STUPID VIRUS!!

kaisterkai

kaisterkai

Expert Member
Joined
Dec 11, 2009
Messages
2,153
Reaction score
3
Location
Cape Town
Good day..

so this day i was getting something from a friend of mine.. and what happened was it created MANY MANY short-cuts.. like my computer, my doc, my music, my pic etc etc..

And then after a scan from my house.. there were 21 attacks.. which killed my thought.. but then it seems now it's virus free.. but the thing is.. the origianl thing that I had.. like my work and stuff.. they are gone..

but then when I use word to open it from my flash, I can see everything.. (all the docs.. )

but when i go into my flash, there is nothing..

I use NOD 32.. SS4

Can anyone help?

Thanks
 
take the hard drive out of your machine and put it into a removable drive casing or a hard drive dock.

Then plug it into another machine that you know is clean and has an up to date virus scanner installed. Scan your drive completely and allow it to clean and remove the viruses.

Then put it back into your machine.... if it boots properly you are safe... but if it has damaged some system files, you will need to back up your data and do a re-install.

That is the only safe way to make sure you have completely removed or disabled the virus.
 
I've seen that virus before. Its extremely annoying. Its hides your folders, sets it so that you can't unhide it (in Wondows at least, I haven't tried any other way) but the files inside the folders are not hidden. I've had to clean flashes like that. Luckily there were not too many folders so I used cmd to see what folders there were, browsed directly into those folders and copy the files out. Then just deleted the folders. The virus should be picked up quite easily by many different AVs. Last time I had to do it my out-of-date McAfee picked it up and cleaned it. I just had to do the manual stuff.
 
Yup - have dealt with similar viruses before. It basically sets the original folder attributes as hidden.

Make sure you have deleted all the rogue shortcuts the virus created and check there are not any malware processes still running - use something like process explorer.

Then you can reset the attributes on the original folders. To see the folders in windows go to 'Folders Options' , 'View' and set it to 'Show Hidden Files and Folders' and untick 'Hide Operating System Files'. You should now be able to see the hidden folders in windows explorer.
Now to reset the attributes on the hidden folders go to a command prompt and sun the following

c:\attrib -H -S c:\folder path. Do that for each of the folders that have been hidden.

But you have to make sure that all the virus processes have been killed or it will just keep happening.
 
ramar said:
To see the folders in windows go to 'Folders Options' , 'View' and set it to 'Show Hidden Files and Folders' and untick 'Hide Operating System Files'. You should now be able to see the hidden folders in windows explorer.
Click to expand...

That doesn't always work though as sometimes that option is greyed out, or Options has been removed from the Tools menu or you've ticked everything as you've stated above but as soon as you close the dialog box, the changes you made just reverts and the folders remain hidden.

Thats what happened to me hence the manual labour
 
Mantis said:
That doesn't always work though as sometimes that option is greyed out, or Options has been removed from the Tools menu or you've ticked everything as you've stated above but as soon as you close the dialog box, the changes you made just reverts and the folders remain hidden.

Thats what happened to me hence the manual labour
Click to expand...

Yes - that will happen if the virus processes are still running. Believe me i know, after having to clean one of these off about 20 PC's. That is why i said you have to make sure all these processes are killed and the malware files deleted.
 
ramar said:
It basically sets the original folder attributes as hidden.
Click to expand...
Must be a really skilled virus writer. Oh noes my files are hidden - What will I do?

Garyvdh said:
take the hard drive out of your machine and put it into a removable drive casing or a hard drive dock.

Then plug it into another machine that you know is clean and has an up to date virus scanner installed.
Click to expand...
eh, and then the auto-run kicks in and the clean machine is now not so clean anymore?
 
Garyvdh said:
Any good up to date virus scanner will be ready for Auto-run.

eg. Microsoft Security Essentials.
Click to expand...

Plus the tosser who switches autorun back on, after MSFT disabled with an update, kind of deserves to be attacked lol. I also got hit with the same kind of malware from colleague a week ago, who as far as I can see didn't have an Anti-Virus. Had MSE pick up the nasty thing and it cleaned it out, all I had to afterwards was remove the hidden attribute on the folders and files on the root of the device. Seem to not real cause any malicious harm to the files on the portable device.
 
