Setup.exe in Shared Folder

Status
Not open for further replies.

z_in

Posts: 7   +0
Hello, i want to seek for help here. i found setup.exe which i don't recognice in my shared folder.

i came across few same cases in this forum, but i don't really understand whether their problem related to mine.

Well, i followed what others do, making a Hijack log. Hope some expert can help me here. Thank in advance !
 
Hello and welcome to Techspot.

Your system is infected with a variety of nasties.

Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as an attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of z_in only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Yes ! i deleted 2 of the setup.exe and autorun.inf in my shared folder.

i got 3 shared folder containing the setup.exe and autorun.inf
- The original 'Shared Folder', setup.exe deleted successfully
- My Document Folder, setup.exe unable to delete
- Another personal folder created by myself, setup.exe deleted successfully

Well, i totally follow the tutorial on removing those trojan and nasties.

And i got most of them found nothing at all.
Only SS&D found 23 items, all deleted, and AVG Antispyware found 6 items, 4 deleted, 2 Quarantine.

Well, unfortunately, i didn't save the report of AVG Antispyware. This is because when i run AVG in safe mode, i encounter such a problem that a msg will pop-up 'Error - Something bad is happening on your AVG ...' , i clicked OK and then a microsoft error report msg pop-up, i clicked Don't Send and the AVG windows terminated. This happens a few time until i close all other application, including the notepad containing the instruction, to concentrate on the AVG. Hence, i can't refer to the notepad and didn't save the report.

i just attach the Hijack log for you, master ~ :stickout:

Something i wanted to add on is the trojan seems to be 1 of my program.

PodCast

Do you hear about this program before? is a streaming TV channel program. After all the antivirus and antispyware check, many files have been deleted, and i found i can't use this program any more.
 
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)

O2 - BHO: IHiu Class - {67A06BB1-027B-4E94-8C3D-2DCD5E808A28} - C:\WINDOWS\system32\AYBHOAD.dll

O9 - Extra button: Öйú×î´óСÇø»¥¶¯Æ½Ì¨ - {bf80e5ce-44f9-4954-9ec9-ca5bb86346cd} - http://www.hiu.cn (file missing)

O11 - Options group: [INTERNATIONAL] International*

O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)

Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

This is the filepath you need to enter into killbox.

C:\WINDOWS\system32\AYBHOAD.dll

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

As far as your podcast programme goes, try reinstalling it.

Regards Howard :)

This thread is for the use of z_in only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thank you ! Killbox works !

I'm able to delete the setup.exe, but killbox will make a backup of the setup.exe in C:\!Killbox\setup.exe , so i run the killbox again in windows (not safe mode) to delete the file again, by selecting option Standard File Kill. Is this alright?

I run 2 hijack scan, one in safe mode and one in normal mode. By the way, thank you master howard_hopkinso for helping me to solve my prob !
 
Your HJT log is now clean.

You can delete the killbox backups, but I think you should wait for a couple of days just to make sure everything`s ok.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of z_in only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back