Setup.exe + autorun.inf on shared folder

[DNUNES]

Hello! I try to found a solution for my problem, and I see some threads whith a similar question, but I still looking for a solution. Recently I connect two computers on network. One (Desktop) is directly connected to internet, and share the connection to the second (Notebook). The first is also sharing the printer. And each one share de default shared folder (both have windows XP Home). The Desktop have installed BitDefender Professional Plus, the Notebook have Norton Internet Security. I discover this files (setup.exe + autorun.inf) on shared folder of the desktop, when Norton (on Notebook) found and deleted setup.exe. But, a few minutes before the files are back to the same folder. I make a search on the Notebook, and didn't found any setup or autorun. One more thing: I don't have total certainty, but I recently installed the new Windows Live Messenger, and this newer version have the possibility to creat personalized shared folders to each contact. Can this two files be related with Live Messenger? One more thing, neither BitDefender or Spy Sweeper found the two files suspicious. I'm a little disapointed with BitDefender, and I'm thinking to install Kaspersky, what do you think about that? I attach the HijackThis log file. Thanks for any help that you can give me. And I'm sorry for my bad English, ok?

 

[howard_hopkinso]

Hello and welcome to Techspot.

If you suspect windows live messenger, uninstall it and see if the problem dissappears.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - E:\Browser\NETSNI~1\NetSnip.dll

O8 - Extra context menu item: Add to Net Snippets - E:\Browser\NETSNI~1\Res\Clipper.htm

O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - E:\Browser\NETSNI~1\NetSnip.dll

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

E:\Browser\NETSNI~1

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Disconnect both machines from the network and post fresh HJT logs, one from each machine.


Regards Howard :wave: :wave:

This thread is for the use of DNUNES only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[DNUNES]

Sorry, but the following lines, are about trusted software that i use for a long time, and i only detect this problem one week ago. If you didn't see nothing more suspicious i'm going try to find other solution. If i found an answer or fix it i come here to tell about, ok? In any way, thanks for your help.

 

[DNUNES]

Kaspersky

Hello, i installed Kaspersky Internet security. It detects (deleted: Trojan program Trojan-Proxy.Win32.Horst.lf File: C:\Documents and Settings\All Users\Documentos\setup.exe/UPX) and delete setup.exe, but after a while the trojan came back to the same folder. The kaspersky trojan identification gives you any idea about what the problem is, and how to fix it? One more time thanks.

P.S. in the kaspersky trojan location, the word "Documentos" is because my XP installation is a Portuguese version

 

[howard_hopkinso]

Make sure you have the latest updates for Kaspersky.

Do this for all computers.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run a full system scan with Kaspersky and delete whatever it finds, including anything in quarantine.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

See if that helps.

Regards Howard

This thread is for the use of DNUNES only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[DNUNES]

BitDefender 0-1 Kaspersky

I think the trojan is definitiveley deleted from my computer.
Conclusion: BitDefender 0-1 Kaspersky
The Kaspersky scan in safe mode take me about 20 hours!!!!! I have too much files on my computer. Kaspersky detected more 2 or 3 threats. Thanks you a lot, for your help.


P.S. I heard that Microsoft is bloking up the anti-vírus companys access to the new Vista operating System code, because Microsft is now on the bussiness of protection software. When we think that nothing can get worst......