Tech Support Forum banner
Cancel
Create thread New Forums
Status
Not open for further replies.

Attacked by fast-spreading virus!

Jump to Latest
2.2K views 4 replies 2 participants last post by  Ried  
G
#1 ·
Good day!

Here are the details:
I inserted a friend's USB in my computer and double clicked to open a folder with an unsuspicious name, only to find out that all of the folders were .exe files. Suddenly all the folders I double clicked in my hard drives simply generated the same window I had open already without opening the folder I wanted to get into. ESET than began to repeatedly find viruses in many different locations in my computer, primarily with the name autorun.inf. The virus seemed to multiply itself while ESET wasnt able to catch up. And after trying to perform a virus scan, the computer would start hanging and wouldn't even turn off anymore unless I unplugged the unit. I then decided to reboot the system at safe mode. Through TuneUp Utilities 2009, I restored the entire system back the way it was just a day ago. No viruses were now detected, however, i found that now all my folders and sub-folders were gone. I changed my folder settings at the control panel to show all hidden folders, which then made the folders visible, but looking transparent as if it were a hidden file. Other programs are not able to detect these folders, while 2 other suspicious folders started showing up, named RECYCLER and another whose name I forgot. I tried deleting them (my bad) using the unlocker, but these folders kept on returning.
Please help me. I am not able to access these folders anymore and I am hesitant to open any folders lest the virus would spread again.
Additional info: I have a genuine XP SP3, with a nice Windows 7 look (thanks to Seven Transformation Pack 1.0).
________________________________________________________________
Here's the log file info:



DDS (Ver_09-05-14.01) - NTFSx86
Run by Garrick Nehls at 4:12:35.34 on Fri 05/15/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1310 [GMT 8:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Globe Telecom\Click Fix\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE
C:\Program Files\ViGlance\ViGlance.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\Program Files\Vista Rainbar\launcher.exe
C:\Program Files\ViSplore\ViSplore.exe
C:\Program Files\ViStart\ViStart.exe
C:\PROGRA~1\VISTAR~1\Rainbar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
D:\My Downloads\= Receiver =\dds(1).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mWinlogon: UIHost=sevenui.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [E09AXLRD_249265] "c:\program files\microsoft encarta\encarta premium dvd 2009\EDICT.EXE" -m
uRun: [ViGlance] c:\program files\viglance\ViGlance.exe
uRun: [WinFlip] c:\program files\winflip\WinFlip.exe
uRun: [Vista Rainbar] c:\program files\vista rainbar\launcher.exe
uRun: [ViSplore] c:\program files\visplore\ViSplore.exe
uRun: [ViStart] c:\program files\vistart\ViStart.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
mRun: [Device Detector] DevDetect.exe -autorun
mRun: [DefragTaskBar] "c:\program files\ashampoo\ashampoo magical defrag 2\bin\defragTaskBar.exe"
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\garric~1\startm~1\programs\startup\winflip.lnk - c:\program files\winflip\WinFlip.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\garric~1\applic~1\mozilla\firefox\profiles\cc5vlxft.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3

============= SERVICES / DRIVERS ===============

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/12 01:06:22];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 sprtsvc_globe;SupportSoft Sprocket Service (globe);c:\program files\globe telecom\click fix\bin\sprtsvc.exe [2009-5-10 200384]

