TechSpot

setup.exe and autorun.inf in My Shared Documents folder

By OkComp
Apr 7, 2007
Topic Status:
Not open for further replies.
  1. Hi,

    I have these files setup.exe and autorun.inf in My Shared Documents folder. I am pretty sure they are virus. I've delete the files several times but they keep reappearing. I am running AVG Antivirus, AVG Anti Spyware, AdAware & Spybot in my computer. I am attaching my hijackthis log file. I would appreciate your help
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    I have moved your tread to the correct forum.

    You`re running an outdated version of HijackThis.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of OkComp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. OkComp

    OkComp TS Rookie Topic Starter

    Hi Howard,

    I appreciate your quick response and your help. I followed all the steps suggested in your link. I am attaching all the logs for AVG Anti Spyware, HijackThis and ComboFix. I also conducted a scan with AVG Anti-Rootkit Beta and no hidden objects were found.

    Thanx again
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is clean.

    Do you still have the setup.exe and autorun.inf problem?

    Regards Howard :)

    This thread is for the use of OkComp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. OkComp

    OkComp TS Rookie Topic Starter

    Hi Howard,

    Right now I only have autorun.inf. Should I just delete it?
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Yes, delete it and let me know if you have further problems.

    Regards Howard :)

    This thread is for the use of OkComp only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. OkComp

    OkComp TS Rookie Topic Starter

    Hi,

    I am still having the same problem with those files. I did all over again. AVG Antivirus found that the setup.exe file is infected as a Trojan Horse Proxy.26.AX . Anyway I am attaching all of my logs. I deleted the files as you suggested.
  8. momok

    momok TS Rookie Posts: 2,272

    Hi,

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

    IFinst26.exe
    Viewpoint <- anything related to this


    Navigate in Windows Explorer and delete the following files and folders in bold.

    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\IFinst26.exe
    C:\WINDOWS\system32\MTXSYNCICON.dll
    C:\WINDOWS\system32\muzapp.dll
    C:\WINDOWS\system32\MACXMLProto.dll
    C:\WINDOWS\system32\MTTELECHIP.dll
    C:\WINDOWS\system32\MASetupWizard.dll
    C:\WINDOWS\system32\MSCLib.dll
    C:\WINDOWS\system32\muzapp.exe
    C:\WINDOWS\system32\MSFLib.dll
    C:\WINDOWS\system32\muzaf1.dll
    C:\WINDOWS\system32\tg_dump.dll
    C:\DOCUME~1\PHC\APPLIC~1\Viewpoint
    C:\Program Files\Viewpoint
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    C:\WINDOWS\system32\uxtuneup.dll

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post a fresh ComboFix and AVG Antispyware log from normal mode as an attachment into this thread.


    Regards,
    Your friendly Momok =)

    This thread is for the use of OkComp only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. OkComp

    OkComp TS Rookie Topic Starter

    Hi,

    thanx for helping me. i followed your instructions and deleted the previously mentioned files. here are the new logs.
  10. momok

    momok TS Rookie Posts: 2,272

    Hi,

    Your logs look clean now.

    Turn off system restore (XP/ME only). Learn how to do that HERE.

    This will remove all the remaining nasties from your old restore points.
    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly Momok =)

    This thread is for the use of OkComp only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.