BleepingComputer.com: Virus removed but all files remain hidden

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Virus removed but all files remain hidden

#1 User is offline   Cat2304b 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 16-June 11

Posted 16 June 2011 - 10:02 AM

PC had virus/malware - malawarebytes removed 4 x trojans however Can't see any of my desktop, all programs or anything or C: unless I unhide files. Running Sophos - updated and ran system scan but not fixing it. Any suggestions of what to do next? All ideas gratefully received - PC running XP with office 2007


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6867

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

16/06/2011 11:34:26
mbam-log-2011-06-16 (11-34-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 399141
Time elapsed: 1 hour(s), 47 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Temp\632C.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\19521316.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\farerwohlxkppqp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\paulcheetham.beaumonti\local settings\Temp\A.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\paulcheetham.beaumonti\local settings\Temp\9.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\paulcheetham.beaumonti\application data\agtyjkj.bat (Malware.Trace) -> Quarantined and deleted successfully.

#2 User is offline   invision 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 91
  • Joined: 03-June 09

Posted 16 June 2011 - 10:03 AM

They can be found in a folder named smtmp inside:

(XP)- C:\Documents and Settings\Username\Local Settings\Temp
(W7)- C:\Users\(Username)\AppData\Local\Temp


These will be there unless you have removed temp files / folders
MVPS HOSTS . Rename Hosts . 10 Immutable Laws of Security . System Lookup. MBAM

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users