=============== Created Last 30 ================

2009-05-15 01:17 <DIR> --d----- c:\program files\Trend Micro
2009-05-14 22:23 <DIR> --d----- c:\program files\Avira
2009-05-14 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-05-13 03:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-12 17:01 <DIR> --d----- c:\docume~1\garric~1\applic~1\ACD Systems
2009-05-12 17:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ACD Systems
2009-05-12 17:00 <DIR> --d----- c:\program files\common files\ACD Systems
2009-05-12 17:00 <DIR> --d----- c:\program files\ACD Systems
2009-05-12 16:53 <DIR> --d----- c:\program files\VideoLAN
2009-05-12 16:18 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-05-12 16:17 <DIR> --d--r-- c:\program files\Skype
2009-05-12 15:53 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-12 15:53 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-12 15:52 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-12 14:09 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-05-12 14:01 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-05-12 14:01 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-05-12 13:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-05-12 06:32 <DIR> --d----- c:\windows\system32\scripting
2009-05-12 06:32 <DIR> --d----- c:\windows\system32\en
2009-05-12 06:32 <DIR> --d----- c:\windows\Network Diagnostic
2009-05-12 06:32 <DIR> --d----- c:\windows\L2Schemas
2009-05-12 05:56 <DIR> --d----- c:\program files\stardock
2009-05-12 05:54 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-12 05:49 <DIR> --d----- c:\docume~1\garric~1\applic~1\ViStart
2009-05-12 05:49 <DIR> --d----- c:\windows\system32\VIRepair
2009-05-12 05:49 <DIR> --d----- c:\docume~1\garric~1\applic~1\ViSplore
2009-05-12 05:47 348,161 a------- c:\windows\system32\viwc.exe
2009-05-12 05:47 <DIR> --d----- c:\program files\ViSplore
2009-05-12 05:47 <DIR> --d----- c:\program files\WinFlip
2009-05-12 05:47 <DIR> --d----- c:\program files\ViStart
2009-05-12 05:47 <DIR> --d----- c:\program files\Vista Rainbar
2009-05-12 05:47 <DIR> --d----- c:\program files\ViGlance
2009-05-12 05:47 <DIR> --d----- c:\program files\TrueTransparency
2009-05-12 05:47 <DIR> --d----- c:\program files\Vista Drive Icon
2009-05-12 05:47 7,333,376 a------- c:\windows\system32\sevenui.exe
2009-05-12 05:47 110,646 a------- c:\windows\system32\vistartup.bmp
2009-05-12 05:45 78,942 a------- c:\windows\Icon_1.ico
2009-05-12 05:45 <DIR> --d----- c:\windows\system32\VITrans
2009-05-12 05:45 111,104 a------- c:\windows\system32\Uharc.exe
2009-05-12 05:45 94,208 a------- c:\windows\system32\pskill.exe
2009-05-12 05:45 69,632 a------- c:\windows\system32\moveex.exe
2009-05-12 05:45 19,968 a------- c:\windows\system32\reico.exe
2009-05-12 05:45 8,636 a------- c:\windows\system32\modifype.exe
2009-05-12 05:45 <DIR> --d----- C:\VTPFiles
2009-05-12 05:37 20,480 a------- c:\windows\system32\scrnrdr.exe
2009-05-12 05:32 <DIR> --d----- c:\windows\system32\PreInstall
2009-05-12 03:56 361,216 a------- c:\windows\system32\TuneUpDefragService.exe
2009-05-12 03:41 <DIR> --d----- c:\docume~1\garric~1\applic~1\TuneUp Software
2009-05-12 03:40 <DIR> --d----- c:\program files\Windows MatriX Tune Up
2009-05-12 02:29 <DIR> --d----- c:\program files\Foxit Software
2009-05-12 02:29 <DIR> --d----- c:\docume~1\garric~1\applic~1\Foxit
2009-05-12 01:32 <DIR> --d----- c:\docume~1\garric~1\applic~1\foobar2000
2009-05-12 01:32 <DIR> --d----- c:\program files\foobar2000
2009-05-12 01:06 <DIR> --d----- c:\program files\common files\CyberLink
2009-05-12 00:58 45,056 a------- c:\windows\system32\WNASPI32.DLL
2009-05-12 00:58 16,512 a------- c:\windows\system32\drivers\ASPI32.SYS
2009-05-12 00:58 <DIR> --d----- c:\program files\ImTOO
2009-05-12 00:56 <DIR> --d----- c:\docume~1\garric~1\applic~1\Ashampoo
2009-05-12 00:56 <DIR> --d----- c:\program files\Ashampoo
2009-05-12 00:45 <DIR> --d----- C:\Sandbox
2009-05-12 00:02 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-05-12 00:02 <DIR> --d----- c:\windows\Logs
2009-05-11 23:51 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-05-11 23:49 <DIR> --d----- c:\program files\Unlocker
2009-05-11 23:48 <DIR> --d----- c:\windows\RegCure
2009-05-11 23:45 <DIR> --d----- c:\docume~1\garric~1\applic~1\Malwarebytes
2009-05-11 23:45 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-11 23:45 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 23:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-11 23:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-11 23:29 <DIR> --d----- c:\docume~1\garric~1\applic~1\ESET
2009-05-11 23:28 <DIR> --d----- c:\program files\ESET
2009-05-11 23:14 1,414,440 a------- c:\windows\system32\ShellManager310E2D762.dll
2009-05-11 23:14 773,120 a------- c:\windows\system32\NEROINSTAEC43759.DB
2009-05-11 22:48 35,328 ac------ c:\windows\system32\dllcache\iprip.dll
2009-05-11 22:47 <DIR> --d-h--- c:\windows\$hf_mig$
2009-05-11 22:47 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-05-11 22:47 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-05-11 22:47 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-05-11 22:47 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-05-11 22:47 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-05-11 22:47 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-05-11 22:47 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-05-11 22:47 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-05-11 22:47 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-05-11 22:46 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-05-11 22:46 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-05-11 22:46 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-05-11 22:46 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-05-11 22:46 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-05-11 22:46 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-05-11 22:45 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-05-11 22:45 7,168 ac------ c:\windows\system32\dllcache\bitsprx4.dll
