Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Files


  • Please log in to reply
8 replies to this topic

#1 BansheeBiscuits

BansheeBiscuits

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 25 June 2011 - 11:55 PM

I have a Dell Netbook with XP pro and I have Macafee on it. I opened a PDF file from a trusted source -- my stock broker for heaven's sake. Cannot recall the message I got but suddenly it looked like the computer was wiped clean. I remember reading somewhere that viruses can sneak in on PDF files.

Anyway, either I read somewhere or it dawned on me the files were hidden, so I have been unhiding them, but it's a pain in the butt.

If I got any message about buying software or click this link I probably ignored them and disconnected from the 'net in a hot New York Minute since I know the drill.

Even so, despite unhiding stuff, there surely is something sneaking around on this machine. I have run Loaris, Malabyte or whatever that is and and have a Hijack this log that means nothing to me. Since one is not to post logs here I am guessing that I should post it elsewhere or else await further instructions.

Any advise would be appreciated. I can follow simple instructions as long as they are in plain English. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:33 PM

Posted 26 June 2011 - 04:17 PM

Let's see, if we can recover your missing features.
Download and run UnHide

================================================================

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 BansheeBiscuits

BansheeBiscuits
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 26 June 2011 - 09:55 PM

grinler's unhide is brilliant. Below is the log from Malwarbytes that I ran yesterday. I haven't the dimmest idea what of this means.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:19:27 PM, on 6/25/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

EDIT:removed HJT log

Edited by boopme, 26 June 2011 - 10:02 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:33 PM

Posted 26 June 2011 - 10:02 PM

hello, Broni asked for a MalwareBytes and Security Check log,that is an HJT log. They are for a different forum so I removed it.

Edited by boopme, 26 June 2011 - 10:03 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:33 PM

Posted 26 June 2011 - 10:31 PM

Thanks boopme :)

grinler's unhide is brilliant

I assume, it worked?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 BansheeBiscuits

BansheeBiscuits
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 26 June 2011 - 11:09 PM

unide worked. Now I am sweating bullets over the Vostro and wondering how to get Malwarbytes from the flash drive to the infected computer

The stuff on this site is brilliant.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:33 PM

Posted 26 June 2011 - 11:47 PM

how to get Malwarbytes from the flash drive to the infected computer

Copy installation file from the flash drive to sick computer?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 BansheeBiscuits

BansheeBiscuits
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 27 June 2011 - 12:41 AM

I downloaded it again to the thumbdrive, then copied it to the desktop of the infected computer adn opened it from there. still running (39 minutes later).

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:33 PM

Posted 27 June 2011 - 10:15 AM

OK...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users