7.5
NI LabVIEW 7.1
Maple 7
Shrek Activity Center
NI LabVIEW Service Locator 1.0
Syberia 2
Commandos 2: Men of Courage
NI LabVIEW Full 7.1
NI Instrument IO Assistant for LabVIEW 7.0

Finished

=============================================

here is hijkthis.txt....

=============================================

Logfile of HijackThis v1.99.1
Scan saved at 3:42:23 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\WINDOWS\SVCHOST.EXE
C:\HJT\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NILM License manager - Macrovision Corporation - E:\Program Files\National Instruments7\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Posted 2/24/2007 10:54 AM
#43643
User avatar

Aqeel Member

Date Joined Nov 2016
Total Posts: 8
My computer's performance has improved as before... and i m very thankful for that... but i am still unable to unhide my hidden files and folders.... is there any solution for that....???? and floppy drive is still trying to read disk in the drive(currently no disk in the drive)....
Posted 2/24/2007 11:10 AM
#43644
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Sounds good, however You still have infections, there can be the cause to Your problems -





Please download free Trial of Superantispyware
[color=#22229c>http://www.superantispyware.com/superantispywarefreevspro.html[/url]

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.

close the program








Download and install:
http://www.filehippo.com/download_ccleaner/[/color]
For a basic version of CCleaner with no Yahoo Toolbar, select the second or third install option as follows:
Even if you selected Option 2 or 3, if you do not want the Yahoo Toolbar installed:
Uncheck "Add CCleaner Yahoo! Toolbar", as it is checked by default during CCleaner Setup





Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)


O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)












[color=#008000>You]
[/color]






Re-start your PC in Safe mode, by holding down the F8 button during the initial start up procedure. Use the up and down arrow keys to select Start PC in safe mode and hit the enter key.
This will start your PC with only essential Windows programmes running.





Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.




Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.



Delete-



Files:

C:\RavMon.exe

C:\WINDOWS\MDM.EXE







Open Ccleaner.



1. Before first use, check under Options, Advanced, and UNCHECK "Only delete files in Windows Temp folder older than 48 hours".

2. A pop up box will appear advising this process will permanently delete files from your system.

3. Then select the items you wish to clean up.

In the Windows Tab:

Clean all entries in the "Internet Explorer". If you prefer to keep your cookies, uncheck the Cookies entry. Deleting cookies will require re-entry of user names and passwords on next visit to sites that require users log in.

Clean all the entries in the "Windows Explorer" section.

Clean all entries in the "System" section.

Clean all entries in the "Advanced" section.

Clean any others that you choose.



In the Applications Tab:

Clean all (optionally, except cookies) in the Firefox/Mozilla section if you use it.

Clean all in the Opera section if you use it.

Clean Sun Java in the Internet Section.

Clean any others that you choose.

4. Then click the "Run Cleaner" button and it will scan and clean your system. Click exit.













Start Superantispyware/rightclick on the black/yellow bug in tray.

Hit - Scan Your Computer - button

Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next

it will scan now. When scan have finished, put a checkmark with all items it found. Next, after cleaning, allow it to Reboot





Open Superantispyware



Obtain the SuperAntiSpyware log as follows:

Click: Preferences

Click the Statistics/Logs tab

Under Scanner Logs, double-click SuperAntiSpyware Scan Log

It opens in your default text editor (such as Notepad)



Post this log along with fresh hijackthis log and tell how things are running


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/24/2007 2:34 PM
#43656
User avatar

Aqeel Member

Date Joined Nov 2016
Total Posts: 8
Here is the SUPERANTISPYWARE log.....


