60% off
BullGuard Premium Protection Ultimate protection for all your devices
Buy Now

Folder.exe Removal

Posted 5/14/2006 1:38 PM
#30635
User avatar

JenPick Member

Date Joined Nov 2016
Total Posts: 3
Hi,

I have Virus in My System.. Its Creating .EXE (Application ) files in all the Folders.

For example, if the Folder Name is One, In side the Folder One, its Creating One.exe

if the Folder Name is First, In side the Folder First, its Creating First.exe

Any Solution for this? I don't have internet facility to my system, all i need is one simeple tool to remove that.

Thanks in advance
Jen
Posted 5/15/2006 9:09 AM
#30664
User avatar

JenPick Member

Date Joined Nov 2016
Total Posts: 3
Hi AnyBody,

Got Any solutions??
Posted 5/28/2006 7:33 AM
#31065
User avatar

simon2 Member

Date Joined Nov 2016
Total Posts: 1
Posted 6/13/2006 4:17 PM
#31715
User avatar

channappa Member

Date Joined Nov 2016
Total Posts: 1
" :hop: JenPick" wrote:
Hi,

I have Virus in My System.. Its Creating .EXE (Application ) files in all the Folders.

For example, if the Folder Name is One, In side the Folder One, its Creating One.exe

if the Folder Name is First, In side the Folder First, its Creating First.exe

Any Solution for this? I don't have internet facility to my system, all i need is one simeple tool to remove that.

Thanks in advance
Jen
Posted 6/14/2006 5:19 AM
#31744
User avatar

HendrixChains Member

Date Joined Nov 2016
Total Posts: 9
[table height="100%" cellSpacing=0 cellPadding=0 width="100%" border=0]
[tr ][td class=msgThread1 vAlign=top height="100%"]Hey :cool:




I need more info to help you further remove this stuff.



[color=red>1.]

--What Anti-Virus do you have? If Any.

--Do you have any sort of Virus/Spyware scanner?



2. Necessary Downloads..[/color][/b]

--[color=blue>HijackThis]

--Ewido Security Suite 3.5[/color][/url] (14-day free trial)[color=green>(Update][/color]



[color=red>3.]

---[/color]Hijackthis: [color=black>Execute] Do a System scan and save a logfile. [/color][color=black>This]hijackthis.txt[/color] to where the program was downloaded.. Open this and do CTRL+A to select all then copy and paste into here.[/b]



---[color=purple>Ewido]Open program. Make sure you updarted protection. Click "Scanner"[/color] and do a complete system scan. When finished click [color=purple>"Save] a file close to the name of Scan report_20060612.txt[/color] should be where teh program was downloaded... press CTRL+A and copyt and paste into here.. then submit.





Please post logs for these two programs.

WIll help further after looking through the logs.

Thanks,

Trevor
[/td][/tr][/table]
Posted 6/15/2006 6:27 AM
#31822
User avatar

ginish_g Member

Date Joined Nov 2016
Total Posts: 4
hey even i need help for this same problem i have , i receoved one of my Pc Using
SYMANTAC ANTIVIRUS- just start ur Pc in a safe mode & run for a complete scan

also dont 4get to get the live update for the new virus.



but one of my pc is still infected, & In MY COMputer- Tools - folder option is missing,

& im not able to acees any of my hidden file , is there any way to recover this ????

please help me too with this folder.exe virus



thanks in Advance frnd
Posted 6/27/2006 1:44 AM
#32466
User avatar

Ellena Valued member

Date Joined Nov 2016
Total Posts: 12
Hi,
It seems your computer is infected by "Brontok".

I had removed it! ;)



The steps I did are :

1. I boot my computer with the XP LifeCD (I use XP - OS). The XP

LifeCD made by Bart PEBuilder (http://www.nu2.nu/pebuilder). or

can use Knoppix LifeCD.



2. With the LifeCD, all of the hidden files can be shown. So I can

rename the MSVBVM60.dll (it's a hidden file) with the new one

name (example : MSVBVM60-old.dll). If this file missing/

unavailabled, the virus can't active.



