Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc infect by Kido/Downadup/conficker worm


  • This topic is locked This topic is locked
2 replies to this topic

#1 nimishprabhu

nimishprabhu

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 12 January 2010 - 10:07 AM

Basically i think my pc is affected by some kido worm!
its replicating the autorun.inf file in all drives so that drives open in new windows
also m not able to view hidden files coz whenever i try to select the open "show hidden files" and press Apply and Ok it again gets reset to "do not show" when i come back to it
i ve also used the regedit method to change the DWORD value in HKLM>>...folder\hidden\showall but of no use
even that gets reset to '0'
please suggest something such that i can use it on multiple systems
because this worm has been transfered to my friends pcs via usb
waiting in anticipation... smile.gif


DDS LOG

CODE
DDS (Ver_09-12-01.01) - NTFSx86  
Run by NIM-NIK at 20:27:47.90 on Tue 01/12/2010
Internet Explorer: 6.0.2900.2162
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1918.1382 [GMT 5.5:30]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)   {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled*   {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\NIM-NIK\Desktop\dds.EXE

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
uRun: [cdoosoft] c:\docume~1\nim-nik\locals~1\temp\herss.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [KeyMapperStarup] c:\docume~1\nim-nik\locals~1\temp\rar$ex03.453\KeyRemapper.exe  /background
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {7DE73BAC-3669-48EA-BBC5-B026BD127D2A} = 123.108.224.6 123.108.225.6
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxtcui - c:\documents and settings\all users\application data\nim-nik\UpdateLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nim-nik\applic~1\mozilla\firefox\profiles\m75boagg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.moviebie.com
FF - component: c:\documents and settings\nim-nik\application data\idm\idmmzcc3\components\idmmzcc.dll

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-1-21 21512]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-4-1 83208]
R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2008-6-4 143467]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-6-29 152456]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-8-6 110984]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-1-21 26248]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-6-25 176128]