==========================

SUPERAntiSpyware Scan Log
Generated 02/24/2007 at 07:11 PM

Application Version : 3.5.1016

Core Rules Database Version : 3165
Trace Rules Database Version: 1176

Scan type : Complete Scan
Total Scan Time : 01:11:08

Memory items scanned : 190
Memory threats detected : 0
Registry items scanned : 4725
Registry threats detected : 0
File items scanned : 61918
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Shakeel\Cookies\shakeel@msnportal.112.2o7[1].txt

Adware.ChannelUp
J:\SYSTEM VOLUME INFORMATION\_RESTORE{0254E75A-5743-4BD5-BE4B-3AF11ED00C96}\RP14\A0003820.EXE


=============================

the problem still exists......
Posted 2/25/2007 8:33 AM
#43696
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Post fresh hijackthis log

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/26/2007 1:15 PM
#43783
User avatar

Aqeel Member

Date Joined Nov 2016
Total Posts: 8
Here is the fresh Hijackthis log and I have also atteched an image, this image describe another problem or symptom caused by that virus... If i right click on any hard disk drive patition in my computer the upper two options in pop up manue are different cherecters.... thay are encricled... plz tell me some solution about it... thanks........


==================================================================

Logfile of HijackThis v1.99.1
Scan saved at 6:07:44 PM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\SVCHOST.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SERVER:8080
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE42B0B2-4695-4D64-997F-D92AAF7EE545}: NameServer = 211.94.65.97 202.125.148.204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NILM License manager - Macrovision Corporation - E:\Program Files\National Instruments7\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Post attachments:
image.JPG
Posted 2/27/2007 5:29 AM
#43815
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Reboot to safe mode and delete:
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\MDM.EXE



Reboot normally, post new log and tell, do You still have those odd characters ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 2/28/2007 4:43 AM
#43879
User avatar

Aqeel Member

Date Joined Nov 2016
Total Posts: 8
I rebooted my system in safe mode and found out that "C:\WINDOWS\SVCHOST.EXE" do not exist,
however i tried to delete, "C:\WINDOWS\System32\SVCHOST.EXE" but this is used by system and
cant be delete, i tried to endtask that file but it run itself again...

I also tried to delete,"C:\WINDOWS\MDM.EXE", first time a successfully deleted it but came back again
immidiatly and now delete doesnt work on it...

I still have those odd cherecters....

I found out from some where that it is Trojan Horse but dont know how to remove it... even my antivirus is not detecting it...

i m sending new HiJakeThis log file.....


=====================================================================


Logfile of HijackThis v1.99.1
Scan saved at 9:42:38 AM, on 2/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SERVER:8080
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE42B0B2-4695-4D64-997F-D92AAF7EE545}: NameServer = 211.94.65.97 202.125.148.204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NILM License manager - Macrovision Corporation - E:\Program Files\National Instruments7\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



========================================================

Please try help me out.... :cry:
Posted 3/2/2007 12:07 AM
#43955
User avatar

astedradj Member

Date Joined Nov 2016
Total Posts: 1
I hope this works out. I have the same problem on my computer. I downloaded a program from a file share site, and now I have a trojan. Most of my files are hiden. I'm thinking I'm going to have to format my computer. Is there a program I can pay for that would remove the viruses? Could you tell me which program is the best one for removing trojans? Also what are the chances that the trojan will be removed? Am I better of just formating and getting a virus protector, firewall? Thanks for the reply. :freaked:
Posted 3/2/2007 6:07 AM
#43966
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 3/6/2007 7:39 AM
#44158
User avatar

Sayami Member

Date Joined Nov 2016
Total Posts: 1
Ageel,


i have the same problem. i have managed to remove the RavMon.exe virus with Protector Plus 2007, which is free to download, but problem with unhide hidden files and folders is still there.

please let me know if you have solved that problem.



would appreciate ur and anyothers help. i m desperate.
Posted 3/21/2007 10:07 PM
#44925
User avatar

SM Nauman Member

Date Joined Nov 2016
Total Posts: 1
hy..
I have exactly the same problem.



i went to safe mode and run Xoftspy and symentec in safe mode and found

Torjan horse

W32.Rajump



in mdm.exe files and svhost



after that i restarted pc. I am not able to unhide files and

when i right click any of my partition i still see the ascii language in place of open and explore. More over when i double click on any partition a window pop up which says open with. so i am not able to enter into any of my drive partition. So i have to use folder tree option to work in my partitions.. I am soo upset..



