(I picked the accent last year in an exchange program in Columbia S.C.. Boy is that place green!! Loved it!)
Anyhow... to the topic at hand:
How does the e.exe virus do it?
It transforms the "Documents and Settings" by changing its attributes to hidden, and then the same for the c:\Documents and Settings\[User account name] and many of its subdirectories.
It also makes the hidden attribute unchangeable, meaning that I cannot re-assign the attribute of those directories.
It masks the directories (My documents, My music, etc.) as shortcuts and makes the real folders hidden and only found by typing the full path.
When I took an infected USB to disinfect, the antivirus and the malware detectors found things to clean, but did not return the capability to regain control on the attribution of the directories.
How does the virus do that?
Is it in the Group policy editor? Is it in the Registry? Is it a combination of both?
Am I barking at the wrong tree
I am currently working on two computers that are infected with the x.exe virus, and due to very urgent operational time restraints, I have evaluated that the most practical thing to do at the moment is just to re-format and re-install. (I know... a very cowardly solution... HEY!! I heard that
Is there a better solution?
I have come across logs from ComboFix and malware detectors, which makes me think that this trojan/backdoor worm needs to be worked upon on a case-by-case basis. Am I right in assuming this?
Should I follow the instructions posted at http://www.bleepingcomputer.com/forums/topic376374.html
so I can get a head start?
Thanks for reading this and I hope there are suggestions to prevent further or future infections.