2009-05-11 22:45 7,168 a------- c:\windows\system32\bitsprx4.dll
2009-05-11 22:44 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-05-11 22:43 53,248 ac------ c:\windows\system32\dllcache\tsgqec.dll
2009-05-11 22:43 53,248 a------- c:\windows\system32\tsgqec.dll
2009-05-11 22:43 290,304 ac------ c:\windows\system32\dllcache\rhttpaa.dll
2009-05-11 22:43 136,192 ac------ c:\windows\system32\dllcache\aaclient.dll
2009-05-11 22:43 290,304 a------- c:\windows\system32\rhttpaa.dll
2009-05-11 22:43 136,192 a------- c:\windows\system32\aaclient.dll
2009-05-11 22:38 4,444 a------- c:\windows\system32\pid.PNF
2009-05-11 22:38 13,312 ac------ c:\windows\system32\dllcache\irclass.dll
2009-05-11 22:38 13,312 a------- c:\windows\system32\irclass.dll
2009-05-11 22:38 24,661 ac------ c:\windows\system32\dllcache\spxcoins.dll
2009-05-11 22:38 24,661 a------- c:\windows\system32\spxcoins.dll
2009-05-11 22:38 144,484 ac------ c:\windows\system32\dllcache\netfx.cat
2009-05-11 22:38 26,991 ac------ c:\windows\system32\dllcache\msn7.cat
2009-05-11 22:38 14,433 ac------ c:\windows\system32\dllcache\msn9.cat
2009-05-11 21:55 <DIR> --d----- c:\windows\setup.pss
2009-05-11 20:24 <DIR> --d----- c:\program files\MagicISO
2009-05-11 20:19 <DIR> --d----- c:\program files\PowerISO
2009-05-11 09:44 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-05-11 02:21 <DIR> --d----- C:\downloads
2009-05-11 02:21 <DIR> --d----- c:\docume~1\garric~1\applic~1\GrabPro
2009-05-11 02:21 <DIR> --d----- c:\program files\Orbitdownloader
2009-05-11 02:03 <DIR> --ds---- c:\documents and settings\garrick nehls\UserData
2009-05-11 01:49 <DIR> --d----- c:\program files\uTorrent
2009-05-11 01:49 <DIR> --d----- c:\docume~1\garric~1\applic~1\uTorrent
2009-05-10 14:03 <DIR> --d----- c:\program files\common files\SupportSoft
2009-05-10 14:03 <DIR> --d----- c:\program files\Globe Telecom
2009-05-10 00:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ashampoo
2009-05-04 23:48 <DIR> --d----- c:\windows\system32\NtmsData
2009-05-04 06:33 69 a------- c:\windows\NeroDigital.ini
2009-05-04 05:50 <DIR> --d----- c:\docume~1\garric~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-04 05:39 206,492 a------- c:\windows\system32\nvapps.xml
2009-05-04 05:38 453,152 a----r-- c:\windows\system32\nvuninst.exe
2009-05-04 05:38 453,152 a------- c:\windows\system32\nvudisp.exe
2009-05-04 05:38 18,725 a------- c:\windows\system32\nvdisp.nvu
2009-05-04 05:36 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-04 05:35 664 a------- c:\windows\system32\d3d9caps.dat
2009-05-01 17:26 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-05-01 17:25 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-05-01 17:24 <DIR> --d----- c:\program files\common files\ODBC
2009-05-01 17:24 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-05-01 17:24 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-05-01 17:23 13,753 a----r-- c:\windows\SET8.tmp
2009-05-01 17:23 1,086,058 a----r-- c:\windows\SET4.tmp
2009-05-01 17:23 1,042,903 a----r-- c:\windows\SET3.tmp
2009-05-01 17:23 <DIR> --d----- c:\windows\system32\CatRoot2
2009-05-01 17:23 <DIR> --d----- c:\windows\system32\CatRoot
2009-05-01 17:23 <DIR> --d----- C:\Documents and Settings
2009-05-01 17:22 19,022 a------- c:\windows\system32\$winnt$.inf
2009-05-01 10:07 <DIR> --d----- c:\program files\common files\Macromedia Shared
2009-05-01 10:07 <DIR> --d----- c:\program files\common files\Macromedia
2009-05-01 10:07 <DIR> --d----- c:\program files\Macromedia
2009-05-01 10:02 <DIR> --d----- c:\program files\Microsoft Encarta
2009-05-01 09:56 <DIR> --d----- c:\program files\Yahoo!
2009-05-01 09:55 <DIR> --d----- c:\program files\CCleaner
2009-05-01 09:50 <DIR> --d----- c:\program files\Nero
2009-05-01 09:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-05-01 09:41 <DIR> --d----- c:\program files\Realtek
2009-05-01 09:41 <DIR> --d----- c:\program files\Marvell
2009-05-01 09:38 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-01 09:30 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-05-01 09:30 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-05-01 09:29 <DIR> --d----- c:\program files\common files\MSSoap
2009-05-01 09:28 <DIR> --d----- c:\program files\Online Services
2009-05-01 09:28 <DIR> --d----- c:\program files\Messenger
2009-05-01 09:28 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-05-01 09:28 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-05-12 01:04 505,128 a------- c:\windows\system32\msvcp71.dll
2009-05-12 01:04 353,576 a------- c:\windows\system32\msvcr71.dll
2009-05-12 01:04 29,480 a------- c:\windows\system32\msxml3a.dll
2009-05-12 00:44 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-11 22:44 22,720 a------- c:\windows\system32\emptyregdb.dat
2009-05-11 00:43 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-01 09:41 315,392 a------- c:\windows\HideWin.exe
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-06 22:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 08:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-21 02:09 78,336 a------- c:\windows\system32\ieencode.dll

