Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

two computer folders showing up!


  • Please log in to reply
11 replies to this topic

#1 rogersBC

rogersBC

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 28 July 2013 - 08:56 AM

Hi, I'm glad to have found this forum, good morning all.

 

I will be as detailed and precise as possible, excuse my lack of knowledge.

 

When I go to desktop, I have two computer folders!  But only one looks like the real one, with that blue computer like icon and contains my C, D, E drives etc.  I will call this REAL.  The other one looks like a normal yellow colored folder except with a little person icon.  It's like a user account icon, the one that usually has your computer name, like in my case, Rogers Computer.  And that makes sense because inside the folder is my downloads docs music videos etc, and as far as I know, exact same thing that can be found in my user account folder, Rogers Computer (computer/C/Users/Rogers Computer).   Except that Rogers Computer folder is a simple folder with a little lock icon at the bottom and no person icon, while this one is called simply "Computer" and has the person icon on it.  I will call this fake computer folder, DUPLICATE.  See pic below when in doubt.

 

When did this start?  Some weeks ago.  I know because when I was trying to do back up to my Western ext HD, my user account folder Rogers Computer would not show up, and instead it was a folder named "Computer" that contained my music and vids.  Stupid me I did not think much of it. 

 

I tried to delete DUPLICATE today, but won't let me even after restart or restore.  When I right click delete, little icon with white page and small black cross at left bottom shows up asking me if I want to delete the "computer icon" from desktop and I say yes but nothign happens.  Nor is there "properties" listed.   It only allows me to open, open in new window, include in library, copy, create shortcut, or delete.  If I try to drag it to, say, my downloads folder, it also won't let me either.  Nor will it allow me to rename it.  

 

I realized something else.  When I try to delete some of my files in my download folder, things go fine but if I restore, the folders are back.  Restore should not do that, it should only affect programs, not the folder. 

 

Also I typed in user account and decided to rename the DUPLICATE (i.e. "Computer") back to Roger's Computer and it allowed me.  NOthing on the desktop changed but once I restarted the computer, the DUPLICATE was now called Roger's Computer.  So it seems that this file really is my user account.  Yet if I restore my computer to couple days ago, again it will be called "Computer."


Sorry for excessive details, I feel that the problem is not that complex but I wanted to make sure.  Thanks so much for all your help appreciate it.



 

2hqtfgj.png


Edited by rogersBC, 29 July 2013 - 01:40 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 MzLindyOne

MzLindyOne

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:41 AM

Posted 28 July 2013 - 11:45 AM

I recently had a similar problem, apparently from installing a lot of Windows updates all at once, and probably out of order.  Did you by chance do something like that right before this started?



#3 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 28 July 2013 - 12:49 PM

How many user accounts are installed on this computer? Because it looks like you have an account that's named "computer". If you haven't add this user self (or the local pc-shop), that's suspicious. 


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#4 rogersBC

rogersBC
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 28 July 2013 - 06:23 PM

Thanks a lot guys for your replies.

 

No, MzLindyOne, I don't recall installing many updates at the same time before that happened.  Dammit I should have noticed this earlier or noticed what I was doing at the time....

 

 

GodfatherKing, it was originally one and under my name, not called "computer."  But when now I put in user accounts and look it up, there is still one and it's an admin one but it is called "computer" instead of my name.  I just changed it to my name but still no changes made to desktop computer icon.


Edited by rogersBC, 28 July 2013 - 06:24 PM.


#5 rogersBC

rogersBC
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 28 July 2013 - 10:51 PM

edit: edited my original post to reflect further info


Edited by rogersBC, 29 July 2013 - 01:40 AM.


#6 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 29 July 2013 - 02:17 AM

We are going to search for malware, give this a try:

 

:step1: Install and run MBAM

:step2:  Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================

:step3:  ESET Online Scanner

==================

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#7 rogersBC

rogersBC
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 29 July 2013 - 11:37 PM

Thank you very much GodfatherKing (lol, I feel like I've joined the mafia), I tried the Kaspersky one, nothing found.  I tried MBAM and for some reason the log thing froze so I took a picture of my screen. 

 

efi6fs.png

 

What's strange is that when I did this the first time, then I deleted the three malwares, then one thing thatchanged was now the computer file on my desktop suddenly had my original name again, Rogers Computer, but still I coudl not delete it.  Anyhow, I decided to restore the computer just to see what happens, and again, ran MBAM, and what do you know, the same three malewares showed up.  So it was the second time that I decided to copy log and that's when computer frozen a bit.  But anyhow, hope this is of some help.  I will do the third part in the new few days when I have several hours free.  Thanks again for all your help.


Edited by rogersBC, 29 July 2013 - 11:38 PM.


#8 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 30 July 2013 - 03:12 AM

If you can't remove the infection or it freezes, try to start the computer up in Safe mode and run the scan from there.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#9 rogersBC

rogersBC
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 30 July 2013 - 06:29 AM

From ESET:

Some of these are games I downloaded a while back, and I think they were after this issue had already come up though I'm not 100% sure.

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe
a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Java\jre6\bin\ProcessSwi.au3
Win32/CoinMiner.BX trojan

C:\Users\Roger\Downloads\CHess.part1.rar
a variant of MSIL/HackTool.IdleKMS.A application

C:\Users\Roger\Downloads\PDFCreator-1_7_0_setup.exe
Win32/OpenCandy application

C:\Users\Roger\Downloads\Pinball.Multilingual.Incl.Keymaker-CORE\keygen.exe
a variant of Win32/Keygen.DO application

C:\Users\Roger\Downloads\battleship-simp instal w keygen-boring avg graph\battleship crack\KeyGen.exe
a variant of Win32/Keygen.BG application

C:\Users\Roger\Downloads\battleship 2\battleship2_PreActivated.exe
a variant of Win32/Packed.VMProtect.ABA trojan

Edited by rogersBC, 30 July 2013 - 06:33 AM.


#10 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 30 July 2013 - 07:49 AM

Remove the infections found by Eset and clean then the recycle bin.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#11 rogersBC

rogersBC
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 30 July 2013 - 06:17 PM

I could do it for the games but I worry about other ones, like damaging my system by removing Dell DataSafe Local Backup one. Is there a way to make sure I'm doing the right thing?

#12 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 31 July 2013 - 02:32 AM

The files from Dell, are just getting detected by the way they work (in this case a false-positive). Don't remove them. 


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users