Info Regarding Folder Virus
Results 1 to 8 of 8

Thread: Info Regarding Folder Virus

  1. #1
    Junior Member
    Join Date
    Jul 2006
    Posts
    4

    Exclamation Info Regarding Folder Virus

    HI FRIENDS i saw one type of virus in my college systems where its hava a icon of folder its sort of win32 virus where it will replecate it self to all folders in our xp sytems its not harming any files but still its eating memory even its not allowing u to install any anti virus s/w's any one have any infor maition regarding this .......its spreads repidly
    [gloworange]<virus>[/gloworange]
    yours

  2. #2
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    I have been a victim of this thing....usually 44 KB in size, it will infect each and every folder which you will open....what this virus actually does that during the course of time it will start restarting your machine ( on windows 2000...on windows XP it is unable to do so .... mine is Sp-2). It is almost impossible remove this virus without an antivirus ...as it actually intefers with explorer.exe working to achieve its goal...I recommend you use KERIO personal firewall .... it will warn of any activity which is not a system service and trioes to execute itself on its own. The protection is really good by KERIO. Again, change the look to detailed view...it will allow you to recognise that virus from folders...and then delete them...it will usually have the same name as that of the parent folder which it lies in....

    This should solve your problem...however wait for the seniors to reply.
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  3. #3
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    How can seniors reply with such less information. All I can say is go to Housecall and get an online scan done then tell us what did it find.

    Second, is your machine fully patched up ? IF, you use an anti-virus is it updated ?

    I think main advise here is to get an online scan done at Housecall (http://housecall.trendmicro.com)
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  4. #4
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    well ByTe....i know that it is really small amount of info...but I replied since I have been a victim of it...so I think I am the one who knows what that guy must be suffering from...yes...SATISh must have provided more info...but then not everyone knows how to talke them and Hijack this is not as popular as winamp or WMP to be used in every home....

    By the way ByTe....when I was infected....( the first time i encountered it in a cyber cafe) .... it was running McAfee...and that too fully updated...and this virus remained there for more than 2 weeks...after which the cfae owner formatted all machines at once...!!! SO I thinkk this is a rare thing and most of the AV companies have not been looking or are awre of this annoying peice of program ( I wont call it harmful...it doent play with any files).

    Anyway I think you are right...he must get more info from Av companies sites and update his definitions.
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    By the way ByTe....when I was infected....( the first time i encountered it in a cyber cafe) .... it was running McAfee...and that too fully updated...and this virus remained there for more than 2 weeks...after which the cfae owner formatted all machines at once...!!! SO I thinkk this is a rare thing and most of the AV companies have not been looking or are awre of this annoying peice of program ( I wont call it harmful...it doent play with any files).
    Not always true. I have noticed the following trend:

    1. Major AV developers will create definitions specific for areas. If you get a definition that is targetted towards a North American crowd, then the viruses it targets will be those that work through those computers. Not helpful for viruses that say target a Japanese network of computers.

    2. Viruses can hide from existing and running AV. It is ideal to boot into safe-mode to do a thorough clean to remove any viruses. It extreme cases it may be necessary to power off all computers on a network and clean them one-by-one (e.g., Blaster, NIMDA, etc.)

    3. Sometimes a virus is a variation of previous one and even the latest updates won't have it because it was never submitted to ALL AV vendors. Some vendors are not notified of viruses and thus will not have specific ones, no matter how up-to-date an AV is. This is why I usually suggest that people have something like a McAfee plus go to a site like http://housecall.trendmicro.com to do scans (again, safe-mode with networking would be ideal).

    4. Lastly, some spyware include trojans and re-occur because AV pick up viruses and don't look for a lot of the spyware activity that comes through.

    I've used the info below as one way to thoroughly clean out a computer (and so far, it's been pretty decent):

    You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

    Sounds like you've been infected heavily. One of the first things to run is HiJackThis. Download the file, unzip it and then do a Scan and Log. Post it in AO's Spyware forum for help interpreting it.

    Preparation

    1) Download the trial version of Ewido Anti-Malware from here and save it to your Desktop.
    When the download has finished, locate ewido-setup.exe and double click it to begin installation.

    ** If you already have Ewido installed, update it and go to 2) **

    In the 'Additional Options' window, uncheck: 'Install required for automatic updates (background guard)'.

    When installation is complete, you will need to update Ewido to the latest definition files.
    To do this:

    1. Double click the Ewido Desktop icon.

    2. In the main screen, on the left hand side, click Update.

    3. In the following screen, click Start Update

    A progress bar will show how the update is going. When it has finished updating, close it.

    If you have problems with the updater, you can manually update Ewido. Click here, and save ewido-signatures-full-current.exe to your Desktop. All you need to do then is to double-click it, click Install and then, when it has finished, Close.

