Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Could Say "please Help", But That Would Get No Response. Lol


  • This topic is locked This topic is locked
17 replies to this topic

#1 ~╬♣zm泄♀法~

~╬♣zm泄♀法~

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:23 PM

Posted 30 November 2007 - 03:17 PM

First of all i'd like to comment on an absolutely MAGNIFICENT site you have here. Secondly, i've been on the site with "guest" status for quite some time now and have usually found my dillemas to be resolved simply by looking around the forums. But bot have i done it now lol :flowers: Okay, here's the SitRep :
While i was gone to Fort Campbell for the Fall i lent my computer to my brother (which happens to be at a certain age right now, but we'll get to that in a minute) who APPARENTLY felt the need to trash it with spyware, adware, viruses, worms, and PORN (you name it, i've had to clean it). well, with that said i have deleted everything except for a DNS (DLS maybe?) downloader (somehow everytime i click on a link in IE it "redirects" me to fake sites, etc. can't get rid of this one either, but im working on it. back to the original problem) and a certain folder that has me absolutely stumped and stupified. First of all, the folder in question is ~ C:\Documents and Settings\Owner\My Documents\Incomplete ~ I ABSOLUTELY CANNOT move\rename\delete this file. For a matter of fact, i can't even "mouse-over" the folder. Anytime i try to interact with this folder in any way explorer.exe crashes, then Dr.Watsons PostMortem Debugger crashes right behind it. I cannot run a full system virus scan because it freezes as soon as the AV gets to that file. (No problems scanning folders individually, just not that one, and no full system scan) So.................... i have tried over and over to delete it through the command prompt, but i'm no expert at the command line codes. So where does this leave me? I can't afford to restore as i have too many games that i have corrupted disks for (kids and scratches) and had to patch them with the fixed exe files.
Thank you for any help ANYONE can give me that might direct me in the "path of enlightenment". :thumbsup:


{Mod Edit: Moved to more appropriate forum~~boopme}

Edited by boopme, 30 November 2007 - 04:46 PM.


BC AdBot (Login to Remove)

 


m

#2 AzureEd

AzureEd

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 30 November 2007 - 03:40 PM

Have you tried interacting with the folder in safe mode?

#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:05:23 PM

Posted 30 November 2007 - 04:38 PM

This would be the better place to post your problem
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
It's further down the main forum page
Good luck
Mark
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 ~╬♣zm泄♀法~

~╬♣zm泄♀法~
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:23 PM

Posted 30 November 2007 - 07:38 PM

yes, first thing i tried was safe mode. (i'm not really a computer noob, but not really an expert either). I've tried deleting it with various programs and it crashes whatever program i happened to be using. i even got desperate and tried to delete it through winrar lololol :trumpet: :thumbsup: anywayz, solution one was amis though i thank you for your effort. Any other ideas from anyone? Damn this has got me stumped. (winrar DID let me dig a little deeper though. it opened the "incomplete" folder and allowed me to narrow the problem down to a folder named "-xxxporn blah blah blah" which was inside a folder with a number that was inside the "incomplete" folder. did that make sense? lol ~C:\Documents and Settings\Owner\My Documents\Incomplete\VBZK3I66J5U5B2K6KVI4VHWKZFQWETKL\-XXXporn blah blah blah ~ but no further :flowers: ) I was not surprised to find the folder since i've been cleaning his mess for a week and a half now. Anyways, thanks again for your help.

#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:23 PM

Posted 30 November 2007 - 08:24 PM

Hi ~╬♣zm泄♀法~
Can you tell us if you have run any anti-malware programs...... and if so, which ones?
Have you tried any 'online' scanners?
C:\Documents and Settings\Owner\My Documents\Incomplete ... this sounds like someone has been using a p2p program.
Have you looked in your 'add or remove' list to see if their are any p2p programs in there?
If there are..... delete them from your list. Then see if you can remove the offending folder....(incomplete)

