It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

Folder.exe Removal

Posted 5/14/2006 1:38 PM
#30635
User avatar

JenPick Member

Date Joined Nov 2016
Total Posts: 3
Hi, <br/> <br/>I have Virus in My System.. Its Creating .EXE (Application ) files in all the Folders. <br/> <br/>For example, if the Folder Name is One, In side the Folder One, its Creating One.exe <br/> <br/>if the Folder Name is First, In side the Folder First, its Creating First.exe <br/> <br/>Any Solution for this? I don't have internet facility to my system, all i need is one simeple tool to remove that. <br/> <br/>Thanks in advance <br/>Jen
Posted 5/15/2006 9:09 AM
#30664
User avatar

JenPick Member

Date Joined Nov 2016
Total Posts: 3
Hi AnyBody, <br/> <br/>Got Any solutions??
Posted 5/28/2006 7:33 AM
#31065
User avatar

simon2 Member

Date Joined Nov 2016
Total Posts: 1
Posted 6/13/2006 4:17 PM
#31715
User avatar

channappa Member

Date Joined Nov 2016
Total Posts: 1
" :hop: JenPick" wrote: <br/>Hi, <br/> <br/>I have Virus in My System.. Its Creating .EXE (Application ) files in all the Folders. <br/> <br/>For example, if the Folder Name is One, In side the Folder One, its Creating One.exe <br/> <br/>if the Folder Name is First, In side the Folder First, its Creating First.exe <br/> <br/>Any Solution for this? I don't have internet facility to my system, all i need is one simeple tool to remove that. <br/> <br/>Thanks in advance <br/>Jen
Posted 6/14/2006 5:19 AM
#31744
User avatar

HendrixChains Member

Date Joined Nov 2016
Total Posts: 9
[table height="100%" cellSpacing=0 cellPadding=0 width="100%" border=0] <br/>[tr ][td class=msgThread1 vAlign=top height="100%"]Hey :cool: <br/> <br/> <br/> <br/> <br/>I need more info to help you further remove this stuff. <br/> <br/> <br/> <br/>[color=red>1.] <br/> <br/>--What Anti-Virus do you have? If Any. <br/> <br/>--Do you have any sort of Virus/Spyware scanner? <br/> <br/> <br/> <br/>2. Necessary Downloads..[/color][/b] <br/> <br/>--[color=blue>HijackThis] <br/> <br/>--<FONT color=blue>Ewido Security Suite 3.5[/color][/url] (14-day free trial)[color=green><B>(Update][/color] <br/> <br/> <br/> <br/>[color=red>3.] <br/> <br/><FONT color=purple><FONT color=black>---[/color]Hijackthis: [color=black>Execute] Do a System scan and save a logfile. [/color][color=black>This]hijackthis.txt[/color] to where the program was downloaded.. Open this and do CTRL+A to select all then copy and paste into here.[/b] <br/> <br/> <br/> <br/>---[color=purple>Ewido]Open program. Make sure you updarted protection. Click <FONT color=purple>"Scanner"[/color] and do a complete system scan. When finished click [color=purple>"Save] a file close to the name of <FONT color=purple>Scan report_20060612.txt[/color] should be where teh program was downloaded... press CTRL+A and copyt and paste into here.. then submit. <br/> <br/> <br/> <br/> <br/> <br/>Please post logs for these two programs. <br/> <br/>WIll help further after looking through the logs. <br/> <br/>Thanks, <br/> <br/>Trevor <br/>[/td][/tr][/table]
Posted 6/15/2006 6:27 AM
#31822
User avatar

ginish_g Member

Date Joined Nov 2016
Total Posts: 4
hey even i need help for this same problem i have , i receoved one of my Pc Using <br/>SYMANTAC ANTIVIRUS- just start ur Pc in a safe mode & run for a complete scan <br/> <br/>also dont 4get to get the live update for the new virus. <br/> <br/> <br/> <br/>but one of my pc is still infected, & In MY COMputer- Tools - folder option is missing, <br/> <br/>& im not able to acees any of my hidden file , is there any way to recover this ???? <br/> <br/>please help me too with this folder.exe virus <br/> <br/> <br/> <br/>thanks in Advance frnd
Posted 6/27/2006 1:44 AM
#32466
User avatar

Ellena Valued member

Date Joined Nov 2016
Total Posts: 12
Hi, <br/>It seems your computer is infected by "Brontok". <br/> <br/>I had removed it! ;) <br/> <br/> <br/> <br/>The steps I did are : <br/> <br/>1. I boot my computer with the XP LifeCD (I use XP - OS). The XP <br/> <br/> LifeCD made by Bart PEBuilder (http://www.nu2.nu/pebuilder). or <br/> <br/> can use Knoppix LifeCD. <br/> <br/> <br/> <br/>2. With the LifeCD, all of the hidden files can be shown. So I can <br/> <br/> rename the MSVBVM60.dll (it's a hidden file) with the new one <br/> <br/> name (example : MSVBVM60-old.dll). If this file missing/ <br/> <br/> unavailabled, the virus can't active. <br/> <br/> <br/> <br/>3. I boot the computer by the HDD and turned off the System <br/> <br/> Restore. <br/> <br/>4. Delete all the task in Schedule Task. <br/> <br/>5. I remove all the entries in the Registry. (to unlock the registry, I <br/> <br/> install the UnHookExec(right click this file and choose install), it <br/> <br/> can be downloaded in www.symantec.com <br/> <br/> This virus entries names like : <br/> <br/> "kesenjangansosial","rakyatkelaparan","brontok","rontok". <br/> <br/> just find these items in the registry. <br/> <br/>examples : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> <br/>HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Run <br/> <br/> <br/> <br/>6. I install the Antivirus with the newest Definition Files. <br/> <br/>7. I scan it. <br/> <br/>8. Done.
Posted 6/27/2006 7:05 AM
#32472
User avatar

