TechSpot

Unable to access hidden files and have a viral autorun as a hidden file

By wazdingo
Mar 14, 2008
Topic Status:
Not open for further replies.
  1. Right now I have a file on my computer that is trying to autorun to install a virus, currently hidden, and my folder options will not allow me to reopen hidden files. I have attached a hijackthis analysis and luckily my antivirus is quarantining all the files that are trying to run, but I would like to eliminate this problem asap before it worsens. Does anyone have a step by step idea of what I should do?
  2. kritius

    kritius TS Guru Posts: 2,087

    Hi wazdingo, :wave:

    The first thing that you need to do is follow all the instructions HERE eactly as they are described and post back in this thread with the three requested logs,
    • ComboFix
    • HJT and
    • AVG antispware


    as attachments. (see how here).

    Dont forget to let us know the results of the antirootkit scan, to run the steps exactly as stated and in that order and to have AVG antispyware quarantine the results.

    Good luck and if you have any questions then just ask.

    This thread is for the use of wazdingo only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
    O24 - Desktop Component 1: (no name) - C:\todo.htm

    I would remove that Bodog Poker and there are a few more like the Todo.htm
    And a few lines that are missing files (which is good, but the HJT log should be cleaned of these.)

    I'd suggest that you run Startup to remove many not required startup programs (including Bittorent - File sharing program)

    Once as many startups are removed as possible (including in Add/Remove programs)

    And you are able to have a look yourself at the HJT log, of any other files that you do not want.

    Then repost another HJT log

    edit:


    kritius, got in before me :)
  4. kritius

    kritius TS Guru Posts: 2,087

    Pay special atention to the three tools in step 10, especially SmitFraudFix,

    O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)

    this file is used by the rogue antispyware app, SpywareQuake, to issue fake security alerts on your taskbar, have you had anything like that?

    Also need to know where you live.

    As Kimsland says, remove these from add/remove programs.
    PokerStars
    Bodog Poker


    However,
    Sometimes HJT puts these in but it doesnt actually mean that they are missing sometimes it just cant find them so we would need to check if they are acyually missing first.

    Edit||||||| you can get HJT to generate a startup list my going to the misc tools section, you can post it back as well for us to look at if you are unsure.
  5. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Well spotted, I just thought Antivirus or Firewall was off and disregarded the popup.
    But actually these files may still exist, just not in the HJT reported path.

    Thanks kritius, I am always happy with your re-analysis of my brief findings.
  6. kritius

    kritius TS Guru Posts: 2,087

    Your analysis is always good Kimsland.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.