My computer suddenly has this drive like thing (like removable disk drive) on the desktop and My Computer. Its name is FullHouse Drive and when I double click it it show a picture of a Korean female movie star. It won't be moved, deleted or anything at all. I don't know what other effects it's having on my computer as it seem to be functioning normally except for this annoying extra drive.
I try to scan it with Kaspersky, MBAM, and KillFullHouse (from a Laos website I got by googling). Still it won't budge!
Please help me.
Thanks,
Rasmey

Outstandind description. Did the 'gurgle' & found this thread.

It probably goes against conventional wisdom around here, but I would System Restore to a point preceding its appearance.

'Ratscheddar' does a good job of undoing registry hacks meant to annoy. Some of the hacks alters permissions, takes away common tools/utilities, to mention a few.

Download RatsCheddar
It contains a program written by Rathat, and it is a Policy Controller.
Save and extract this program to the desktop.
Once extracted, Double click on the RatsCheddar.exe file.
Enable everything, then click Exit
Reboot your Computer.

Update all the scanning programs. Please post the 3 logs. See Here

Thanks for your reply.
I did as the suggested. Here are the logs.
As for HiJackthis I can't find the log.
The FullHouse drive is still there in my computer and my other computer have it too. But there doesn't seem to be any noticeable symthom yet.

Rasmey

Attached Files

	CCleaner.txt (2.3 KB, 7 views)
	mbam-log-2008-12-01 (21-54-26).txt (1.1 KB, 4 views)

For your case, we will supplement our guide with a special scan / tool. The difficulties you mention are being interpretted as a procedural glitch. Inform me if I have this wrong. 'Taskmgr.exe' appearing in recycle bin is unusual.

Observations & Recommended Action:

• Update the scanning tools: MBAM & SAS
• HJT log is saved to same folder for all HJT logs. > File > save as > identifies folder
• Reminder: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
• ComboFix is a very effective tool that scans / fixes hard to clean infections. Additionally, it includes diagnostic information.
• Uninstall old copy of ComboFix

Supplement to guide. Successive scans used to uncover additional infections.

• Update both MBAM & SAS. Rerun them both.
  
  
• This effort is complete when logs report NO infections/threats, or reporting something it can not clean.
  
  
• Follow ComboFix instructions referenced below.
  
  
• Scan with HJT. (part of instructions for ComboFix)
  
  
• Posts logs. Report progress & what changes are observed. Include logs that found infections.
  
  
  
  Quote:

  Originally Posted by Blind Dragon Uninstall Combofix * Click START then RUN * Now type Combofix /u in the runbox * Make sure there's a space between Combofix and /u * Then hit Enter. *The above procedure will: * Delete the following: ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point.

  Quote:

  Originally Posted by Blind Dragon Disable all realtime protection before running combofix by right clicking it in the system tray and unchecking the real time monitoring Combofix Download Combofix to your desktop. Double click combofix.exe & follow the prompts. A window will open with a warning. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. How-to-use instructions Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction Combofix will automatically save the log file to C:\combofix.txt Also attach a fresh hijackthis scan ran afterwards

Thank you rf6647. I did as instructed and now the Fullhouse drive is removed. I run Combofix twice. The first time it made the 'virus' appear like a folder and I can delete it from my desktop and the second time I run Combofix it's removed from my Control panel. I'm attaching the log of both times here.

However I have two other computers which have the same problem but even though I run Combofix and other program (CCleaner, MBAM) a few time it still won't be removed. I don't know why. Please help.
The logs in zip file is from one of the computer which the problem cannot be solved.

Thanks

Attached Files

	log.txt (7.7 KB, 8 views)
	log1.txt (6.2 KB, 5 views)
	mbam-log-2008-12-06 (20-31-23).txt (1.4 KB, 5 views)
	Log.zip (20.2 KB, 12 views)

I have insufficient information.

No filetype for zip file.
Does HJT contain reference?? >> "BIBLauncher"="c:\documents and settings\INTERNET\Desktop\BIBLauncher.exe"

Network? That opens the possibility of cross contamination. Firewalls? How configured?

Your observations about the double run of combofix to clean the 'full house' symptom was a learning experience for me. A HJT log may show residue remaining in 'msconfig'.

I'm sorry I don't know what happen to the zip file.
I did Hijackthis and the log is here.

