Solved Show hidden files messed up after virus rampage

[Broni]

You can update Kaspersky.

Disable Kaspersky and try OTL again.

If still no go run it from Safe Mode.

 

[Chaos999]

Still not working. Left it on safe mode for 1 hour and 40 minutes, but same problem.

=/

 

[Broni]

OK, let's leave it...

Any current issues?

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Chaos999]

I know this might be out of order, but, can I have firefox back now? it takes an eternity to open anything on IE. I can't imagine how much will the ESET page take to load.

No other issues other than those I mentioned

[EDIT]

checkup.txt content:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Kaspersky Internet Security 2009
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
Adobe Flash Player 10.3.181.26
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````


TFC ran succesfully. Will edit soon with the results of ESET

 

[Broni]

Yes, go ahead with Firefox.

When Eset is done make a new reply. I'm not getting email notifications about edits.

 

[Chaos999]

ESET online scan finished. It found my kasperky trial reset and quarantined it. odd, i scanned it when I first got it with a couple online scanners and they didn't recognized it. anyway here is the log:

C:\Documents and Settings\Lord of Chaos\Mis documentos\Mis archivos recibidos\HIDE_IP_3[1].43\HIDE IP 3.43\keygen.exe probably a variant of Win32/Agent.FHNLIHS trojan cleaned by deleting - quarantined
C:\Downloads\New Folder\KIS TR.rar.ers probably a variant of Win32/Agent.JNKURUA trojan deleted - quarantined

 

[Broni]

If that's some torrent version I don't even want to hear about it...

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[Chaos999]

OTL log here:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lord of Chaos
->Temp folder emptied: 4235 bytes
->Temporary Internet Files folder emptied: 21463987 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11619332 bytes
->Flash cache emptied: 602 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 32.00 mb


[EMPTYFLASH]

User: Administrador

User: All Users

User: Default User

User: LocalService

User: Lord of Chaos
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.26.3 log created on 08162011_203910

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_618.dat not found!

Registry entries deleted on Reboot...

The system hidden files problem I reported earlier is now gone. You are awesome (seriously).

Thanks again for the so much time you spend on helping me. I will follow the remaining steps you indicated (wot, tfc, psi etc...).

Anyway I do know how i got infected. by my flashdrive and i can't help but think that my kaspersky pretty much step aside and did nothing to prevent it.

Any advice to protect my PC against this kind of flash drive malware that is quite an epidemic in my college would be awesomely welcome.

 

[Broni]

Yes. Install this on your computer. It'll prevent anything form selfexecuting from any external source.

Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

*Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
• Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Windows Vista and Windows 7 users
Flash Disinfector is not compatible with the above Windows version.
Please, use Panda USB Vaccine, or BitDefender’s USB Immunizer


Way to go!!

Good luck and stay safe

 

[Chaos999]

Well, i don't know if this is considered Spam, but thanks again. I can't donate any money to your paypal (I don't have a bank account, credit card or so), but you have my long-lasting thanks, for what it's good.

Good bye

 

[Broni]

You're very welcome