BBPP6nz.png


#6 ~╬♣zm泄♀法~

~╬♣zm泄♀法~
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:23 PM

Posted 30 November 2007 - 09:13 PM

Yes. I have removed the following which was all the "P2P" programs that i have found here: Limewire Pro (we have had problems with this program before) Utorrent, edonkey or gdonkey (somethingdonkey) And, once again, BRICK-WALL :thumbsup: and, yes i do have PLENTY scanner\removal devices. I have the following ~ Spybot - Search and Destroy ~ Ad-Aware 2007 (free) ~ Advanced Windows Care V2 Personal ~ Spyware Vanisher - Full ~ Windows Defender ~ {Iolo Antivirus ~ Iolo Personal Firewall ~ Iolo System Guard Defender} <------> three programs that came with System Mechanic Professional 7 ~ Charter's F-Secure Security Suite <--- REALLY DON'T LIKE THIS PROGRAM, therefore have removed it from the system, but have access to it anytime. So, with all that said........ uninstalling the p2p's didnt remove the incomplete file, and iolo antivirus crashes when it reaches the folder. Havn't been patient enough to reinstall F-Secure and run a scan with it yet, but i didn't see it a priority. (AND i have to uninstall ALL antivirus\spyware programs i have, and that's a pain in the 4$$)...... so back to square one, lol. I love a challenge, but DAMNIT MAN!!! :flowers:

~╬♣zm泄♀法~

#7 ~╬♣zm泄♀法~

~╬♣zm泄♀法~
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:23 PM

Posted 01 December 2007 - 12:57 PM

ok. eighty-five views, and three responses (thnk you starbuck, garmanma, & azured), which tells me that maybe noone has an answer. maybe someone has a couple of links i could follow where i might find help? maybe other forums or anything? ... thnk you, again, for all your help. (i think im gonna join the three word story now ;) )

#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:23 PM

Posted 01 December 2007 - 05:22 PM

Hi there,

and iolo antivirus crashes when it reaches the folder

ok, have you actually tried to run the iolo antivirus in safe mode to see if it can complete a scan?

If all else fails.......
Try running a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop.
BitDefender has the ability to remove anything it finds. It's simple to do so give this a try.

Another good program to try is.... SuperAntiSpyware.
Download SUPERAntiSypware Free for Home Users
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
    Now close down SuperAntiSpyware.
    Do Not do a scan yet.

    Please reboot your computer in Safe Mode by doing the following :

    * Restart your computer
    * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    * Instead of Windows loading as normal, a menu with options should appear;
    * Select the first option, to run Windows in Safe Mode, (you will have to use the 'arrow' keys to navigate on this window) then press "Enter".
    * Choose your usual account.

    Scan with SuperAntiSpyware
    Click the desktop icon.......when it starts, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Click Close to exit the program.

Spyware Vanisher - Full

This program used to be on the Rogue Anti-Spyware list
For giving false positives, scare-mongering scan results, out-of-datedatabases with trial versions of the programs, and aggressive advertising.
Owners seem to have cleaned up their act a bit..... but there are better programs out there.

I love a challenge,

so do i Posted Image

BBPP6nz.png


#9 ~╬♣zm泄♀法~

~╬♣zm泄♀法~
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:23 PM

Posted 01 December 2007 - 08:37 PM

Okay ... update on our "challenge"...... BitDefender Internet Security 2008 (purchased it via wire-transfer ;) ) SCANNED right over it without skipping a beat... not a virus. Super Anti-Spyware: frozen when touches the folder. Iolo, safe-mode: freezes when it touches the file. Everything else just scans right over it and keeps going. But still cannot remove the folder :thumbsup: have you even heard of anything like this before? i know i havnt.

#10 ~╬♣zm泄♀法~

~╬♣zm泄♀法~
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:23 PM

Posted 01 December 2007 - 11:18 PM

and just for the record, Spyware Vanisher = Malware according to the Super Anti-Spyware program.... i guess the owners havn't cleaned up their act huh?

#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:23 PM

Posted 02 December 2007 - 06:48 AM

It's just a thought........
You might not have been given 'ownership' of this folder.
You could check to see who has 'ownership' of the folder and if need be, you could try changing it so that you have ownership.
This should then allow you the rights to delete it.

You can take ownership of a folder in XP using the steps that are listed below.