3. I boot the computer by the HDD and turned off the System

Restore.

4. Delete all the task in Schedule Task.

5. I remove all the entries in the Registry. (to unlock the registry, I

install the UnHookExec(right click this file and choose install), it

can be downloaded in www.symantec.com

This virus entries names like :

"kesenjangansosial","rakyatkelaparan","brontok","rontok".

just find these items in the registry.

examples : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Run



6. I install the Antivirus with the newest Definition Files.

7. I scan it.

8. Done.
Posted 6/27/2006 7:05 AM
#32472
User avatar

Ellena Valued member

Date Joined Nov 2016
Total Posts: 12
oop's I've forgot something..

to show up/unhidden the "Folder Option"

go to : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

delete the entry : "NoFolderOption"



OK.. hope it'll be usefull!



Cheers!

Ellen.
Posted 7/6/2006 12:53 PM
#32984
User avatar

ginish_g Member

Date Joined Nov 2016
Total Posts: 4
thanks for the reply a lot,,
please help he out in this one too, i am not able to find out the winxp life cd, can u please give me the link, does life cd means Xp bootable- or can i run my pc on safe mode & do the same



please give me the link of Knoppix LifeCD / or LifeCD



also my regedit option is not available please help me . the virus has almost infected my pc completely
Posted 7/11/2006 5:42 AM
#33278
User avatar

Ellena Valued member

Date Joined Nov 2016
Total Posts: 12
Hi,

sorry for late reply..

the XP Life CD can be build with BartPE www.nu2.nv/pebuilder

Make it in a 'healthy XP PC'. You will need the master of Windows XP.

Just follow the instructions. It's a simple way. It's easy.

If it is finnish, you will have the XP Life CD.



With XP Life CD you can boot the computer with no risc to be infected.

FYI, Brontok will active even in safe mode or DOS booting system.

So, this XP Life CD is so usefull (just boot the PC with this CD).

'n follow the intructions that I have posted before to eliminate this kind of virus.



To open the locked registry (caused by the virus) using program "UnHookExec" can be downloaded in :

http://securityresponse.symantec.com/avcenter/venc/data/tool.to.reset.shellopencommand.registry.keys.html



OK..

That's all for now..

Success for you!

Cheers!

Ellen.
Posted 7/11/2006 6:13 AM
#33281
User avatar

ginish_g Member

Date Joined Nov 2016
Total Posts: 4
thanks for the solution Allan..


i have already removed the infection from my pc , thanks to you & some other sorurce,

now im goin to make life easy for Jen by givin him the solution if not yet solved.





jen please down load this antivirs n run it on ur Pc ,

1) trn off any antivirus , windows program & sytem restore b4 doing this .



please down load this antivirus frm the below link called brontok washer

http://jeruk.padinet.com/~ertanto/bw-beta.zip



bye take care

cheers

ginish
Posted 7/19/2006 5:44 AM
#33708
User avatar

maesiva Member

Date Joined Nov 2016
Total Posts: 1
hey ginish,
this tool, "bw-beta.zip" is buggy, it restarts the pc as soon as clicking "Clean Now" button!

take care of u n pc too !!
maes
Posted 7/19/2006 5:53 AM
#33710
User avatar

ginish_g Member

Date Joined Nov 2016
Total Posts: 4
this happened to few off my frends PC after i suggested this BW- brontox washer-
but it was ok after you turn off ur antivirus running in ur pcs & other a window applications
Posted 10/31/2006 12:27 PM
#38707
User avatar

craxx Member

Date Joined Nov 2016
Total Posts: 1
hi ellen! thanks for the advice!! ive been having the same very problm..

but now i am realy newbie in this PE thingy...XP LIFE cd? ive successfully reboot but now i have no idea on how to remove the file.. please help me.... thanks in advance!!
Posted 11/14/2006 5:20 AM
#39260
User avatar

harleyfan Member

Date Joined Nov 2016
Total Posts: 2
i am unable to install the unhookexec.inf file into my pc so what can i do now i ve the same woem in my pc.
Posted 12/23/2006 7:10 PM
#40901
User avatar

9kare_Hedieh_Tehrani Member

Date Joined Nov 2016
Total Posts: 1
Hello
I am Hossein from North of IRAN.

