Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xmfx\help1.rar nm


  • Please log in to reply
2 replies to this topic

#1 skdbz

skdbz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 13 June 2009 - 05:31 AM

Hello to bleepingcomputer.com forums!

My name is dk and I am having a real real real tough time with my computer. A few weeks ago my computer unexpectedly crashed as I was organizing my computer desktop. I reattached my harddrive into my friends computer to retrieve my data and placed all my data in a huge external harddrive. Afterwards I reinstalled Windows XP to my main C: harddrive. Note that my computer has two harddrive: One is split into 3 partition, with one of these partition with my OS installed on and another as just a secondary harddrive as shown below:

My Harddrive setup:
Harddrive 1=
C: Operating system
D:
E:

Harddrive 2=
G:

External Harddrive=
H:

Whenever I reinstalled my computer with XP I use my external harddrive to place the necessary drivers needed to install my anti-virus program (Because I needed to be connected to the internet), using Avast! home edition. After a few tries I realized that my external harddrive seemed to be infected too. So I placed the needed drivers into a USB drive, completely wipe out my harddrive by recreating new partitions, reinstalled my OS, opened into safe mode and drag the necessary files and then installed my drivers. Soon I was able to install Avast! my anti-virus program.

I noticed after doing this, my computer was not infected because of my key observation that I could go into my Hidden File directories that I can enable through tools-folder options-view-hidden files and folders. I scanned my whole computer and my external harddrive and quarantined every single trace of any malware and trojans.

I believe that it all went well until I tried dragging some of my files from my laptop into my desktop. Prior I made sure that my virus program could catch any malware from my USB by scanning beforehand (I know my laptop is infected too). But that is when everything came back. The first thing I noticed was I could not see any of my hidden files from my c/doc&set/username/localsetting folder. Over the period of a few days I had problems such as: ########.com/xfmx/help1.rar and cdaudio.sys or olhrwef.exe or some other kind of \system\nmdfgds0.dll that keeps popping up at different times.

I came to this site towards the end of my quest and found two programs that are recommended a lot: Malwarebyte's Anti-Malware and SuperAntiSpyware. So I tried it using the direction that username Buddy215 said here: http://www.bleepingcomputer.com/forums/t/196122/olhrwefexerttrwqexetheseis-the-malware-that-i-found-outfor-now/

I've done quickscan, fullscan, safemode and just regular mode. None of this helped me at all. I need someone to guide me step by step to see if I can get this out of my way. If someone can help me out in anyway, I would be tremendously, exceedingly, excessively, extremely, hugely, largely, staggeringly thankful in so many ways. THANKS!!!!!!!!!!!

EDIT: Side question, is it possible to fix this without having to reformat all my hard drives and having to reinstall the OS?


Here are my last recent results:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/13/2009 at 02:51 AM

Application Version : 4.26.1004

Core Rules Database Version : 3937
Trace Rules Database Version: 1880

Scan type : Quick Scan
Total Scan Time : 00:12:50

Memory items scanned : 463
Memory threats detected : 0
Registry items scanned : 342
Registry threats detected : 0
File items scanned : 29939
File threats detected : 2

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\NMDFGDS0.DLL

Trojan.Dropper/Sys-NV
C:\WINDOWS\SYSTEM32\OLHRWEF.EXE


Malwarebytes' Anti-Malware 1.37
Database version: 2267
Windows 5.1.2600 Service Pack 2

6/13/2009 3:14:01 AM
mbam-log-2009-06-13 (03-14-01).txt

Scan type: Quick Scan
Objects scanned: 92868
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by skdbz, 13 June 2009 - 05:38 AM.


BC AdBot (Login to Remove)

 


#2 skdbz

skdbz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 13 June 2009 - 05:41 AM

I am utterly perplexed, for some reason my functionality of my enabling my hidden files has suddenly returned after running a scan using MAM. Perhaps my computer is safe now. However I lost the functionality to access my C: drive by double clicking it in My Computer folder.

I will post more to see if this is finally over with. How ironic it would be that this is solved right when I first wrote this topic.

#3 skdbz

skdbz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 13 June 2009 - 06:00 AM

So here are my latest log post:

Malwarebytes' Anti-Malware 1.37
Database version: 2267
Windows 5.1.2600 Service Pack 2

6/13/2009 3:45:59 AM
mbam-log-2009-06-13 (03-45-59).txt

Scan type: Quick Scan
Objects scanned: 92493
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/13/2009 at 03:58 AM

Application Version : 4.26.1004

Core Rules Database Version : 3937
Trace Rules Database Version: 1880

Scan type : Quick Scan
Total Scan Time : 00:11:43

Memory items scanned : 458
Memory threats detected : 0
Registry items scanned : 342
Registry threats detected : 0
File items scanned : 29985
File threats detected : 0



Well I still have some questions hopefully someone can answer. How would I be able to enable the double click to access to my hard drive? Secondly, can that cause the malware to occur again or will it be safe to say that my problem is gone? Third, how do I handle the information in my external hard drive if there still is a malware inside of it?

Thanks again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users