setup and autorun in my shared folders
- Thread starter radaan
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
Click on the fix checked button.
Close HJT.
Other than the above, your HJT log is clean.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard :wave: :wave:
This thread is for the use of radaan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
Click on the fix checked button.
Close HJT.
Other than the above, your HJT log is clean.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard :wave: :wave:
This thread is for the use of radaan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
N3051M
Posts: 2,094 +3
Ah.. i ran into this problem..
I believe that the setup file is about a few kb's? if you open the autorun.inf files with notepad it has a command that points to the setup.exe file
It hides itself as a Generic Host Process for Win32 Services when you double click on that file and it also copy itself to your other HDDs/partitions so do check for them. My firewall picked them up as "launched by program **exd**" (can't recall what it was exactly, but the first two are numbers).
Download Process Explorer, end the tasks on the bottom of the list, usualy a fake svchost.exe (not under the winlogon tree, which is genuine, but listed as a seperate app) or boot into safe mode. Also note that this file tries to load on startup as well, so unless you've let your firewall let it through than you cant disable it (as in finding the app launching it) from starting up.
Go and locate all those setup/autorun files on your HDDs and partitions (sometimes also found in the root folder eg C:\ ) and delete them all, and see if they reapear after a while.
Scan with Trendmicro Housecall and follow instructions as linked in Peddant's post. I believe there is a file you have to manualy delete depending on what trendmicro picks up but i forgot what or where.. so maybe howard can help you..
I believe that the setup file is about a few kb's? if you open the autorun.inf files with notepad it has a command that points to the setup.exe file
It hides itself as a Generic Host Process for Win32 Services when you double click on that file and it also copy itself to your other HDDs/partitions so do check for them. My firewall picked them up as "launched by program **exd**" (can't recall what it was exactly, but the first two are numbers).
Download Process Explorer, end the tasks on the bottom of the list, usualy a fake svchost.exe (not under the winlogon tree, which is genuine, but listed as a seperate app) or boot into safe mode. Also note that this file tries to load on startup as well, so unless you've let your firewall let it through than you cant disable it (as in finding the app launching it) from starting up.
Go and locate all those setup/autorun files on your HDDs and partitions (sometimes also found in the root folder eg C:\ ) and delete them all, and see if they reapear after a while.
Scan with Trendmicro Housecall and follow instructions as linked in Peddant's post. I believe there is a file you have to manualy delete depending on what trendmicro picks up but i forgot what or where.. so maybe howard can help you..
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
setup.exe
Close task manager.
Run a full system scan with your antivirus programme and delete whatever it finds.
Try and manually delete the setup.exe and autorun.inf files(if there).
Reboot into normal mode and turn system restore back on and rehide your protected OS files.
Please let us know the results.
Regards Howard
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
setup.exe
Close task manager.
Run a full system scan with your antivirus programme and delete whatever it finds.
Try and manually delete the setup.exe and autorun.inf files(if there).
Reboot into normal mode and turn system restore back on and rehide your protected OS files.
Please let us know the results.
Regards Howard
howard_hopkinso
Posts: 21,238 +17
The next time your antivirus programme finds it, please post your antivirus log as an attachment.
We need to find out where it`s respawning from.
In the meantime, download the Ccleaner programme from HERE. Run the programme several times. also run the issues scan and fix whatever it finds. Do this until it no longer finds anything.
Regards Howard
We need to find out where it`s respawning from.
In the meantime, download the Ccleaner programme from HERE. Run the programme several times. also run the issues scan and fix whatever it finds. Do this until it no longer finds anything.
Regards Howard
- Status
