Inactive Virus?

Status
Not open for further replies.

undeuxtroiscinq

Posts: 15   +0
Hello-

Patience with the newbie please ;-)

I have a problem with Windows Explorer (not Internet Explorer, but Windows Explorer).
It crashes when I open certain sub-directories on my C: drive. It also crashes whatever program I am running when I try to open a file under said-subdirectory.

I am suspecting a virus. I followed various instructions found on the web and attached the logs here.

Any help most welcome.
 

Attachments

  • Combofix_log.txt
    26.5 KB · Views: 2
  • GMER Log 30 Apr 2010.txt
    10.4 KB · Views: 4
  • mbam-log-2010-04-30 (07-27-48).txt
    901 bytes · Views: 2
  • DDS.txt
    17.3 KB · Views: 0
Attach.txt part of DDS is missing.

What type of files do you have in a troublesome folder?

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

p4357307.gif



Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

RC1-4.gif



  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    whatnext.png



  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt, and fresh HijackThis log in your next reply.


Download HijackThis:
http://free.antivirus.com/hijackthis/
by clicking on Installer under Version 2.0.4
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
 
Many thanks for your attention and quick reply! This is awesome--
I attach the 3 requested file.

Please advise what I should do next - and again, thank you in advance for this.
 

Attachments

  • hijackthis.log
    11.5 KB · Views: 0
  • ComboFix_log.txt
    29.7 KB · Views: 2
  • Attach.txt
    14.5 KB · Views: 0
Oh, I forgot to answer your question.
The directories that make Windows Explorer crash are work-related, so contain MS Office files and PDFs - nothing else.
Hope it helps.
 
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

===================================================================

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.


2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

  • Spyware, Adware, Dialers, and other potentially dangerous programs
    [*] Archives
    [*] Mail databases
6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.
 
I did as indicated.
Kasperky ran for 2 hours and found nothing (report was empty, infected file count etc. were all zero).
I also attach the HighjackThis log.

Let me try to describe the problem with a little more specificity:
- Windows Explorer crashes when I try to access certain sub-folder with which I have been working a lot lately (ie. frequently accessing and modifying files)
- all files with these corrupt folders are work files, I.e. MS Office and PDFs
- I have run Windows in safe mode (F8 key) with the same result
- I have tried to run the CHKDSK function in the recovery console. Several times. At first, it always returns the 'CHKDSK found one or more errors on the volume'; if I then run CHKDSK c: /r (the clean up routine), the CHKDSK c: /p no longer detects errors but the problem with Windows Explorer remains (and then after rebooting, CHKDSK finds problems with my drive again)
- I have run HDTune - the Error scan returned a perfect result (all sectors are green), and the SMART report says 'healthy'. I attach the report, because I do not know how to interpret the data (does it matter that the disk shows high numbers in the 'Data' column of 'Offline uncorrectable' and 'Ultra DMA CRC Error Count'?
- my drive is new and works flawlessly. Could it still be a hardware problem? A registry problem?

One more thought: my c: drive is a partition of half my drive. The other half is not formatted yet. I think I will try to format a portion and put a copy of my work files there, see if I can access them without Explorer crashing.

I'm running out of things to try. Any other thoughts are most welcome. Thank you in advance!

1235
 

Attachments

  • hijackthis.log
    11.4 KB · Views: 0
  • HDTune.txt
    1.9 KB · Views: 1
Reporting from my new tries.
1. So I have created another partition E:\ and copied a parent folder containing (amongst other) the corrupt sub-folders.
Same issue: Windows Explorer would crash.

2. Here is how it goes:
(i) I boot my machine, login in as me (Administrator)
(ii) open Windows Explorer
(iii) Try to delete the parent folder E:\Work (it contains the corrupt sub-folder): Windows sends an error message referring to a file within the corrupt subfolder saying it is in use by another process (it is an Excel file and Excel is not running)
(iv) Click OK, Restart and do (i) to (iii) again: same outcome, with a different Excel file being supposedly used by a running processes
(v) Open the incriminated file using the 'Run' command (there's no other way), Excel opens and send me a Warning "cannot access file, which is locked for editing by
'another user'
Please open as read-only'
What is this 'another user'??

Any idea, someone?
 
Your computer has been and it's rather clean of malware, so that's about all we can do in this forum.
I suggest, you start new topic in Windows forum, so you'll get more attention.
 
Status
Not open for further replies.
Back