Ellena Valued member

Date Joined Nov 2016
Total Posts: 12
oop's I've forgot something.. <br/> <br/>to show up/unhidden the "Folder Option" <br/> <br/>go to : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer <br/> <br/>delete the entry : "NoFolderOption" <br/> <br/> <br/> <br/>OK.. hope it'll be usefull! <br/> <br/> <br/> <br/>Cheers! <br/> <br/>Ellen.
Posted 7/6/2006 12:53 PM
#32984
User avatar

ginish_g Member

Date Joined Nov 2016
Total Posts: 4
thanks for the reply a lot,, <br/> please help he out in this one too, i am not able to find out the winxp life cd, can u please give me the link, does life cd means Xp bootable- or can i run my pc on safe mode & do the same <br/> <br/> <br/> <br/>please give me the link of Knoppix LifeCD / or LifeCD <br/> <br/> <br/> <br/>also my regedit option is not available please help me . the virus has almost infected my pc completely
Posted 7/11/2006 5:42 AM
#33278
User avatar

Ellena Valued member

Date Joined Nov 2016
Total Posts: 12
Hi, <br/> <br/>sorry for late reply.. <br/> <br/>the XP Life CD can be build with BartPE www.nu2.nv/pebuilder <br/> <br/>Make it in a 'healthy XP PC'. You will need the master of Windows XP. <br/> <br/>Just follow the instructions. It's a simple way. It's easy. <br/> <br/>If it is finnish, you will have the XP Life CD. <br/> <br/> <br/> <br/>With XP Life CD you can boot the computer with no risc to be infected. <br/> <br/>FYI, Brontok will active even in safe mode or DOS booting system. <br/> <br/>So, this XP Life CD is so usefull (just boot the PC with this CD). <br/> <br/>'n follow the intructions that I have posted before to eliminate this kind of virus. <br/> <br/> <br/> <br/>To open the locked registry (caused by the virus) using program "UnHookExec" can be downloaded in : <br/> <br/>http://securityresponse.symantec.com/avcenter/venc/data/tool.to.reset.shellopencommand.registry.keys.html <br/> <br/> <br/> <br/>OK.. <br/> <br/>That's all for now.. <br/> <br/>Success for you! <br/> <br/>Cheers! <br/> <br/>Ellen.
Posted 7/11/2006 6:13 AM
#33281
User avatar

ginish_g Member

Date Joined Nov 2016
Total Posts: 4
thanks for the solution Allan.. <br/> <br/> <br/>i have already removed the infection from my pc , thanks to you & some other sorurce, <br/> <br/>now im goin to make life easy for Jen by givin him the solution if not yet solved. <br/> <br/> <br/> <br/> <br/> <br/>jen please down load this antivirs n run it on ur Pc , <br/> <br/>1) trn off any antivirus , windows program & sytem restore b4 doing this . <br/> <br/> <br/> <br/>please down load this antivirus frm the below link called brontok washer <br/> <br/>http://jeruk.padinet.com/~ertanto/bw-beta.zip <br/> <br/> <br/> <br/>bye take care <br/> <br/>cheers <br/> <br/>ginish
Posted 7/19/2006 5:44 AM
#33708
User avatar

maesiva Member

Date Joined Nov 2016
Total Posts: 1
hey ginish, <br/>this tool, "bw-beta.zip" is buggy, it restarts the pc as soon as clicking "Clean Now" button! <br/> <br/>take care of u n pc too !! <br/>maes
Posted 7/19/2006 5:53 AM
#33710
User avatar

ginish_g Member

Date Joined Nov 2016
Total Posts: 4
this happened to few off my frends PC after i suggested this BW- brontox washer- <br/>but it was ok after you turn off ur antivirus running in ur pcs & other a window applications
Posted 10/31/2006 12:27 PM
#38707
User avatar

craxx Member

Date Joined Nov 2016
Total Posts: 1
hi ellen! thanks for the advice!! ive been having the same very problm.. <br/> <br/>but now i am realy newbie in this PE thingy...XP LIFE cd? ive successfully reboot but now i have no idea on how to remove the file.. please help me.... thanks in advance!!
Posted 11/14/2006 5:20 AM
#39260
User avatar

harleyfan Member

Date Joined Nov 2016
Total Posts: 2
i am unable to install the unhookexec.inf file into my pc so what can i do now i ve the same woem in my pc.
Posted 12/23/2006 7:10 PM
#40901
User avatar

