Right now I have a file on my computer that is trying to autorun to install a virus, currently hidden, and my folder options will not allow me to reopen hidden files. I have attached a hijackthis analysis and luckily my antivirus is quarantining all the files that are trying to run, but I would like to eliminate this problem asap before it worsens. Does anyone have a step by step idea of what I should do?
Unable to access hidden files and have a viral autorun as a hidden file
- Thread starter wazdingo
- Start date
kritius
Posts: 2,077 +0
Hi wazdingo, :wave:
The first thing that you need to do is follow all the instructions HERE eactly as they are described and post back in this thread with the three requested logs,
as attachments. (see how here).
Dont forget to let us know the results of the antirootkit scan, to run the steps exactly as stated and in that order and to have AVG antispyware quarantine the results.
Good luck and if you have any questions then just ask.
This thread is for the use of wazdingo only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
The first thing that you need to do is follow all the instructions HERE eactly as they are described and post back in this thread with the three requested logs,
- ComboFix
- HJT and
- AVG antispware
as attachments. (see how here).
Dont forget to let us know the results of the antirootkit scan, to run the steps exactly as stated and in that order and to have AVG antispyware quarantine the results.
Good luck and if you have any questions then just ask.
This thread is for the use of wazdingo only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O24 - Desktop Component 1: (no name) - C:\todo.htm
I would remove that Bodog Poker and there are a few more like the Todo.htm
And a few lines that are missing files (which is good, but the HJT log should be cleaned of these.)
I'd suggest that you run Startup to remove many not required startup programs (including Bittorent - File sharing program)
Once as many startups are removed as possible (including in Add/Remove programs)
And you are able to have a look yourself at the HJT log, of any other files that you do not want.
Then repost another HJT log
edit:
kritius, got in before me
O24 - Desktop Component 1: (no name) - C:\todo.htm
I would remove that Bodog Poker and there are a few more like the Todo.htm
And a few lines that are missing files (which is good, but the HJT log should be cleaned of these.)
I'd suggest that you run Startup to remove many not required startup programs (including Bittorent - File sharing program)
Once as many startups are removed as possible (including in Add/Remove programs)
And you are able to have a look yourself at the HJT log, of any other files that you do not want.
Then repost another HJT log
edit:
kritius, got in before me
kritius
Posts: 2,077 +0
Pay special atention to the three tools in step 10, especially SmitFraudFix,
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
this file is used by the rogue antispyware app, SpywareQuake, to issue fake security alerts on your taskbar, have you had anything like that?
Also need to know where you live.
As Kimsland says, remove these from add/remove programs.
PokerStars
Bodog Poker
However,
Edit||||||| you can get HJT to generate a startup list my going to the misc tools section, you can post it back as well for us to look at if you are unsure.
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
this file is used by the rogue antispyware app, SpywareQuake, to issue fake security alerts on your taskbar, have you had anything like that?
Also need to know where you live.
As Kimsland says, remove these from add/remove programs.
PokerStars
Bodog Poker
However,
Sometimes HJT puts these in but it doesnt actually mean that they are missing sometimes it just cant find them so we would need to check if they are acyually missing first.
Edit||||||| you can get HJT to generate a startup list my going to the misc tools section, you can post it back as well for us to look at if you are unsure.
Similar threads
Latest posts
-
Scientists develop plastic that dissolves in seawater within hours
- bclaymiles replied
