Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown virus blooking access to files and creating new folders which i cant access


  • Please log in to reply
7 replies to this topic

#1 badboykiller1990

badboykiller1990

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 16 April 2010 - 08:52 PM

i got my new windows 7 computer about 3 days ago and just yesterday i notice the computer was acting strange but i ignored it since i didnt know much about this computer. but today i went to my 'computer' folder and i notices a new folder had been created in 'hard disk drive' called 'local disk q' i remmember i didnt creat it and that it wasnt there since i was there like five minutes ago when i was there to get my picture from my USB, another reason is that i had been there alot since i was suprised that there was no C/drive, any ways i downloaded Malwarebytes' Anti-Malware and it proved my Suspicion or dout it found this

here is the log

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3999

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17/04/2010 01:35:08
mbam-log-2010-04-17 (01-35-08).txt

Scan type: Quick scan
Objects scanned: 120434
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


i am very worried that the viruse is not gone because i still cant access that folder and am being told i dont have priveleg for something needed to acess or delete or formate this fill. i downloaded microsft security essential and did a full scan and it found nothing. i aksi downloaded SUPERAntiSpyware Free Edition and i will post the result soon

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,559 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:18 AM

Posted 16 April 2010 - 09:17 PM

Yes post the SAS log and Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 badboykiller1990

badboykiller1990
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 17 April 2010 - 06:47 AM

here is the SAS log:SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/17/2010 at 02:19 AM

Application Version : 4.35.1002

Core Rules Database Version : 4817
Trace Rules Database Version: 2629

Scan type : Complete Scan
Total Scan Time : 00:50:52

Memory items scanned : 846
Memory threats detected : 0
Registry items scanned : 6497
Registry threats detected : 0
File items scanned : 26336
File threats detected : 80

Adware.Tracking Cookie
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\mohamed_omar@microsoftwindows.112.2o7[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\mohamed_omar@partypoker[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\mohamed_omar@www6.addfreestats[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\mohamed_omar@doubleclick[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\mohamed_omar@msadcenter.112.2o7[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adtech[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ad.yieldmanager[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@content.yieldmanager[3].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@revsci[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@burstbeacon[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ads.ad4game[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@specificclick[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@burstnet[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adbrite[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@pro-market[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@content.yieldmanager[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@mediadakine[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adviva[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@kontera[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@d.mediadakine[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@gr.burstnet[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@c5.zedo[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@statcounter[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@at.atwola[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@ie-stat.bmmetrix[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@media6degrees[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@doubleclick[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@apmebf[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@www.burstbeacon[1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@zedo[1].txt
C:\Users\Mohamed Omar\AppData\Local\Temp\Low\Cookies\mohamed_omar@atdmt[1].txt
C:\Users\Mohamed Omar\AppData\Local\Temp\Low\Cookies\mohamed_omar@serving-sys[1].txt
C:\Users\Mohamed Omar\AppData\Local\Temp\Low\Cookies\mohamed_omar@insightexpressai[1].txt
C:\Users\Mohamed Omar\AppData\Local\Temp\Low\Cookies\mohamed_omar@mediaplex[2].txt
C:\Users\Mohamed Omar\AppData\Local\Temp\Low\Cookies\mohamed_omar@revsci[1].txt
C:\Users\Mohamed Omar\AppData\Local\Temp\Low\Cookies\mohamed_omar@bs.serving-sys[1].txt
C:\Users\Mohamed Omar\AppData\Local\Temp\Low\Cookies\mohamed_omar@apmebf[1].txt
C:\Users\Mohamed Omar\AppData\Local\Temp\Low\Cookies\mohamed_omar@doubleclick[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@atdmt[2].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@microsoftsto.112.2o7[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@burstnet[2].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@tradedoubler[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@kontera[2].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@invitemedia[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@smartadserver[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@www.burstnet[2].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@www.partypoker[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@atwola[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@microsoftwindows.112.2o7[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@at.atwola[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@adviva[2].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@tacoda[2].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@content.yieldmanager[3].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@k.t.e.cltomedia[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@mediaplex[2].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@statse.webtrendslive[2].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@yieldmanager[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@cltomedia[2].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@msnportal.112.2o7[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@xm.xtendmedia[2].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@collective-media[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@advertising[2].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@2o7[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@tribalfusion[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@xiti[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@adbrite[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@revsci[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@questionmarket[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@content.yieldmanager[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@fastclick[2].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@doubleclick[2].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@adtech[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@partypoker[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@apmebf[1].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@casalemedia[2].txt
C:\Users\Mohamed Omar\AppData\Roaming\Microsoft\Windows\Cookies\Low\mohamed_omar@ad.yieldmanager[2].txt


here is the results from the Malwarebytes' Anti-Malware scan:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4000

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17/04/2010 12:21:56
mbam-log-2010-04-17 (12-21-56).txt

Scan type: Quick scan
Objects scanned: 120037
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,559 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:18 AM

Posted 17 April 2010 - 03:24 PM

You look great now...any other issues?

It seems like the Q drive issue is related to an install of Microsoft Office 2010 beta. (beta means it's still in a testing form and may have issues.
It is the Click to Run feature that is responsible for this it was started in 2010.

Edited by boopme, 17 April 2010 - 03:37 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 badboykiller1990

badboykiller1990
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 17 April 2010 - 05:50 PM

ohh thank god for that, but why does it say i dont have the privilege to access it like i am not an administrator user.


other then that am good :thumbsup: .


by the ways thanks for all your help.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,559 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:18 AM

Posted 17 April 2010 - 07:00 PM

I am not certain as I do not use MSOffice... But I suspect it has something to do with access rights as you are sort of on a server..

Click-to-Run products also take up about half the disk space of normal products, they repair more completely, and they won’t break other software installed on the PC because they have private copies of all of their files and registration.

Click-to-Run is not a new Office “product”, it’s a new way of delivering and updating the products with which you are already familiar. Click-to-Run delivery is available for both the Office Home and Student 2010, and Office Home and Business 2010 products. It has full language support, and will work on both 32-bit and 64-bit Operating Systems (although only the 32-bit version of Office is actually run on both platforms).


http://blogs.technet.com/office2010/archiv...st-century.aspx
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 badboykiller1990

badboykiller1990
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 17 April 2010 - 07:42 PM

that would explain everything becuase i downloaded the Office Home and Student 2010 version

again thanks for all you'r help, i dont know what i would have done without you help, once again thank you

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,559 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:18 AM

Posted 17 April 2010 - 09:04 PM

You're welcome !!! thanks for dropping by. :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users