Garyvdh said:
take the hard drive out of your machine and put it into a removable drive casing or a hard drive dock.

Then plug it into another machine that you know is clean and has an up to date virus scanner installed. Scan your drive completely and allow it to clean and remove the viruses.

Then put it back into your machine.... if it boots properly you are safe... but if it has damaged some system files, you will need to back up your data and do a re-install.

That is the only safe way to make sure you have completely removed or disabled the virus.
Click to expand...

Thanks for the info.. but its' a USb lol

but IF something like this happens (which I hope not..) I will do this.. Thanks!
 
Mantis said:
I've seen that virus before. Its extremely annoying. Its hides your folders, sets it so that you can't unhide it (in Wondows at least, I haven't tried any other way) but the files inside the folders are not hidden. I've had to clean flashes like that. Luckily there were not too many folders so I used cmd to see what folders there were, browsed directly into those folders and copy the files out. Then just deleted the folders. The virus should be picked up quite easily by many different AVs. Last time I had to do it my out-of-date McAfee picked it up and cleaned it. I just had to do the manual stuff.
Click to expand...

Well my AV did pick it up.. I set it so that it shows all hidden folders.. but i still can't see it..

Really bothering me now.. Because now there is a project that I have to get off but can't..

How do you do the CMD thing?

Thanks
 
ramar said:
Yup - have dealt with similar viruses before. It basically sets the original folder attributes as hidden.

Make sure you have deleted all the rogue shortcuts the virus created and check there are not any malware processes still running - use something like process explorer.

Then you can reset the attributes on the original folders. To see the folders in windows go to 'Folders Options' , 'View' and set it to 'Show Hidden Files and Folders' and untick 'Hide Operating System Files'. You should now be able to see the hidden folders in windows explorer.
Now to reset the attributes on the hidden folders go to a command prompt and sun the following

c:\attrib -H -S c:\folder path. Do that for each of the folders that have been hidden.

But you have to make sure that all the virus processes have been killed or it will just keep happening.
Click to expand...

I tried that CMD thing.. And it doesn't work.. am I missing something?

But I did clean everything off.. should be cleaned..

anyway.. will try again..

Thanks
 
HavocXphere said:
Must be a really skilled virus writer. Oh noes my files are hidden - What will I do?


eh, and then the auto-run kicks in and the clean machine is now not so clean anymore?
Click to expand...

I turned off the auto run, because I rather scanned it first.. because I open it..
 
DJNgoma said:
Plus the tosser who switches autorun back on, after MSFT disabled with an update, kind of deserves to be attacked lol. I also got hit with the same kind of malware from colleague a week ago, who as far as I can see didn't have an Anti-Virus. Had MSE pick up the nasty thing and it cleaned it out, all I had to afterwards was remove the hidden attribute on the folders and files on the root of the device. Seem to not real cause any malicious harm to the files on the portable device.
Click to expand...

Lucky I turned it off..
:P
 
kaisterkai said:
Well my AV did pick it up.. I set it so that it shows all hidden folders.. but i still can't see it..

Really bothering me now.. Because now there is a project that I have to get off but can't..

How do you do the CMD thing?

Thanks
Click to expand...

The help command in CMD is quite helpful :D.
http://bit.ly/dnpjBQ

In the command prompt do the following:

1. Type in the flash drive's drive letter and followed by a colon.
Example(Replace "X" with the drive letter of the flash drive):
Code: 
X:

2. Type in the command for the directory function.
Code: 
DIR

3. You will see all the files in the root directory of the flash drive.

Honestly the rest should be applying your knowledge with the help function, but if you still require help... You know what to do.
 
I tried the CMD thing, and you know, nothing is in the flash.. but on my computer, it says there are spaces that are being used..
So..
anyway.. i think I'm just going to format it..

I can think up the project again..

thanks for the help!
 
Well it's just that it must behanded in on tuesday.. and I dont' think anything is working now.. so I might as well.. And also, just incase the virus spreads.. I mean.. it would be risking alot of files to one little virus..

But anyway, thanks for the help ^ ^
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X