Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer changing folders to short cuts


  • This topic is locked This topic is locked
3 replies to this topic

#1 nicht

nicht

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 09 October 2011 - 10:49 PM

Hello,



I am running windows 7 professional with the free version of AVG fully updated and ive had this virus for about a week and what happens is it changes all my folders on any usb plugged into my computer to shortcuts.

Originally, I accidently opened a bad mail attatchment from kingdom of loathing and my compuyter kept comming up with critical system errors, basically a scareware and it changed all my folders on my computer to shortcuts, i couldnt access regedit or any applications and when I clicked on a shortcut folder a dos prompt would come up and dissapear. So I formatted my computer and all my external HDD's and it fixed my computer anyway.

Now, every time i plug in a usb stick or external hard drive it changes the folders. I did some research and managed to get the folders back and found a suspicious folder on every usb stick called RECYCLER inside it is an .exe called 686c1039.exe and a desktop.inf I have tried, AVG anti virus, Malwarebytes, spyware search and destroy and none could detect it. I also used autorun.inf eater which found a bad autorun.inf on all the external drives, which It deleted. However, when it deleted it and i took out the HDD then plugged it back in the RECYCLER folder and the autorun.inf come back. I should also not a file which I beleive is an .exe (with a recycle bin icon) appears occasionally.

I took one of my usbs to uni to do some work and when my freind plugged in their external HDD with my infected USB the virus went onto his external HDD. So what we did was take the now infected HDD put it on a new computer, took all his files off of it then unplugged the newly infected drive and put in a new drive and put all the files on that. Which worked. he has used it for a day with no issue

I read a tutorial to find some bad registry entries which may be the problem but could never find exactally what they asked for on another forum. From memory it was in the HKEY software folder in windows then explorer and they had me look for a hide or super hide entry which wassnt there.

For the last day I ended up formatting all my usbs and externals and my computer again. Which I thought worked because the RECYCLER folder or the autorun.inf never came back no matter how many times I unplugged the drive and plugged it back in. Great I thought, then I decided to try another laptop with vista and outdated mcaffe antivirus. Soon as I plugged in the external its back. However, when I plugged it back in my computer and deleted the autorun.inf and RECYCLER folder and repaired the folders, formatted the external HDD then took it out and plugged it back in its fine on my computer. One way I know this is when I suspected I had the virus it wouldnt let me eject the HDD, saying it was used by another process. That has stopped now



If anyone can help that would be wonderful as im trying to fix my freinds external HDD.


I should also add after formatting all the drives and my computer again the autorun.inf never comes back nor the RECYCLER.exe it just changes the folders to shortcuts and makes the real folders hidden system folders.

I hope I have put enough information here and Im happy to provide more if need be.

Edited by nicht, 09 October 2011 - 11:44 PM.


BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:25 PM

Posted 10 October 2011 - 12:45 AM

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread HERE and include a link to this thread.

Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 nicht

nicht
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 10 October 2011 - 01:14 AM

All done

here is a url="http://www.bleepingcomputer.com/forums/topic422743.html"]link[/url]

thankyou so much

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:25 PM

Posted 10 October 2011 - 01:36 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic422743.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users