Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How Do I Resolve This?


  • Please log in to reply
2 replies to this topic

#1 Boji

Boji

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 20 May 2008 - 06:28 AM

Hi guys!

I'm not sure if I'm posting in the right section but I have a problem that may need your expert advise..

To start off, my hidden files won't show even when i had them checked in the folder options..
I also tried changing some values in regedit, as suggested in other forums, but it still reverts back to its original value..

Being desperate, I also tried a clean install of my windows XP, reformatted my partition drive, but still my folder options won't work..

It all started when I inserted my friend's USB flashdisk to transfer some files.. My Norton Internet Security 2008 blocked what seems like a virus named Bloodhound.Packed.Jmp... Then a message from Norton popped-up saying "0ajq.cmd has changed your windows startup settings".. So I went to msconfig to check my startup programs and found "kxvo.exe" located in C:\Windows\system32\kxvo.exe.. Problem is, this exe file is a hidden file, which is a problem 'cause I can't access my hidden files..

Is this Malware I'm dealing with?..

I tried the steps mentioned in another topic, http://www.bleepingcomputer.com/forums/t/140416/wont-show-hidden-files-and-folders/ , and I have a copy of the results for you to analyze.. Should I post them here?

B

BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:18 AM

Posted 20 May 2008 - 11:51 AM

Since you just reinstalled your OS clean, do you have any idea what is reinfecting you? It would be a waste of time to try to clean up your system if you just reinfected it again.

A clean install does not usually start out broken, it takes help.

Usually a cracked program downloaded from P2P

Edited by DaChew, 20 May 2008 - 11:52 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 Boji

Boji
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 26 May 2008 - 05:25 AM

Thanks for the response Da Chew.

i've finally resolved this problem, and for anyone who might have the same problem, i'll post the steps i used to resolve this.

you have to follow the steps EXACTLY in order for it to work.

- Open Task Manager and in Processes tab end explorer.exe and wscript.exe process

- Open up File –> New Task (Run) in the Task manager

- Type cmd and hit Enter

Type
del /a:h /f c:\autorun.*

if you have multiple drive/partition, repeat this step to all drive/partition, replacing “C:” with the appropriate drive letter.

- Go to your Windows\System32 directory by typing cd c:\windows\system32

Type dir /a:h /f hbq*.*

- If you see any files named hbq0.dll or hbq0.exe or hbo.exe, use the

Del /a:h /f avp*.exe
Del /a:h /f avp*.dll

to delete.

- Open up File –> New Task (Run) in the Task manager, Type regedit

- Navigate to:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

If there are any entries for kxvo.exe, delete them. Also delete all suspicious items

- Do a complete search of your registry for ntdelect.com or hbq.exe or kxvo.exe and delete any entries you find.

- To Restore Folder Options (“Show hidden files & folders”) Settings, Navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Advanced\Folder\Hidden\SHOWALL

- Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t, delete the key. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1. The “Show hidden files & folders” check box should now work normally.

Restart your pc.

for the link: http://espiya.net/forum/index.php/topic,72786.0.html

MOD EDIT:Important Note
This proceedure involves making changes in the registry. Always back up your registry before making any changes.

Go to Start » Run and type: regedit
Click OK.
On the left side, click to highlight My Computer at the top.
Go up to File » Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click save and then go to File » Exit.

Or you can download and use ERUNT which is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.

Edited by boopme, 26 May 2008 - 12:50 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users