I am infected with the "rose.exe" problem at office. I have 4 partitions in my hard disk. The OS (Win XP) was on C. I tried installing XP on D and booted from D but the "Autorun" option was still there for all the partitions. And clicking on it still launches "rose.exe". I tried reinstalling XP on C but to no avail. I cannot format C because my CD ROM is faulty I can't boot from it; I run the setup from the network. Plus I want to be able to clean the thing without formatting.
I know how to remove the autorun option (through registry) and the "dll" key but on restart, the autorun comes back because I can't delete rose.exe. The rose.exe file is invisible. I searched for it with "include hidden and system files" option and I also disabled system restore.
1) Where is rose.exe and how can I see and delete it?
2) I copied the backups of the projects I was working on to another system on the network. Those were C# desktop applications I was developing with VS.net 2006. After I clean the virus, will it be safe to work on those files again?
3) Will it be safe to copy back and use some other misc data?
Full Version: "rose.exe"; The Malicious Files Are Just Invisible
QUOTE
Upon execution, this memory-resident worm drops a copy of itself as, rose.exe, in the root folder. It sets its file attributes to System, Read-only, and Hidden to avoid detection....
trendmicro.com/vinfoYou can try running your anti-virus in "SAFE MODE". The malware process must be terminated. There are manual removal instructions under the "Solutions" tab in the Trend Micro link provided above. This involves making changes in the registry. Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable. ERUNT is an excellent FREE tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.
Hehe thank you for your prompt reply quietman 
Actually I had the "Hide protected OS files" option checked. That's why I couldn't see any "rose.exe". It's all cool now hehe I've done it all manually
Actually I had the "Hide protected OS files" option checked. That's why I couldn't see any "rose.exe". It's all cool now hehe I've done it all manually
Good job. Now you should SET A NEW RESTORE POINT to prevent reinfection from an old restore point. Any malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
The easiest and safest way to set a new RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
The easiest and safest way to set a new RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
OK I sure will do this right away on my next working day.
So nice of you quietman
Are you people paid or something for this?
So nice of you quietman
Are you people paid or something for this?
QUOTE
Are you people paid or something for this?
No. We are a community of volunteers who assist others such as yourself.
Wait a sec so you were able to get the PC to stop from trying to run rose.exe if you left click any drive? I have deleted the virus (all rose.exe files gone) BUT my PC keeps trying to run it if i left click a drive. Please tell me exatily what you did in regedit ruby!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.