Anyone knows about this stuff? I can't open my drives and this message keeps on popping every time i try to. Is this a virus?

here is my avg antispyware log and hijackthis log. please take a look. thanks

Hello and welcome to Techspot.


You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Delete all files in AVG Antispyware quarantine.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\svchost.exe<Do not delete any other svchost.exe files.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard :wave: :wave:

This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

new HJT log

Thanks. I followed the instructions but I didn't find the C:\WINDOWS\svchost.exe. Also, I still can't open my C and D drives. I have to find files through the "Search" feature.

How can I open my C and D drives again?

Your HJT log is now clean.

Please can you give me the exact message you receive, when you try and open a cd drive?

By open, I take it you mean when you press the open tray button?

Regards Howard

This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

search for a program called analyze.exe and delete it.

Please stop giving incorrect advice. Analyze.exe is HijackThis.exe that`s been renamed and is not nasty. The reason for renaming HijackThis.exe is due to some malware being able to hide from the HijackThis.exe file name.

Regards Howard

This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

the analyze.exe is the HJT file i renamed...i can't delete it

the message

here's what the message looks like... please see attached file...
i ran the kaspersky online scanner and it found something but they cant fix it...
i also ran trendmicro but it stuck when it found the host.exe, i have to close it...

Ok, try this.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

copy.exe
host.exe

Close task manager.

Search your system for the above two files and delete them if found.

Reboot into normal mode and rehide your protected OS files.

Let me know the outcome please.

Regards Howard

This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

I already have done that. there are no more copy.exe and host.exe in my files or in the processes list.
My AVG antispyware have found tracking cookies and a trojan.copier. DOes it have something to do with it?

Thanks for the help.

i found this on the net. hope this info helps about finding the solution...
http://www.auditmypc.com/process/copy.asp

I was looking into the regedit and foudn this HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

i am not familiar with the name Mountpoints2... so i tried to delete it...
after a while, i can open again my C and D drives

HEhhe
I am relieved. BUt I am not yet sure if I have done the right thing. Please have a check.

Thanks.

I`m glad your appear to have solved your problem. However, I`m not convinced you system is clean yet. Please do the following.

Download and run the Blacklight programme. follow all the instructions carefully.

Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log and the Blacklight results. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Regards Howard

This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Thanks a lot!
I remember where i got that virus. I was using my USB flash drive and it acted that way ever since.

I suggest you reformat your flash drive to get rid of any nasty files on there.

Run the programmes above and post the results.

Regards Hioward

This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

I run the blacklight program and it says that there are no hidden files found. I tried running the comobofix but it tells me not to rename the file even if i haven't done anything like that.

Try running combofix from safe mode.

Regards Howard

This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

combofix log

Here is the log from combofix...
Regards too...

That looks fine mate.

See how things go for a day or two and post back if you have any further problems.

Regards Howard

This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Thanks!
I have been running AVG ANti-spyware over and over again and it keeps on detecting the tracking cookies, and i kept on performing the suggested action- which is to delete. DO you think this has something to do with the copy.exe virus?

By the way, i just reformatted my disk this morning. Been infected by brave sentry before, I was able to bring it back to normal, thanks for your help. BUt i still reformatted it because of some trojans left.

Use the CCleaner programme in this thread HERE, that should get rid of all your cookies. I don`t think tracking cookies have anything to do with the virus you had. You`re probably getting them from some website you visit.

You should also install the Spyware Blaster programme, update it and enable all protection. This will prevent a lot of cookies etc from getting on your system is the first place. Spyware Blaster.

Regards Howard

This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Thanks a lot for the help!