9kare_Hedieh_Tehrani Member

Date Joined Nov 2016
Total Posts: 1
Hello <br/>I am Hossein from North of IRAN. <br/> <br/>I see 2 version of this worm yet , one have 104 kb size and the other have 45 kb size. <br/>one make new folder.exe in each folder you opened and the other make *.exe in each folder that * is the same as the original folder name. <br/>both of 104 kb & 45 kb versions disable the registery and folder option. <br/> <br/>but 45kb is more bad from the 104 kb , because it cause restarting computer when you execute a dos or exe file and also if you search internet about anti brontok or anti new folder , it restart your computer !!!!!!!!!!!! very bad ! <br/> <br/> <br/>but do not worry :)) <br/> <br/>http://jeruk.padinet.com/~ertanto/software/bw-beta.zip <br/>910 Kb <br/> <br/>you can download it . it is brontok washer ! <br/> <br/>be lucky ! <br/>Iranian Queen & Persian Princess is mrs Hedieh Tehrani.
Posted 1/5/2007 3:48 AM
#41447
User avatar

Ellena Valued member

Date Joined Nov 2016
Total Posts: 12
Hi, <br/>Sorry for late reply.. <br/> <br/>to install the UnHookExec is too simple. Just right click that file, choose install. <br/> <br/>It will show nothing, it just open the locked registry. <br/> <br/>You may now open the registry editor, OK! <br/> <br/>Try it! <br/> <br/>For further information, read bout the manual instruction of UnHookExec installation step in the Symantec.com. <br/> <br/> <br/> <br/>Good Luck! <br/> <br/> <br/> <br/>Ellen.
Posted 1/9/2007 9:24 AM
#41641
User avatar

Cstrikedish Valued member

Date Joined Nov 2016
Total Posts: 24
Hi, if you want to search more anti-virus tool, you can visit http://www.qweas.com/download/antivirus/anti_virus_tools. I downloaded Kaspersky Anti-Virus to try for free. <br/> <br/>It supports most popular operating systems, e-mail gateways and firewalls. <br/>It is very easy to use. Try it! <br/> <br/>Good Luck! :p
[4]Go! go! go! Fire in the forum![/4]
[color=green>Find]my blog[/color][/url]
Posted 4/2/2007 8:20 AM
#45437
User avatar

shankshere Member

Date Joined Nov 2016
Total Posts: 5
Hi this is shanks here i m new to this forum, have gone thru ur suggestions regarding folder virus and downloaded hikak and scanned my systems here is its log ; <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 1:45:04 PM, on 4/2/2007 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\explorer.exe <br/>C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe <br/>C:\WINDOWS\system\svchost.exe <br/>C:\WINDOWS\SVIQ.EXE <br/>C:\WINDOWS\eHome\ehRecvr.exe <br/>C:\WINDOWS\eHome\ehSched.exe <br/>C:\Program Files\WinGate\WinGate.exe <br/>C:\WINDOWS\system32\dllhost.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\WINDOWS\system32\wpabaln.exe <br/>C:\WINDOWS\system32\wscntfy.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\WinRAR\WinRAR.exe <br/>C:\DOCUME~1\SHAKTI~1\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe <br/>C:\WINDOWS\system\Fun.exe <br/>C:\WINDOWS\dc.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html[/url] <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quicknews.info <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html[/url] <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ <br/>R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) <br/>F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\WinSit.exe <br/>F3 - REG:win.ini: load=C:\WINDOWS\inf\Other.exe <br/>F3 - REG:win.ini: run=C:\WINDOWS\system32\config\Win.exe <br/>F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe <br/>O4 - HKCU\..\Run: [dc2k5] C:\WINDOWS\SVIQ.EXE <br/>O4 - HKCU\..\Run: [Fun] C:\WINDOWS\system\Fun.exe <br/>O4 - HKCU\..\Run: [dc] C:\WINDOWS\dc.exe <br/>O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present <br/>O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 <br/>O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm <br/>O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm <br/>O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O17 - HKLM\System\CCS\Services\Tcpip\..\{8516FCCC-631C-426B-A99B-321E40A1AE43}: NameServer = 202.88.152.6,202.88.130.67 <br/>O17 - HKLM\System\CS1\Services\Tcpip\..\{8516FCCC-631C-426B-A99B-321E40A1AE43}: NameServer = 202.88.152.6,202.88.130.67 <br/>O17 - HKLM\System\CS2\Services\Tcpip\..\{8516FCCC-631C-426B-A99B-321E40A1AE43}: NameServer = 202.88.152.6,202.88.130.67 <br/>O20 - AppInit_DLLs:
Posted 4/2/2007 10:18 AM
#45441
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hi shankshere <br/> <br/><br /><br /> <br/>You´ve got reply here - <br/> <br/>http://www.bullguard.com/forum/9/My-operating-system-is-handica_45438.html <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 8pt; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA">I've locked this thread since the issue is old

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 4, 2016, 11:21 AM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 3 new threads and 4 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.