    Ewido Anti-Malware is designed to be used to both scan for and remove malicious files and also to run alongside, but not replace, your existing anti-virus program to give an added layer of protection.

    However, as the real-time protection may interfere with the fixing of your PC, this function will have been disabled as long as you followed the installation instructions correctly. At the end of the trial period, Ewido will revert to a stand-alone scanner which you can keep and update for free and use in a similar way to Ad-Aware SE Personal. (I've found recently that Ewido is better than Ad-Aware SE).

    Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now online button.

    Then download SmitFraudFix and unzip it in the C: drive.

    2) You will need to know how to boot into Safe Mode.

    You do this by:

    1. Restarting your computer.

    2. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.

    3. Select the option for Safe Mode using the arrow keys.

    4. Then press enter on your keyboard to boot into Safe Mode.

    5. Do whatever tasks you require and when you are done reboot to boot back into normal mode.


    3) Log off from the internet and disconnect your modem cable for the duration of the fix.

    Removal

    1) Boot into Safe Mode.

    2) Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Press "2" and then <ENTER> to start the cleaning process.

    * Wait for the tool to complete and disk cleanup to finish.
    * You will be prompted "Registry cleaning - Do you want to clean the registry ? Press "Y" and then <ENTER>.
    * The tool will also check if wininet.dll is infected. You may be prompted to "Replace infected file ?" - press "Y" and then <ENTER>.

    Your PC now needs to be rebooted. If this does not happen automatically, you will need to do so manually. Either way, your PC will need to be booted back INTO SAFE MODE. (go back to the Safe Mode instructions above)

    3) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.

    4) Navigate to C:\Documents and Settings\<Username>\Local Settings\Temp and delete all the files that you find there. Do this for all Usernames on your system (replace username with the actual name of the users that log into the Windows system)

    5) Go to Start > Control Panel > Internet Options and under Temporary Internet files, click on Delete Files...

    Check the box to the left of 'Delete all offline content' and then click on OK.

    6) Go to Start > Control Panel > Display.

    Select the Desktop Tab, click on Customise Desktop... and then select the Web Tab.
    Under Web pages: you should see a checked entry called Security info - or similar. Highlight this entry and then click the Delete button. Finally click OK > Apply > OK.

    7) Empty the Recycle Bin.

    8) Ensure that ALL open Windows / Programs / Folders are closed and then run Ewido.

    * Click on Scanner and then Settings.
    * Ensure that all the boxes are checked and that under What to scan?, "Scan every file" is selected and then click OK.
    * Click on Complete System Scan and the scan will begin.
    * While the scan is in progress you will be prompted to clean files, click OK.
    * When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says "Perform action with all infections" and also in the box next to "Create encrypted backup" then choose clean and click OK.
    * Once the scan has completed, there will be a button located on the bottom of the screen called Save report - click it.
    * Save the report.txt file to your desktop.
    * This may take some time to run so let it run and do something else

    You can now close Ewido Anti-Malware.

    Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !!

    9) Reboot/Restart into Normal Mode.

    10) Open the SmitfraudFix folder and double-click smitfraudfix.cmd

    Press "3" and then <ENTER> to delete the "Trusted Zone".

    When prompted "Restore Trusted Zone ?", press "Y" and then <ENTER>.

    * Please Note: If you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection *

    This will likely fix it.

    One last note/edit: if at all possible, avoid using Internet Explorer. Try a browser like Firefox as IE is the gateway for 75% of all spyware infections (the remaining portion comes from "phished" emails -- where people pretend to be others and get you to download unsafe software)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    As always excellent input Msmittens.

    and

    As always
    You must spread your AntiPoints around before giving it to MsMittens again.
    I just want to add one more case of one AV company falling behind the other. I remember one member here submitting the worlds smallest trojan that he had created... It was sometime in January..

    Well I do an online scan every weekend.. I had a copy of that trojan on my PC.. After a week or so I found trendmicro catching trojans on my PC (but nothing turned up with Symantec, A2, Spy-bot and Ewido) and all of these were updated... Then I started submitting samples to every AV company... It took a week for a2 and Ewido to come up with the signature... But for symantec it took 3 months and a dozen e-mails..

    I think the days of Worms are over its time for the stealth... D0h !!
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  7. #7
    Junior Member
    Join Date
    Jul 2006
    Posts
    4
    ANY WAY THANKU FRIENDS NOW I FULLY REMOVED THAT VIRUS WITH OUT ANY DAMAGES FOR MY DATA ANY WAY THANK U FRIENDS
    yours

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Originally posted here by SATISHKUMAR
    ANY WAY THANKU FRIENDS NOW I FULLY REMOVED THAT VIRUS WITH OUT ANY DAMAGES FOR MY DATA ANY WAY THANK U FRIENDS
    It does seem that the virus destroyed your CAPS lock. It looks like it's stuck in the "on" position
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides