HJT plz ( hidden files virus )

[kiriazy]

hey all,

i am infected with a malware which i can't view the hidden files & also it force the subfloders of the partitions to open in new window while it is set to open @ the same window so i followed the instruction of the thread (viruses & malware removal) the (open in the same window) is fixed but i still cannot view my hidden files so am i still infected or what is my prob. coz i am not an expert ???

here r the logs i got hope to have help soon

Best Regards,
Kiriazy

 

[kimsland]

Did you also scan D drive?
Seems to have a lot of strange things starting.

Regarding Hidden files
1. Click Start -> Run
2. Type regedit and click Ok.
3. Find the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
4. Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t, delete the key.
5. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1.
6. The “Show hidden files & folders” check box should now work normally
7. Also change in NOHIDDEN change value to 1
8. In SHOWALL change value to 0
9. Re-check the folder options
10. now change the values to the same
NOHIDDEN to 2
SHOWALL to 1

Strange, but works.

 

[kiriazy]

thnx so much it works

but tell me plz how can i get sure that im clean not infected ???

 

[kimsland]

Please scan your D drive fully.
You HJT log refers to Startups from there.
You can also run this small TOOL, to disable any not required Startups.

Someone else may also check your HJT file
But I would prefer that D Drive is clean, and a new HJT file created after that.

 

[kritius]

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

Have HJT fix this file and then do as Kimsland suggests, other than that the log is clean.

 

[Blind Dragon]

I would also Go to Control Panel->Add/Remove Programs and uninstall:
- Download Accelerator Plus (DAP)

Then launch Hijackthis -> Do a System Scan Only and put checks next to the following:

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

Then select Fix checked

Use Windows Explorer to navigate to and delete the following:

[*]Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E

Folders:
C:\Program Files\DAP <-This folder only


This one looks legit with a simple google of the program, so here is why I suggest it
http://www.bleepingcomputer.com/uninstall/281/Download-Accelerator-Plus-DAP.html

 

[kritius]

Good catch, never really thought about DAP.

 

[kimsland]

Damn me either!

 

[kritius]

Damn me either!

We must be slipping Kimsland!

 

[Blind Dragon]

You guys are doing a great job. I usually look through everything in this section and it is rare that anything is off.