Thank you so much for your help.

Attached Files

hijackthis.log (5.1 KB, 1 views)

Thank you! I'll do as instructed.
By the way I forgot to tell you. My computers have network connection but I don't think it's the source of contamination since the other are cleaned and only these two that won't clear. Also I forgot to mention that while running combofix on these two there is a messege on the blue screen that say something about missing file or something. I wonder if it's because of this that it's not effective.

Hi these are the logs. I did it on three computers which are having the same problem.
The third computer I did SDFix twice as you'll see in the report.
Should I try to fix the two items in hijackthis log that combofix did handle?
The FullHouse drive are still there and won't be deleted. Overall the computers are still the same.

Attached Files

	report.txt (5.1 KB, 2 views)
	hijackthis.log (4.6 KB, 2 views)
	report computer2.txt (2.3 KB, 2 views)
	hijackthis computer2.log (3.7 KB, 1 views)
	Computer3 hijackthis.txt (6.8 KB, 1 views)

After SDFix finish and start the normal window there is this icon near the clock that say Windows Security Alert (on two computers except the 3rd one). What do I do with it?

Here are two more logs.

Attached Files

	Computer 3 report1.txt (14.9 KB, 2 views)
	Computer 3 report2.txt (14.8 KB, 2 views)

You have given me much to ponder. Here is my current understanding.

Member’s assessment

• 3 infected computers with “FullHouse Drive”
• M10 Computer 1; trojans found; mirc.exe; HJT normal
• M10 computer 2 ; clean; mirc.exe; recycle ;O24 HJT
• M11 computer 3 ; trojan found; recycle; O24 HJT

Explanation

• Message 10, computer 2, SDfix - no trojan found, registry item restored for 'mirc.exe', secret-hidden files in recycle bin, O24 found (HJT)
• Message 11, computer 3, SDfix - found trojan, secret-hidden files in recycle bin, O24 found (HJT)

Overview

1. I am headed back to combofix. Uninstall old version – get rid of the history. When scanning with HJT, ALWAYS restart the computer preceding HJT.
   
   
2. Check installed programs for mirc.exe
   • Cited reference declares this a Trojan
   • Uninstall if shown in listing
   
   
3. I will follow a plan developed by mflynn that is geared toward wide coverage. Successive application of the tools removes parts of the infection that mask the 'real bad guy'. Every step improves the chances that the next step will succeed. When a tool does not work, make note and move to the next tool. We are trying to get info and cleaning where we can. I want the tools to do the heavy work for us. MBAB is expected to do its share to remove parts of the infestation, ComboFix will take it to the next level.

----------------------------------------------------------------------------------------------------------------------------------
D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html
----------------------------------------------------------------------------------------------------------------------------------

D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

Please make a note of what it found if any as it has no log.
If it finds several things reboot to Safe Mode and run again before continuing below.
----------------------------------------------------------------------------------------------------------------------------------

Get and run Malware Removal Tool by Joe Pestro http://majorgeeks.com/Malware_Removal_Tool_d4632.html
----------------------------------------------------------------------------------------------------------------------------------

When above is completed reboot back to Safe Mode Networking and do the following..

http://www.techspot.com/vb/post684649-3.html

When Fixit.cmd finishes it will reboot to normal.

Then..

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

I think I have found a easy way to do away with fullhouse drive. It will take less than a minute.

check this link to know about the issue and the linkto download the removal tool.

exchangeserverinfo.net/default.aspx?g=posts&t=59

Enjoy ... I had to fight this virus for 24 hours to get it out. It had screwed my regedit and task manager. I so happy that its gone ...

He stated above that he specifically tried this tool, and it still won't "budge"

Later on he confirmed running the UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions (and Combofix) did

But thanks for your reply anyway

Thanks for the tip. While rasmey may have given up with the efforts so far, the info that you shared with us will benefit others.

Cheers! Merry Christmas.

ok good point!

Here's the direct link, to that fullhouse executable: http://exchangeserverinfo.net/resource.ashx?a=4

I also checked it for Viruses online first (when it was posted)
Yes good for reference

guys there is a change in the link from where you can download the virus removal tool:

exchangeserverinfo.net/default.aspx?g=posts&m=67&#67

its under anti virus forum ,

thanks lot it works