Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Virus Is Affecting My Com And My Antivirus Wont Tell Me


  • Please log in to reply
4 replies to this topic

#1 azure_fantist

azure_fantist

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 15 April 2008 - 01:42 AM

hi there
recently my desktop is down with problems, and some unknown virus too. Hope to get some help and opinions...
Well, whenever i try to get into my c drive or d drive, just as i double-click it, a window pop-up occur; 'open with...' asking me to select one of the applications avaliable in my computer in order for me to get in and view the contents insides either the c or d drive.

Anyway, i manage to get in by using 'explore' option but this cannot be a long-term solution.
I tried using my antivirus to scan whether it is in safe or normal boot but was found to have no virus results. And worst still, my antivirus only show that it has scanned 92-95 files in the both drives. So, are these 2 drives of mine down with serious virus?

I'm using Windows XP home edition, and my antivirus is symantec antivirus 2003 version 9.
(now even the antivirus cannot get itself to have up-to-date virus, even though it downloaded the latest one but just cant be updated *argh*)

So can anyone help me? Other than reformatting my computer which is i most unlikely want it for my restore disk went missing and got no idea how to reformat, is there other ways of solving this problem?

Thanks alot!!!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:19 PM

Posted 15 April 2008 - 08:50 AM

From what you describe, it appears to be a flash (usb, pen, thumb, jump) drive infection.

Please insert your flash drive before we begin. Hold down the Shift key when inserting the drive until Windows detects it.

If you're using Windows 2000/XP, please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix".
-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"
When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 azure_fantist

azure_fantist
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 18 April 2008 - 09:29 AM

hi quietman7, this is the report i have gotten...


SDFix: Version 1.172
Run by Administrator on Fri 04/18/2008 at 10:16 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 22:25:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 18 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\208c1a8c52f47d7b2df4baa21f58d3da\download\BITC6.tmp"
Fri 18 Apr 2008 7,318 A..H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Shortcut Bar\Off2.tmp"
Wed 16 Apr 2008 8,246 A..H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Shortcut Bar\Off2h.tmp"
Wed 16 Apr 2008 8,246 A..H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Shortcut Bar\Off2s.tmp"

Finished!


Please do tell me what does it means. thanks!

#4 azure_fantist

azure_fantist
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 18 April 2008 - 09:47 AM

sorry forgot to add this. my external disk is still experiencing the problem, as well as my hard drives. where you double-click it, it pops out an 'open with' window...

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:19 PM

Posted 18 April 2008 - 10:29 PM

This step involves making changes in the registry. Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable.

Click on this link:
http://windowsxp.mvps.org/
Scroll down to Windows XP Tips & Fixes and double-click on "Drive" Association Fix for XP in the left column. Go to File, choose "Save page as" All Files and save XP_drive_fix.reg to your desktop. Double-click on that file and choose "Yes" to merge it into the registry when prompted. Once you get a successful message delete the file and reboot.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users