============= FINISH: 4:12:41.67 ===============
 

Attachments

See less See more
G
#2 ·
Bump!

And let me re-formulate the details, now that I have a better understanding of the problem:

I was recently attacked by the notorious autorun.inf virus which replaced all my folders and subfolders in my D: drive with a .exe file that looked like a folder, obviously, a manifestation of the virus. As a response, I restored my system to a point before the attack, only to find that the replaced folders have disappeared. Eset has no longer detected any viruses, but I can't see my folders anymore. Yet, I do know they are still there because when I type the exact location of specific folders in the address bar, I was able to find the files. I tried to change the "view" settings under "folder options" in the control panel by showing all hidden folders, and still nothing became visible. I then tried to uncheck the "hide operating system files", which finally showed these folders, however they were transparent and my other programs couldn't detect the folders even when trying to access them through the "browse" features. Additionally, the folders "RECYCLER" and "System Volume Information" keep popping up in many places, even after deleting them using the "unlocker". What should I do?
 
#3 ·
Hello g_nehls,

Since you've used System Restore, the log you posted is no longer accurate. Kindly run a new scan with dds.scr and post a fresh dds.txt so we may begin.
 
Save
Like Like
G
#4 ·
Last night I was able to solve the problem, at the expense of losing a lot of files. I simply cleared out my entire D: drive which contained these invisible folders. Then, using TuneUp Utilities, I tried to save some of the important deleted files using the undelete feature. Now everything works fine. What is interesting to note is that when I browsed through the files I have deleted, I saw that autorun.inf was among them, including the folder names with a .exe extension. Of course, I didn't even dare to restore them.
Thanks!
 
#5 ·
Thank you for letting me know.

I inserted a friend's USB in my computer and double clicked to open a folder with an unsuspicious name, only to find out that all of the folders were .exe files. Suddenly all the folders I double clicked in my hard drives simply generated the same window I had open already without opening the folder I wanted to get into.
Click to expand...
Malware authors have been exploiting the autorun/autoplay feature for quite some time now. Flash_Disinfector will disable the autorun/autoplay feature on all drives. Many security apps disable it as well, and even Microsoft recommends disabling it.

Disabling autorun/autoplay does not prevent you from accessing those media sources. They are still available by opening My Computer and accessing the source drive (cd, dvd, usb flash or external harddrive). Pictures on a camera can still be accessed/transfered through My Pictures and selecting Get Pictures from a Scanner or Camera. Media can also be accessed via the program you intend to use it with, such as music cds accessed via Media Player, blank cds via your burning program, image handling software provided with the camera, etc. I do recommend you leave the feature disabled and get into the habit of accessing those media devices manually.

Read here for more information.


To help prevent this sort of infection in the future, download Flash_Disinfector.exe and save it to your desktop.

Locate all usb/removable drives you have so they are handy.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
 
Save
Like Like
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Forum
  • 4.7M posts
  • 965K members
  • Since 2002
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support Video Card Support