=============== Created Last 30 ================

2010-01-12 14:46:58    0    ----a-w-    c:\windows\system32\ab_bl.sig
2010-01-12 14:46:57    4    ----a-w-    c:\windows\system32\aspdict-en.dat
2010-01-12 14:46:57    16    ----a-w-    c:\windows\system32\asdict.dat
2010-01-12 13:37:04    376    ----a-w-    c:\documents and settings\nim-nik\Application Dataprivacy.xml
2010-01-12 13:36:59    850    ----a-w-    c:\windows\system32\ProductTweaks.xml
2010-01-12 13:36:59    385    ----a-w-    c:\windows\system32\user_gensett.xml
2010-01-12 09:37:38    0    d-----w-    C:\BitDefender 2010 All versions Crack
2010-01-12 09:35:08    132    ----a-w-    c:\windows\system32\rezumatenoi.dat
2010-01-12 09:13:04    0    d-----w-    c:\docume~1\nim-nik\applic~1\BitDefender
2010-01-12 09:12:34    0    d-----w-    c:\program files\BitDefender
2010-01-12 09:12:34    0    d-----w-    c:\docume~1\alluse~1\applic~1\BitDefender
2010-01-12 09:11:43    0    d-----w-    c:\program files\common files\BitDefender
2010-01-12 09:03:43    118784    --sh--r-    C:\8xcrbho6.exe
2010-01-12 06:42:55    0    d--h--w-    C:\A
2010-01-12 06:42:18    63    --sh--r-    C:\autorun.inf
2010-01-12 06:34:19    0    d-----w-    c:\windows\ERUNT
2010-01-10 18:07:28    0    d-----w-    C:\SDFix
2010-01-10 13:04:50    2279    ----a-w-    c:\windows\system32\SHORTCUT.INI
2010-01-10 13:02:55    136    ----a-w-    c:\windows\system32\REMOTEDEVICE.INI
2010-01-10 13:02:38    4533    ----a-w-    c:\windows\system32\LOCALSERVICE.INI
2010-01-10 13:02:36    98    ----a-w-    c:\windows\system32\LOCALDEVICE.INI
2010-01-10 12:51:57    0    ----a-w-    c:\windows\system32\BSPRINT.INI
2010-01-10 12:51:14    0    d-----w-    c:\program files\IVT Corporation
2010-01-10 12:51:09    32    ----a-w-    c:\windows\0
2010-01-10 12:51:09    0    ----a-w-    c:\windows\system32\0
2010-01-10 11:13:29    0    d-----w-    c:\program files\K-Lite Codec Pack
2010-01-10 06:29:07    26496    -c--a-w-    c:\windows\system32\dllcache\usbstor.sys
2010-01-09 17:52:47    0    d-----w-    C:\Rapidshare
2010-01-09 10:12:21    114688    --sh--r-    C:\31lyx.exe
2010-01-09 09:35:11    0    d-----w-    c:\program files\common files\ODBC
2010-01-09 09:35:07    0    d-----w-    c:\program files\common files\SpeechEngines
2010-01-09 09:34:44    0    d-----r-    c:\documents and settings\all users\Documents
2010-01-09 06:44:00    0    d-----w-    c:\program files\common files\System-G
2010-01-09 06:43:58    0    d-----w-    c:\program files\DocPad
2010-01-09 05:16:09    0    d-----w-    c:\docume~1\nim-nik\applic~1\Flock
2010-01-09 05:15:53    0    d-----w-    c:\program files\Flock
2010-01-09 05:10:16    0    d-----w-    c:\docume~1\nim-nik\applic~1\IDM
2010-01-09 05:10:16    0    d-----w-    c:\docume~1\nim-nik\applic~1\DMCache
2010-01-09 05:10:12    0    d-----w-    c:\program files\Internet Download Manager
2010-01-09 04:55:07    0    d-----w-    c:\program files\GRETECH
2010-01-09 04:54:23    0    d-----w-    c:\docume~1\alluse~1\applic~1\NIM-NIK
2010-01-09 04:53:28    0    d-----w-    c:\program files\VideoLAN
2010-01-09 04:52:54    0    d-----w-    c:\program files\Broadband Pacenet
2010-01-09 04:51:08    0    d-----w-    c:\program files\AVG
2010-01-09 04:38:14    0    d-----w-    c:\program files\Realtek
2010-01-09 04:35:24    0    d-----w-    c:\program files\ATI Technologies
2010-01-09 04:24:35    0    d-----w-    c:\program files\MSXML 4.0
2010-01-09 04:22:07    0    d-----w-    c:\docume~1\alluse~1\applic~1\BF8051E7-626F-4a11-AF7A-625A7B555862
2010-01-09 04:14:45    0    d-sh--w-    c:\documents and settings\all users\DRM
2010-01-09 04:14:26    0    d--h--w-    c:\program files\WindowsUpdate
2010-01-09 04:13:34    0    d-----w-    c:\program files\common files\MSSoap
2010-01-09 04:12:13    0    d-----w-    c:\program files\Online Services
2010-01-09 04:12:08    0    d-----w-    c:\program files\Messenger
2010-01-09 04:12:04    0    d-----w-    c:\program files\MSN Gaming Zone
2010-01-09 04:11:18    0    d-----w-    c:\program files\Windows NT

==================== Find3M  ====================

2010-01-12 14:28:53    105736    ----a-w-    c:\windows\system32\drivers\bdhv.sys
2010-01-12 14:28:52    152456    ----a-w-    c:\windows\system32\drivers\bdfm.sys
2010-01-12 14:17:43    110984    ----a-w-    c:\windows\system32\drivers\bdfndisf.sys
2010-01-09 10:10:35    94208    ----a-w-    c:\windows\DUMP5062.tmp
2010-01-09 04:12:33    21640    ----a-w-    c:\windows\system32\emptyregdb.dat
2010-01-02 07:41:54    115200    --sh--r-    C:\h0.exe
2009-10-27 18:00:00    85504    ----a-w-    c:\windows\system32\ff_vfw.dll

