TechSpot

HJT plz ( hidden files virus )

By kiriazy
Mar 10, 2008
  1. hey all,

    i am infected with a malware which i can't view the hidden files & also it force the subfloders of the partitions to open in new window while it is set to open @ the same window so i followed the instruction of the thread (viruses & malware removal) the (open in the same window) is fixed but i still cannot view my hidden files so am i still infected or what is my prob. coz i am not an expert ???

    here r the logs i got hope to have help soon

    Best Regards,
    Kiriazy
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Did you also scan D drive?
    Seems to have a lot of strange things starting.

    Regarding Hidden files
    1. Click Start -> Run
    2. Type regedit and click Ok.
    3. Find the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
    4. Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t, delete the key.
    5. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1.
    6. The “Show hidden files & folders” check box should now work normally
    7. Also change in NOHIDDEN change value to 1
    8. In SHOWALL change value to 0
    9. Re-check the folder options
    10. now change the values to the same
    NOHIDDEN to 2
    SHOWALL to 1

    Strange, but works.
     
  3. kiriazy

    kiriazy TS Rookie Topic Starter

    thnx so much it works

    but tell me plz how can i get sure that im clean not infected ???
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Please scan your D drive fully.
    You HJT log refers to Startups from there.
    You can also run this small TOOL, to disable any not required Startups.

    Someone else may also check your HJT file
    But I would prefer that D Drive is clean, and a new HJT file created after that.
     
  5. kritius

    kritius TS Guru Posts: 2,084

    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

    Have HJT fix this file and then do as Kimsland suggests, other than that the log is clean.
     
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I would also Go to Control Panel->Add/Remove Programs and uninstall:
    - Download Accelerator Plus (DAP)

    Then launch Hijackthis -> Do a System Scan Only and put checks next to the following:

    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm


    Then select Fix checked

    Use Windows Explorer to navigate to and delete the following:

    [*]Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E

    Folders:
    C:\Program Files\DAP <-This folder only


    This one looks legit with a simple google of the program, so here is why I suggest it
    http://www.bleepingcomputer.com/uninstall/281/Download-Accelerator-Plus-DAP.html
     
  7. kritius

    kritius TS Guru Posts: 2,084

    Good catch, never really thought about DAP.
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Damn me either!
     
  9. kritius

    kritius TS Guru Posts: 2,084

    We must be slipping Kimsland!:confused:
     
  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    You guys are doing a great job. I usually look through everything in this section and it is rare that anything is off.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...