-
February 20th, 2008, 06:16 PM
#1
Junior Member
h.com,i.com,ofddh.exe,ntdlr,autorun.inf
Hello,
I did a lot of looking around and the I decided to do ask the question
My computer has two operating systems,one XP and one mandriva.
Now my XP has avast antivirus,which was working fine.
Recently I started reciveing error messages n my avast antivirus that my PC has been infected with a worm called autorun.inf.
I tried deleting it ,removing it moving it...nothing would just work.
The same message kept coming over and over again.
I did a boot scan from avast ..but nothing really helped.After the second boot,the same message began appearing again and again.
Now i booted in to Mandriva and read my ntfs partion ,There I found three .com files lying in he c:\ of my computer
namely
h.com,i.com,ofddh.exe,ntdlr,autorun.inf
I again rebooted into windows and did a whole scan ,nothing was caught.
I am quite sure that h.com and i.com are not windows files.
my antivirus is upto date
I tried googling them but that too would not help much.
Any help from you guys will be highly appreciated
-
February 20th, 2008, 06:46 PM
#2
autorun.inf is a text file found on cd rom disks telling the operating
system what to do when it autoruns the disk. Open it in a text editor
and see what it says. I'd be suspicious of the file named ofddh.exe.
Malware often has files with random nonsense names.
I came in to the world with nothing. I still have most of it.
-
February 20th, 2008, 06:50 PM
#3
Junior Member
I cannot see these files from windows...and linux opens ntfs as read only
-
February 20th, 2008, 10:28 PM
#4
The following link will give you instructions on how to mount the NTFS file system with full rights, you can then try and delete the files from there.
http://www.linux-faqs.com/faq/misc/ntfs.php#4.9
Cheers:
-
February 20th, 2008, 11:20 PM
#5
Can't see the files in Windows?
HAve you set your folder options to view hidden files..also the other for Protected operating system files.. open Win Explorer goto: Tools-folder options
One of the tricks of malware is to set the file as Hidden - System..
Also I would not just go about deleting files.. Start by at least just renaming them..
I would be looking at a tool like one of the "Rootkit" detection kits like Rootkit revealer.
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
February 21st, 2008, 05:02 AM
#6
have you tried removing the files, or even trying to view them in safe mode?
I would make a back-up, then run the files in a dos command prompt, (if you can find them with XP) after all that is the extension .com... I highly doubt it to be a virus, I can't seem to find anything on the com files.
-
February 21st, 2008, 07:21 AM
#7
Junior Member
HAve you set your folder options to view hidden files..also the other for Protected operating system files.. open Win Explorer goto: Tools-folder options
One of the tricks of malware is to set the file as Hidden - System.
Tried that...i still cannot see the files
have you tried removing the files, or even trying to view them in safe mode?
I would make a back-up, then run the files in a dos command prompt, (if you can find them with XP) after all that is the extension .com... I highly doubt it to be a virus, I can't seem to find anything on the com files.
Yes....i have backed up my data but then i do not want to go through the pain of installing XP again and loosing all my drivers.....
This is the only thing left to do ...i will try that today....
But my question why is my antivirus so helpless,,,it just cannnot delete the virus or detect them in some case (h.exe,i.exe)
-
February 21st, 2008, 07:42 AM
#8
Shenanigans.
I can't even begin to wrap my head around all of the contradictions and absence of experience.
autorun.inf as a virus? h.com and i.com (whatever those are) magically turn into h.exe and i.exe.
Dude doesn't want to LOOSE his drivers, of course.
Either incompetent or stupid.
Shenanigans.
O
"entia non sunt multiplicanda praeter necessitatem"
"entities should not be multiplied beyond necessity."
-Occam's Razor
-
February 21st, 2008, 08:21 AM
#9
Junior Member
autorun.inf as a virus? h.com and i.com (whatever those are) magically turn into h.exe and i.exe.
Dude doesn't want to LOOSE his drivers, of course.
Either incompetent or stupid.
Shenanigans.
ya a typo ..my mistake it was supposed to be h.com and i.com
Drivers....let me tell you a bit more about them
My lappies lan card went boom a few months ago,i am using a usb lan card ( i next).I installed the drivers and it is working properly,but unfortunalty i lost the driver cd,what i am afraid is that if i reinstall the OS ,the usb lan card drivers will a trouble to install
and more over reinstalling a OS every time your system gets a virus is not the answer
If you can help please do help ,and if you are here to tell me that i am incompetent or stupid or what ever ,i bet that even your question look stupid to some one
Last edited by alphabetagammadelta91; February 21st, 2008 at 08:23 AM.
Reason: spell check
-
February 21st, 2008, 10:13 AM
#10
then run the files in a dos command prompt
I find that advice the same as playing russian roulette with a bullet in evey chamber..
.. once you find those files try a hex editor on them to get an idea of what they are.. if you do execute them.. ONLY ON A Crash Test Dummy PC.. not your production PC.. especially when done from Command Prompt..
I would.. settle down here.. Try one of the Live OS CD's be it a bart PE or UBCD .. even many *nix distros allow correct mounting of NTFS partitions for editing... ubuntu 7.1 has for me..
My preferance has been the Bart PE and UBCD methods for Virus scans and any registry work.. but that is more familurarity
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|