Please i desperately need help on this issue. Plz helpp.
Posted 3/28/2007 8:00 AM
#45219
User avatar

netgeek Member

Date Joined Nov 2016
Total Posts: 1
Touch,
thank you for your help and great advice...

I had the same issue / virus on my machine...

I downloaded and utilized all the tools you menitoned as well as MS-MSRT (tells me that these are unrecognized files but does not give you an option to remove them)..and MS-Defender...



I had issues with BOOTSAFE (superantispyware)..it would not give me an option to go into NORMAL mode.. i was stuck in SAFE MODE..



using all the tools you mentioned i was able to track down the 3 files on my system.

svchost.exe / Svchost.ini

MDM.exe

and RovMon.exe (spelling?)



and those are the files that were causing the problem.. I am pretty sure that I have eliminated them form my system.



I had to go serach for all 3 files in the WHOLE REGISTERY (there were over 30 occurances for each in idfferent places).

and delete them.. then using the software you menioned above i deleted those files from the system



I still cound not UNHIDE my folders so I went and REPAIRED MY XP.. and now i can see my hidden files..



My C:\ still shows up with the corruption and i have not been able to get rid of that...



Please advice..



Regards,



Netgeek
Posted 12/25/2007 9:17 PM
#57906
User avatar

nobel007 Member

Date Joined Nov 2016
Total Posts: 1
Not at all what you made it very easy

downlod avg free edition will make it delete virus

Then ......

\ 1 / wordpad then open ..
\ 2 / made save as ...
\ 3 / give him the name autorun.inf
\ 4 / then copy and paste made in the disc wanted ...
\ 5 / reboot the pc and it's playing

[color=blue][3]Nabil[/3][/color] alger :idea:







non pas du tout se que vous faite c'est tres simple

telecharcher avg free edition fera la faire il suprimera le virus

puis ......

\1/ ouvrez wordpad puis ..
\2/ faite enregistrer sous...
\3/ donner lui le non autorun.inf
\4/ puis copier le ,et faite le coller dans le disque voulu ...
\5/ redemare le pc et le tour est joue

nabil alger
Post attachments:
Sans titre.JPGSans titre1.JPG36_2_2.gif
Posted 1/3/2008 6:51 PM
#58214
User avatar

kaytkayt Member

Date Joined Nov 2016
Total Posts: 7
I have the same "can't unhiding" problem.


I had files autorun.inf and semo??.exe (?spelling) in all my disc

partitions. When I deleted them I had them reappear in some seconds.



I had the virus in \windows\system32\amvo.exe.



I removed amvo.exe and amvo1.dll from \windows\system32



Then I deleted autorun.inf and semo??.exe.



Now, they don't reappear.



But, I still have the problem "can't unhiding" continuing.



I also had Win32/NSAnti virus detected (but cant be cleaned).

(That was the point where I understood that my computer was infected).l



And also some other kind of virus notifications.



But, after I removed amvo.exe I might have gotten rid of

some of them (which ones I don't know).



But "can't unhiding problem continues".



Could anybody with the same problems solved them?



thanks



kaytkayt
Posted 1/4/2008 11:34 AM
#58230
User avatar

kaytkayt Member

Date Joined Nov 2016
Total Posts: 7
Good news.


First,

if exists delete that file.

Note that it is also hidden/read only/system file.

C:\WINDOWS\system32\[color=red>amvo.exe]



C:\WINDOWS\system32\amvo1.dll <<< delete that file as well if exists.[/color]
[color=#ff0000>


Now, they don't reappear.

To get rid of "can't unhide files and folders" problem try the following:[/color]

A nice little script that restores the options here:
[color=#0000ff>http://www.kellys-korner-xp.com/xp_tweaks.htm[/url]

368.]
http://www.kellys-korner-xp.com/regs_edits/viewfolderrestore.reg[/color]

[color=#000000>Now,]

Windows My Computer-->Tools-->Folder Options-->show hidden files (works :-))[/color]

[color=#000000>Kaytkayt
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, May 28, 2017, 6:32 PM (GMT +2)
There are a total of 61,214 posts in 13,468 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 38,033 registered members. Please welcome our newest member, shaynahamilton.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.