1. Log on with an administrator account.
2. Open Windows Explorer.
3. Open the Properties window for the object and select the Security tab.
4. Click the Advanced button.
5. Click the Owner tab. The current owner of the resource will be listed.
6. From the list, select the user you want to assign ownership to.
7. Click OK.
8. Click OK to save your changes.

It's something else to try. Posted Image

BBPP6nz.png


#12 ~╬♣zm泄♀法~

~╬♣zm泄♀法~
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:23 PM

Posted 02 December 2007 - 01:11 PM

I ~assume~ that "windows explorer" is the normal shell in which i use on a regular basis. Am i correct or are you speaking of another windows explorer that i am unfamiliar with? And to log on as administrator..... i dont have to log onto my comp. i am the only one that uses it (under normal circumstances) so i am alwayz logged on as administrator (unless i have to do this through safe-mode, which i have tried). Also when i click the properties option (thru the right-click menu) i see no security tab... oh crap! it crashed explorer.exe again (big surprise lololololol). Thank you for ur assistance, starbuck. (And all others that contribute their thoughts on this matter). Maybe, just maybe, we can all learn something here huh? lol I HAVE A THIRST FOR KNOWLEDGE......... :thumbsup: And don't worry, starbuck, if i find a miraculous way to eliminate the beast, i will definately give you the step-by-step on how it was done... I guess this has turned into a "pissing contest" between me and my computer... lol And trust me i am WAY more stubborn than this piece of machinery.

#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:23 PM

Posted 04 December 2007 - 05:42 PM

I ~assume~ that "windows explorer" is the normal shell in which i use on a regular basis.

Yes, that's right.

And to log on as administrator..... i dont have to log onto my comp. i am the only one

Ok, it's just something we have to point out in case you have multiple accounts.

Also when i click the properties option (thru the right-click menu) i see no security tab... oh crap! it crashed explorer.exe again (big surprise lololololol)

It's beginning to sound like you may have a few more problems than are showing .

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.

Read the Preparation Guide before posting a HijackThis Log.
Please read, and follow, all directions carefully

Run a log, and post it in the HijackThis Logs and Analysis forum.

Do not, post it in this topic.
Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response from the HJT Team, because they are very busy. Please, be patient, as these people are volunteers. They will help you, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.


If you haven't heard back from them in 5 days, go to this topic, Haven't Had A Reply In Five Days?, and carefully follow all directions.

BBPP6nz.png


#14 ~╬♣zm泄♀法~

~╬♣zm泄♀法~
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:23 PM

Posted 05 December 2007 - 05:51 PM

Ok, havn't got the chance to run HJT yet, but i do have good news! The BEAST HAS BEEN DEFEATED!!!!!! Here's how it went down: Taz grabs his sword and plunges into the belly of the......... okay, that's enough lol. I used an "unlocker program". First, i restarted into safe-mode. Then ran SmitFraud. Then System Mechanic 7, Then ran super anti-spyware, and cleaned all that was to be cleaned, not much, but some. Not to my surprize, the folder was still there, and still crashed explorer.exe everytime i tried to interact with it. So i used an unlocker program (sorry i do not remember the name of it, as i uninstalled it as soon as i deleted the folder) and apparently, the folder was "locked by the system".... whatever that means.... Then system mechanic came up with 17 "security vulnerabilities"... and they are as follows:
Hosts file redirection at line:
#58 (www.google.com" redirects to "194.54.90.238")
17 different times, seventeen different lines, seventeen different site redirects, ONE ip address.
(didnt know if this would help, but MY ip address is NOT that {ipconfig consistently shows the same ipaddress for the past six months}) maybe i could find the perp somehow by this? i dunno....
I'm still going to run the rest of my "anti" programs, then i'll post the HJT log and see what is left to be done. Man, he did a number on it this time...:thumbsup:

#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:23 PM

Posted 07 December 2007 - 04:29 PM

Hi ~╬♣zm泄♀法~
Sorry have been really busy this week.

the folder was "locked by the system"

This...... linked with:

(www.google.com" redirects to "194.54.90.238")

this ip address is linked to RIPE Network Coordination Centre ....Amsterdam.
I have a good idea what's going on, but i'd rather not commit myself without seeing a full hjt log.
Either way.... what you have is not good. The sooner you get the hjt log posted the better.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users