Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart HDD Malware and desktop.ini


  • This topic is locked This topic is locked
5 replies to this topic

#1 CrooklyN

CrooklyN

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 24 April 2012 - 11:02 AM

I have had Smart HDD on a few systems and the last two were particularly bad. It removes all system shortcuts and links from the system. Places desktop.ini in startup, all programs. I have show hidden files checked and they arent hiddened they just no longer exist. Its like it corrupts the user profile.

The contents of the desktop.ini state "[.ShellClassInfo]
LocalizedResourceName=@shell32.dll,-21786"

On one system creating a new user fixed the issue. And deleting the broken user. Is there anyone that solved this when removing Smart HDD?

So far I ran these tools in this order and everything seems fine except for the missing icons and shortcuts.

Rkill
TDSSkiller
Reset Permissions
Unhide.exe
Malwarebytes

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:57 PM

Posted 29 April 2012 - 07:38 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 CrooklyN

CrooklyN
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 29 April 2012 - 08:09 PM

Thank yoy mole....this isnt emergency situtation any more but it will help with future infections. I support 3100+ computers and yhis is the second infection this week that destroys profiles.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:57 PM

Posted 30 April 2012 - 06:34 PM

Unfortunately this infection does corrupt the profile - as you suspected - and there's nothing to do but to create a new profile to confirm it.

Do you have any questions?
Posted Image
m0le is a proud member of UNITE

#5 CrooklyN

CrooklyN
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 30 April 2012 - 07:40 PM

I figured that would be the outcome......thanks for replying

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:57 PM

Posted 30 April 2012 - 07:43 PM

No problem. PM me if you need to - I'll close the topic :)

Thanks for letting me know

-----------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users