FullHouse Drive Virus?

Status
Not open for further replies.

Rasmey

Posts: 42   +0
My computer suddenly has this drive like thing (like removable disk drive) on the desktop and My Computer. Its name is FullHouse Drive and when I double click it it show a picture of a Korean female movie star. It won't be moved, deleted or anything at all. I don't know what other effects it's having on my computer as it seem to be functioning normally except for this annoying extra drive.
I try to scan it with Kaspersky, MBAM, and KillFullHouse (from a Laos website I got by googling). Still it won't budge!
Please help me.
Thanks,
Rasmey
 
Outstandind description. Did the 'gurgle' & found this thread.

It probably goes against conventional wisdom around here, but I would System Restore to a point preceding its appearance.

'Ratscheddar' does a good job of undoing registry hacks meant to annoy. Some of the hacks alters permissions, takes away common tools/utilities, to mention a few.

Download RatsCheddar
It contains a program written by Rathat, and it is a Policy Controller.
Save and extract this program to the desktop.
Once extracted, Double click on the RatsCheddar.exe file.
Enable everything, then click Exit
Reboot your Computer.

Update all the scanning programs. Please post the 3 logs. See Here
 
Thanks for your reply.
I did as the suggested. Here are the logs.
As for HiJackthis I can't find the log.
The FullHouse drive is still there in my computer and my other computer have it too. But there doesn't seem to be any noticeable symthom yet.

Rasmey
 

Attachments

  • CCleaner.txt
    2.3 KB · Views: 8
  • mbam-log-2008-12-01 (21-54-26).txt
    1.1 KB · Views: 5
For your case, we will supplement our guide with a special scan / tool. The difficulties you mention are being interpretted as a procedural glitch. Inform me if I have this wrong. 'Taskmgr.exe' appearing in recycle bin is unusual.

Observations & Recommended Action:
  • Update the scanning tools: MBAM & SAS
  • HJT log is saved to same folder for all HJT logs. > File > save as > identifies folder
  • Reminder: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
  • ComboFix is a very effective tool that scans / fixes hard to clean infections. Additionally, it includes diagnostic information.
  • Uninstall old copy of ComboFix

Supplement to guide. Successive scans used to uncover additional infections.
  • Update both MBAM & SAS. Rerun them both.

  • This effort is complete when logs report NO infections/threats, or reporting something it can not clean.

  • Follow ComboFix instructions referenced below.

  • Scan with HJT. (part of instructions for ComboFix)

  • Posts logs. Report progress & what changes are observed. Include logs that found infections.


    Uninstall Combofix
    * Click START then RUN
    * Now type Combofix /u in the runbox
    * Make sure there's a space between Combofix and /u
    * Then hit Enter.

    *The above procedure will:
    * Delete the following: ComboFix and its associated files and folders.
    * Reset the clock settings.
    * Hide file extensions, if required.
    * Hide System/Hidden files, if required.
    * Set a new, clean Restore Point.
    Disable all realtime protection before running combofix by right clicking it in the system tray and unchecking the real time monitoring

    avatar62338_1.gif
    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    • How-to-use instructions
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
    Also attach a fresh hijackthis scan ran afterwards

 
Problem fixed

Thank you rf6647. I did as instructed and now the Fullhouse drive is removed. I run Combofix twice. The first time it made the 'virus' appear like a folder and I can delete it from my desktop and the second time I run Combofix it's removed from my Control panel. I'm attaching the log of both times here.

However I have two other computers which have the same problem but even though I run Combofix and other program (CCleaner, MBAM) a few time it still won't be removed. I don't know why. Please help.
The logs in zip file is from one of the computer which the problem cannot be solved.

Thanks
 

Attachments

  • log.txt
    7.7 KB · Views: 9
  • log1.txt
    6.2 KB · Views: 6
  • mbam-log-2008-12-06 (20-31-23).txt
    1.4 KB · Views: 6
  • Log.zip
    20.2 KB · Views: 14
I have insufficient information.

No filetype for zip file.
Does HJT contain reference?? >> "BIBLauncher"="c:\documents and settings\INTERNET\Desktop\BIBLauncher.exe"

Network? That opens the possibility of cross contamination. Firewalls? How configured?

Your observations about the double run of combofix to clean the 'full house' symptom was a learning experience for me. A HJT log may show residue remaining in 'msconfig'.
 
I'm sorry I don't know what happen to the zip file.
I did Hijackthis and the log is here.

Thank you so much for your help.
 

  • HJT shows two items not handled by ComboFix:
    Code:
    O4 - HKLM\..\Policies\Explorer\Run: [Task Manager] C:\RECYCLER\S-1-5-21-1202660629-412668190-725345543-500\smss.exe
    O4 - HKCU\..\Policies\Explorer\Run: [Manager Task] C:\RECYCLER\S-1-5-21-1202660629-412668190-725345543-500\smss.exe

  • Uninstall ComboFix
  • Install & run SDFix.
    • While I judge both tools to be "equals", there are brief periods where one excels over the other.
  • Scan with HJT
  • Post logs & give your impressions.
Source developed 12-10-08
  1. Download SD Fix to Desktop From Here

  2. On Desktop run SDdFix. It will run (install) then close.

  3. Then reboot into Safe Mode
    • As the computer starts up, tap the F8 key several times.
    • On the Boot menu Choose Safe Mode.
    • Click through all the prompts to get to desktop.

