Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


What virus creates system folders and affect sound and youtube?

  • Please log in to reply
1 reply to this topic

#1 Submit2s


  • Members
  • 55 posts
  • Gender:Female
  • Location:USA-Missouri
  • Local time:11:49 PM

Posted 16 January 2011 - 12:42 PM

Hello, and happy new year! It's been a while since I have been engaged on the site. My question is: What virus that is current that will create system folders and affect audio online like on youtube?

Items noticed and steps taken. Window XP system

Apparently there is a file that appears as a .txt file located in the Administrator user menu (noticed this from safemode) the file in question is epor.exe (under startmenu). If you try and disable from msconfig, it will populate another command to handicap the system. Can't find the epor.exe file in the registry. I couldn't delete this file for nothing. out of curiosity, I clicked on the file to see what content were listed. The file created another system folder. The user name will not be listed in your main users, but will create a system folder/user within the documents and setting's folder.

Steps taken. Removing files from registry, logged in safemode,command prompt and attempted to force remove the directory using rd /S. I attempted attrib commands to change the folder permissions. I've used killbox to delete directory on reboot changing from process to system, as the option type to delete. Used combofix. Combofix detects a rootkit. Smitfraud keeps decting and removing, suspect replication. AVG detect virus as well. I attempted to handicap the files by renaming or removing from registry to no avail.; this virus is constantly attaching itself and replicating. Customer attempts to install google chrome, it won't accept, but appears as though you had installed.


I like to know what is this virus and a fix if you have one. This is one of the toughest cookies I have ever seen and spent nearly four hours in an attempt prior to researching on the web and coming here for assistance.

Any suggestions?

Edited by Orange Blossom, 16 January 2011 - 06:54 PM.
Deactivate link. ~ OB

"We are what we think, All that we are arises in our thoughts; with our thoughts, we make the world. You can make your world or break your world by your thinking." Buddha~

BC AdBot (Login to Remove)


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,110 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:49 PM

Posted 16 January 2011 - 06:55 PM


Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic. Please be sure to include a description of your computer issues and what you have done to try to resolve them.

If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users