Tech Support Forum - View Single Post

**Deckard** · 12-01-2006, 09:37 PM

I think this one is trying to hide from us.

P2P Software
I see you have P2P software (i.e. BitComet, LimeWire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Unhide Files
Go to My Computer > Tools > Folder Options > View tab and select "Show hidden files and folders". Uncheck the "Hide protected operating system files (Recommended)" option. Also make sure there is no checkmark beside "Hide file extensions for known file types". Click OK.

Deletions
Delete the following Files indicated in RED if they still exist.

C:\my files\WC06 Patches\WCP06\WORLDCUP06_SETUP1.exe
C:\my files\WC06 Patches\WCP06.rar

Submit For Analysis
Please submit the following file to VirusTotal Scan:

C:\WINDOWS\system32\explorer.exe

At the top of the window you should see "Select file" and a blank box. Copy and paste the red text from above into the box. Then click "Send". When it is finished, please copy the information listed the two tables (i.e., the scan results and "Additional Information") into Notepad and save it on your Desktop so you can paste it with your next reply.

Download ComboFix
Please download ComboFix and save it to your Desktop. Close all windows and then double click combofix.exe. Follow the prompts. While ComboFix is running, please do not click or move the window, as this may cause the tool to stall. When the tool has finished, it will produce a log for you and save it as C:\ComboFix.txt. Post that log in your next reply.

Rename HijackThis
You have an infection that may be hiding from HijackThis. Please rename HijackThis.exe to Deckard.exe and scan your computer again.

With Your Next Post...
Please paste the following with your next reply (in this order please):

VirusTotal report,
the contents of C:\ComboFix.txt, and
a new HiJackThis log taken after ComboFix finishes and you've renamed it.

12-01-2006, 09:37 PM	#7 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	I think this one is trying to hide from us. P2P Software I see you have P2P software (i.e. BitComet, LimeWire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. Unhide Files Go to My Computer > Tools > Folder Options > View tab and select "Show hidden files and folders". Uncheck the "Hide protected operating system files (Recommended)" option. Also make sure there is no checkmark beside "Hide file extensions for known file types". Click OK. Deletions Delete the following Files indicated in RED if they still exist. C:\my files\WC06 Patches\WCP06\WORLDCUP06_SETUP1.exe C:\my files\WC06 Patches\WCP06.rar Submit For Analysis Please submit the following file to VirusTotal Scan: C:\WINDOWS\system32\explorer.exe At the top of the window you should see "Select file" and a blank box. Copy and paste the red text from above into the box. Then click "Send". When it is finished, please copy the information listed the two tables (i.e., the scan results and "Additional Information") into Notepad and save it on your Desktop so you can paste it with your next reply. Download ComboFix Please download ComboFix and save it to your Desktop. Close all windows and then double click combofix.exe. Follow the prompts. While ComboFix is running, please do not click or move the window, as this may cause the tool to stall. When the tool has finished, it will produce a log for you and save it as C:\ComboFix.txt. Post that log in your next reply. Rename HijackThis You have an infection that may be hiding from HijackThis. Please rename HijackThis.exe to Deckard.exe and scan your computer again. With Your Next Post... Please paste the following with your next reply (in this order please): VirusTotal report, the contents of C:\ComboFix.txt, and a new HiJackThis log taken after ComboFix finishes and you've renamed it. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006