I see 2 version of this worm yet , one have 104 kb size and the other have 45 kb size.
one make new folder.exe in each folder you opened and the other make *.exe in each folder that * is the same as the original folder name.
both of 104 kb & 45 kb versions disable the registery and folder option.

but 45kb is more bad from the 104 kb , because it cause restarting computer when you execute a dos or exe file and also if you search internet about anti brontok or anti new folder , it restart your computer !!!!!!!!!!!! very bad !


but do not worry :))

http://jeruk.padinet.com/~ertanto/software/bw-beta.zip
910 Kb

you can download it . it is brontok washer !

be lucky !
Iranian Queen & Persian Princess is mrs Hedieh Tehrani.
Posted 1/5/2007 3:48 AM
#41447
User avatar

Ellena Valued member

Date Joined Nov 2016
Total Posts: 12
Hi,
Sorry for late reply..

to install the UnHookExec is too simple. Just right click that file, choose install.

It will show nothing, it just open the locked registry.

You may now open the registry editor, OK!

Try it!

For further information, read bout the manual instruction of UnHookExec installation step in the Symantec.com.



Good Luck!



Ellen.
Posted 1/9/2007 9:24 AM
#41641
User avatar

Cstrikedish Valued member

Date Joined Nov 2016
Total Posts: 24
Hi, if you want to search more anti-virus tool, you can visit http://www.qweas.com/download/antivirus/anti_virus_tools. I downloaded Kaspersky Anti-Virus to try for free.

It supports most popular operating systems, e-mail gateways and firewalls.
It is very easy to use. Try it!

Good Luck! :p
[4]Go! go! go! Fire in the forum![/4]
[color=green>Find]my blog[/color][/url]
Posted 4/2/2007 8:20 AM
#45437
User avatar

shankshere Member

Date Joined Nov 2016
Total Posts: 5
Hi this is shanks here i m new to this forum, have gone thru ur suggestions regarding folder virus and downloaded hikak and scanned my systems here is its log ;
Logfile of HijackThis v1.99.1
Scan saved at 1:45:04 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\SVIQ.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\WinGate\WinGate.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SHAKTI~1\LOCALS~1\Temp\Rar$EX00.625\HijackThis.exe
C:\WINDOWS\system\Fun.exe
C:\WINDOWS\dc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quicknews.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\WinSit.exe
F3 - REG:win.ini: load=C:\WINDOWS\inf\Other.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\config\Win.exe
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe
O4 - HKCU\..\Run: [dc2k5] C:\WINDOWS\SVIQ.EXE
O4 - HKCU\..\Run: [Fun] C:\WINDOWS\system\Fun.exe
O4 - HKCU\..\Run: [dc] C:\WINDOWS\dc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8516FCCC-631C-426B-A99B-321E40A1AE43}: NameServer = 202.88.152.6,202.88.130.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{8516FCCC-631C-426B-A99B-321E40A1AE43}: NameServer = 202.88.152.6,202.88.130.67
O17 - HKLM\System\CS2\Services\Tcpip\..\{8516FCCC-631C-426B-A99B-321E40A1AE43}: NameServer = 202.88.152.6,202.88.130.67
O20 - AppInit_DLLs:
Posted 4/2/2007 10:18 AM
#45441
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hi shankshere




You´ve got reply here -

http://www.bullguard.com/forum/9/My-operating-system-is-handica_45438.html

I've locked this thread since the issue is old

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, September 21, 2017, 1:32 AM (GMT +2)
There are a total of 61,375 posts in 13,502 threads.
In the last 3 days there were 1 new threads and 2 reply posts.

Who's online

This forum has 38,084 registered members. Please welcome our newest member, harrypottermusicbox.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.