Ive been to a LAN recently and used an external HD to move some files.
My fully updated AVG didnt detect anything so I was sure that the drive was safe. After moving the files I noticed that I cannot access my C: drive normally by double clicking it in My Computer. It just doesnt go in for some reason. I can only access it by rightclick->open.
Some other guy said that I should check if I find a setup.exe file under my "c:\" directory. so i cheched it from the command line by typing
"attrib -h -a -s -r setup.exe" and there it was. The program disables me from viewing hidden files and folders. Everytime I enable viewing of hidden files it gets the seting gets disabled again when I check. I also tried deleting it quickly after I typed "attrib -h -a -s -r setup.exe" in command line. Also tried using "del" command with all options.
It goes away temporarily but then reappears everytime I check.
Neither AVG or NORTON detects any trace of malicious software when i scanned, twice, with the same result.
The icon looks like some kind of wicked "panda" or "pug dog".
I've heard that this *virus or whatever it is, when taken care of quickly, does no real harm, but later can cause some serious problem to .exe and to the registry.
I would like to get help asap, before anything gets worse. Any removal tool or repair advice would be greatly appreciated. If someone can send help via email then I would be much better:
So I actually found someone to help me on this. This is the way that will work the best to remove the virus from your system.
Step 1 (Ending the Malware/Virus Program)
1. Open Windows Task Manager. On Windows 98 and ME, press CTRL+ALT+DELETE On Windows NT, 2000, XP, and Server 2003, press CTRL+SHIFT+ESC 2. In the list of running programs*, locate the process: SPOCLSV.EXE 3. Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your computer. 4. To check if the malware process has been terminated, close Task Manager, and then open it again. 5. Close Task Manager.
*NOTE: On computers running Windows 98 and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process.
Step 2 (Removing the Auto-start entries from the Registry)
1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter. 2. In the left panel, double-click the following: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 3. In the right panel, locate and delete the entry: svcshare = "%System%\drivers\spoclsv.exe" (Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.) 4. Close Registry Editor.
Step 3 (Allowing Hidden folders/files view permissions via the Registry)
1. Open Registry Editor again. Click Start>Run, type REGEDIT, then press Enter. 2. In the left panel, double-click the following: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL 3. In the right panel, locate and change the entry: CheckValue from 0 to 1 (right-click and choose modify and then enter 1 in value data space) 4. In the left panel, double-click the following: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden 5. In the right panel, locate and change the entry: CheckValue from 0 to 1 (right-click and choose modify and then enter 1 in value data space) 4. Close Registry Editor.
Step 4 (Editing the folders/files view permissions via the Control Panel)
1. Open 'Control Panel' from the 'Start Menu' 2. Select 'Folder Options' and select the 'View' tab 3. Select the 'Show hidden files and folders' button 4. Click 'Apply' and close.
Step 6 (Deleting the Malware/Virsus trace files)
1. Open the 'Search' function from the 'Start Menu' 2. Click 'Search for files and folders' tab 3. Select 'Local Hard Drives' in the 'Look in' tab 4. Under 'Search Options' select 'Search hidden files and folders' 5. Now, search for the following: Desktop_.ini 6. Once located, select all the search result files (CTRL+A) and then press SHIFT+DELETE to delete.
Step 7 (Deleting the Malware/Virsus Auto-runs)
1. Open the 'Search' function from the 'Start Menu' 2. Click 'Search for files and folders' tab 3. Select 'Local Hard Drives' in the 'Look in' tab 4. Under 'Search Options' select 'Search hidden files and folders' 5. Now, search for the following: AUTORUN.INF 6. Once located, select the file then open with Notepad. Check if it contains the following string/s: [AutoRun] open=setup.exe shell\Auto\command=setup.exe shellexecute=setup.exe 7. If the string/s are found, close the Notepad file, select and then press SHIFT+DELETE to delete.
Step 8 (Deleting the Malware/Virsus .exe files)
1. Open the 'Search' function from the 'Start Menu' 2. Click 'Search for files and folders' tab 3. Select 'Local Hard Drives' in the 'Look in' tab 4. Under 'Search Options' select 'Search hidden files and folders' 5. Now, search for the following: setup.exe 6. Once located, select and then press SHIFT+DELETE to delete.
Step 9 (Deleting the Malware/Virsus .exe files)
1. Open the 'Search' function from the 'Start Menu' 2. Click 'Search for files and folders' tab 3. Select 'Local Hard Drives' in the 'Look in' tab 4. Under 'Search Options' select 'Search hidden files and folders' 5. Now, search for the following: GameSetup.exe 6. Once located, select and then press SHIFT+DELETE to delete.
Step 10 (Reset folders/files view permissions via the Control Panel)
1. Open 'Control Panel' from the 'Start Menu' 2. Select 'Folder Options' and select the 'View' tab 3. Select the 'Do not show hidden files and folders' button 4. Click 'Apply' and close.
Step 11 (Shut down and restart)
1. Close all files. Folders and windows 2. Empty the 'Recycle Bin' if it is full 3. Shut down the PC and restart.
You should now be free of the Malware/Virus, but make sure to do this to external storage devices before you open them in the Windows explorer.
If you still find the Malware/Virus creeping around, repeat all the steps, but this time with 'System Restore' off and in Windows 'Safe Mode'
Currently it is Wednesday, March 17, 2010 9:15 PM (GMT +1) There are a total of 76.277 posts in 17.610 threads. In the last 3 days there were 11 new threads and 60 reply posts. View Active Threads
Who's Online
This forum has 31151 registered members. Please welcome our newest member, kas. 22 Guest(s), 1 Registered Member(s) are currently online. Details Dickens
|