============= FINISH: 20:28:11.96 ===============



RootRepeal Scan

CODE
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/01/12 20:31
Program Version:        Version 1.3.5.0
Windows Version:        Windows XP SP2
==================================================

Drivers
-------------------
Name: ac51be45.sys
Image Path: C:\WINDOWS\System32\Drivers\ac51be45.sys
Address: 0xAE3E7000    Size: 573824    File Visible: No    Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB1689000    Size: 98304    File Visible: No    Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADEA000    Size: 8192    File Visible: No    Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAE4C4000    Size: 49152    File Visible: No    Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_16509\versions.id.8103F8162EF318876CD0332EF1B2002E.upd
Status: Invisible to the Windows API!

==EOF==


Hey i had posted an attach file too...
neways heres the hijackthis log

CODE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:19 PM, on 1/12/2010
Platform: Windows XP SP2, v.2162 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2162)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\NIM-NIK\LOCALS~1\Temp\herss.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KeyMapperStarup] C:\DOCUME~1\NIM-NIK\LOCALS~1\Temp\Rar$EX03.453\KeyRemapper.exe  /background
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DE73BAC-3669-48EA-BBC5-B026BD127D2A}: NameServer = 123.108.224.6 123.108.225.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O20 - Winlogon Notify: igfxtcui - C:\documents and settings\all users\application data\NIM-NIK\UpdateLogon.dll (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

--
End of file - 4999 bytes


Merged posts. ~ OB

Edited by Orange Blossom, 12 January 2010 - 07:57 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:59 AM

Posted 13 January 2010 - 05:53 AM

Hi,

QUOTE
C:\BitDefender 2010 All versions Crack


Have you ever wondered how you got infected?
I see you're not afraid of using cracks/visiting cracksites etc...
If you visit cracksites, use cracks, you'll ALWAYS get infected. This not only because of the crack itself, but because one single click entering that site may already download and install a huge malware bundle.
You really have to change your surfing habits though, because these malware bundles may contain a keylogger, collecting all your passwords and installing other random malware, compromising your system including infecting other computers. And this all, because you visited some illegal sites.
Also, keep in mind, malware DAMAGES A LOT! And the damage can't always be repaired, so a format and reinstall is the only solution in such cases.
So is it really worth it? Get illegal software for "free", but compromise/break your computer instead.... sad.gif
Better to avoid this instead and change your surfing habits. Then this wouldn't have happened.

Don't forget to change your passwords afterwards, once we are done with this thread, because they are known. Don't change them now, because as long as the malware is still present, it will gather the changed passwords as well.

Anyway, * Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 nimishprabhu

nimishprabhu
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 21 January 2010 - 09:52 AM

Firstly sorry for such a late reply!
Second for using cracks and all

ok so getting to the problem...
i did format my pc but it dint work
this was a strange virus/malware
the worst part was all the solutions available over google had single solutions which dint work at all

Problems faced were :

1. Drives opening in new folder
2. Cant see hidden files [The option changes back to "Do not show hidden files" no matter wat u select and no matter wat registery key u edit in regedit.]
3. I dont know but it was causing a lot of problems

Finally i got the "NOD 32 antivirus 4"
"""""updated its virus database """"

then i scanned my system
and i found nearly 20-30 infections which were quarantined
I deleted almost all of them
and Now my pc is absolutely fine

The only thing to change once all malwares get detected and removed is to check this

go to start > run > regedit > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > Advanced > Folder > Hidden > SHOWALL

Now check in the right panel
U can see under the column "Name"

CheckedValue

Right click > modify

Change the value to 1.

Now go to my computer > tools > Folder Options > View Tab > Show hidden files

Abra Kadabra Your System will be cured smile.gif

Please keep this post unedited so that others can benefit from it

and lock the topic as my problem is solved smile.gif

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users