  4. At Desktop - SD Fix does its job
    • My Computer C: drive. Double-click to open.
    • Look for a folder called SD Fix. Double-click to enter SD Fix.
    • Double-click to RunThis.bat. Type Y to begin.
    • When prompted hit the enter key to restart the computer
    • Your computer will reboot.

  5. On normal restart the Fixtool will run again and complete the removal process. Then say Finished

  6. Hit the Enter key to end the script and load your desktop icons.

  7. Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.

  8. Attach the Report.txt file to your next post
 
Thank you! I'll do as instructed.
By the way I forgot to tell you. My computers have network connection but I don't think it's the source of contamination since the other are cleaned and only these two that won't clear. Also I forgot to mention that while running combofix on these two there is a messege on the blue screen that say something about missing file or something. I wonder if it's because of this that it's not effective.
 
Hi these are the logs. I did it on three computers which are having the same problem.
The third computer I did SDFix twice as you'll see in the report.
Should I try to fix the two items in hijackthis log that combofix did handle?
The FullHouse drive are still there and won't be deleted. Overall the computers are still the same.
 
After SDFix finish and start the normal window there is this icon near the clock that say Windows Security Alert (on two computers except the 3rd one). What do I do with it?

Here are two more logs.
 
You have given me much to ponder. Here is my current understanding.

Member’s assessment
  • 3 infected computers with “FullHouse Drive”
  • M10 Computer 1; trojans found; mirc.exe; HJT normal
  • M10 computer 2 ; clean; mirc.exe; recycle ;O24 HJT
  • M11 computer 3 ; trojan found; recycle; O24 HJT
Explanation
  • Message 10, computer 2, SDfix - no trojan found, registry item restored for 'mirc.exe', secret-hidden files in recycle bin, O24 found (HJT)
  • Message 11, computer 3, SDfix - found trojan, secret-hidden files in recycle bin, O24 found (HJT)
Member's requests
  • Should I try to fix the two items in hijackthis log that combofix did handle?
    • >> Yes if refering to O24 items.
  • The FullHouse drive are still there and won't be deleted. Overall the computers are still the same.
    • >> Previously describe an annoyance
  • Windows Security Alert
    • >> Ignore - it is just windoze barking

Overview
  1. I am headed back to combofix. Uninstall old version – get rid of the history. When scanning with HJT, ALWAYS restart the computer preceding HJT.

  2. Check installed programs for mirc.exe
  3. I will follow a plan developed by mflynn that is geared toward wide coverage. Successive application of the tools removes parts of the infection that mask the 'real bad guy'. Every step improves the chances that the next step will succeed. When a tool does not work, make note and move to the next tool. We are trying to get info and cleaning where we can. I want the tools to do the heavy work for us. MBAB is expected to do its share to remove parts of the infestation, ComboFix will take it to the next level.
Source for steps developed 12-15-08
----------------------------------------------------------------------------------------------------------------------------------
D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html
----------------------------------------------------------------------------------------------------------------------------------

D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

Please make a note of what it found if any as it has no log.
If it finds several things reboot to Safe Mode and run again before continuing below.
----------------------------------------------------------------------------------------------------------------------------------

Get and run Malware Removal Tool by Joe Pestro http://majorgeeks.com/Malware_Removal_Tool_d4632.html
----------------------------------------------------------------------------------------------------------------------------------

When above is completed reboot back to Safe Mode Networking and do the following..

https://www.techspot.com/vb/post684649-3.html

When Fixit.cmd finishes it will reboot to normal.

Then..

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.
 
I think I have found a easy way to do away with fullhouse drive. It will take less than a minute.

check this link to know about the issue and the linkto download the removal tool.

exchangeserverinfo.net/default.aspx?g=posts&t=59

Enjoy ... I had to fight this virus for 24 hours to get it out. It had screwed my regedit and task manager. I so happy that its gone ...
 
... easy way to do away with fullhouse drive. ....screwed my regedit and task manager
Topic...exchangeserverinfo.net/default.aspx?g=posts&t=59....leads to ...exchangeserverinfo.net/resource.ashx?a=4 “killfullhouse drive.rar”

Thanks for the tip. While rasmey may have given up with the efforts so far, the info that you shared with us will benefit others.

Cheers! Merry Christmas.
 
fullhouse drive

guys there is a change in the link from where you can download the virus removal tool:

exchangeserverinfo.net/default.aspx?g=posts&m=67&#67

its under anti virus forum ,
 
Status
Not open for further replies.
Back