Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Certain File(name)s Hidden


  • Please log in to reply
6 replies to this topic

#1 timw_de

timw_de

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 05 June 2006 - 07:13 AM

Hi

I've searched the forums and used google but can't find anything like my problem
I'm running Windows XP and
recently got infected with Spyware Quake and spent a long time cleaning my system
Whilst doing this I downloaded hijackthis with the intention of using it
I downloaded it at least 3 times before I realised something fishy was happening,
because I couldn't see the file that I had just downloaded
so I logged on to my PC from a networked PC and there it was large as life !
Using my networked PC, I changed the name from hijackthis.exe to hijackthi5.exe
and this made it available for use on my (previously infected PC)
Well this "problem" is still with me, in short any file with the name hijackthis
(hijackthis.txt, hijackthis.tmp etc) is only visible over the network, I can use hijackthis
in its renamed form and I obviously have to save the log files accordingly.
Can anyone help me resolve this ?

I just noticed that the same thing applies to a file called procexp.exe, more filenames
might be affected, I have no way of knowing
(I have to rename this to pr0cexp.exe in order to use it)

any help gratefully accepted

tia

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:03 PM

Posted 05 June 2006 - 08:01 AM

If you can create a hijackthis log file by changing its name thats OK. In fact with some malware infections we recommend doing this.

Please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log.

When you have done that, post your log in the HijackThis Logs and Analysis Forum, not here, for assistance by the HJT Team Experts.

By this I mean, open the text/log file (whatever name you used) and use Ctrl-A to "Select All", Ctrl-C to copy it, and Ctrl-V to paste the log into your post in the HijackThis forum.

Start a new topic, and post the log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information.

It may take a while to get a response because the HJT Team members are very busy. Please be patient as they are volunteers who will help you out as soon as possible. Once you have made your post, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have no replies as this makes it easier for them to identify those who have not been helped. If you post another response, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:10:03 PM

Posted 05 June 2006 - 08:30 PM

Also, once your HJT log has been posted DO NOT alter your computer (install things, delete things, etc.) until a HJT Team member or designated official advices you to do so.
Stanford '14
B.S. Candidate | Computer Science

#4 timw_de

timw_de
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 06 June 2006 - 06:20 AM

thanks for the replies,

It turned out I had the HackDefender on my system
I used the Blacklight rootkit eliminator and followed the instructions here :

http://www.bleepingcomputer.com/tutorials/use-blacklight-to-remove-rootkits/

I can now see hijackthis, procexp and spybot (which was also affected)
I've ran numerous spy/mal/antivirus proggies as advised on this site
and things look OK

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:03 PM

Posted 06 June 2006 - 06:30 AM

If things are ok and you don't need to post a HJT log then you need to SET A NEW RESTORE POINT to prevent reinfection from an old restore point. Any malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to set a new RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 timw_de

timw_de
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 06 June 2006 - 06:42 AM

ok will do, thanks

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:03 PM

Posted 06 June 2006 - 06:43 AM

Your quite welcome. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users