|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
04-21-2009, 09:12 PM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2009
Posts: 3
OS: win 2000 server
|
hidden directory-shaped .exe/ application file with name of containing folder
Hi,
As seen on the title.. many - not all - directories in my computer - win 2000 server - have a hidden directory holding the same name as its containing directory, but on the "type" column it says: Application For example: My c:/cd directory has a hidden c:/cd/cd directory. It doesn't have a right-click "open with" option, though I dragged it into a notepad new file open, and it has a lot of code. I deleted all of it and pressed Save. when I doubled-click it it gave me an error message saying - not a typo - "This file is Damage!" Some people said it's a virus. What is this? What to do? Thank you so much! |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
04-22-2009, 04:31 AM
|
#2 (permalink) |
|
Registered User
Join Date: Apr 2009
Posts: 3
OS: win 2000 server
|
Re: hidden directory-shaped .exe/ application file with name of containing folder
I used the virustotal.com service to analyze the suspicious file, and here is the result:
http://www.virustotal.com/analisis/8...5d8e5212279a09 Details: ------------------------------ File WINFILE.EXE received on 04.17.2009 08:54:11 (CET) Current status: finished Result: 40/40 (100.00%) Compact Compact Print results Print results Antivirus Version Last Update Result a-squared 4.0.0.101 2009.04.17 Email-Worm.Win32.Rays!IK AhnLab-V3 5.0.0.2 2009.04.16 Win32/Rays.worm.49152 AntiVir 7.9.0.143 2009.04.17 Worm/Rays Antiy-AVL 2.0.3.1 2009.04.17 Worm/Win32.Win32 Authentium 5.1.2.4 2009.04.17 W32/Rays.A Avast 4.8.1335.0 2009.04.16 Win32:Wukill-B AVG 8.5.0.287 2009.04.16 Worm/VB.DLW BitDefender 7.2 2009.04.17 Win32.Wukill.E@mm CAT-QuickHeal 10.00 2009.04.17 W32.WuKill.G ClamAV 0.94.1 2009.04.17 Worm.Rays.A Comodo 1116 2009.04.16 Worm.Win32.Wukill.B DrWeb 4.44.0.09170 2009.04.17 Win32.HLLM.Xgray eSafe 7.0.17.0 2009.04.13 Win32.Banker eTrust-Vet 31.6.6455 2009.04.14 Win32/Wukill.B F-Prot 4.4.4.56 2009.04.16 W32/Rays.A F-Secure 8.0.14470.0 2009.04.17 Email-Worm.Win32.Rays.c Fortinet 3.117.0.0 2009.04.17 W32/Rays.A@mm GData 19 2009.04.17 Win32.Wukill.E@mm Ikarus T3.1.1.49.0 2009.04.17 Email-Worm.Win32.Rays K7AntiVirus 7.10.704 2009.04.15 Email-Worm.Win32.Rays Kaspersky 7.0.0.125 2009.04.17 Email-Worm.Win32.Rays.c McAfee 5586 2009.04.16 W32/Wukill.worm.gen McAfee+Artemis 5586 2009.04.16 W32/Wukill.worm.gen McAfee-GW-Edition 6.7.6 2009.04.17 Worm.Rays Microsoft 1.4502 2009.04.17 Worm:Win32/Wukill.F@mm NOD32 4015 2009.04.17 Win32/Wukill.B Norman 6.00.06 2009.04.16 W32/Wukill.B nProtect 2009.1.8.0 2009.04.17 Worm/W32.Wukill.65024 Panda 10.0.0.14 2009.04.17 W32/Wukill.A.worm PCTools 4.4.2.0 2009.04.17 Email-Worm.Rays Prevx1 V2 2009.04.17 High Risk Worm Rising 21.25.40.00 2009.04.17 Worm.Wukill.a Sophos 4.40.0 2009.04.17 W32/Wukill-B Sunbelt 3.2.1858.2 2009.04.17 Worm.Win32.WuKill Symantec 1.4.4.12 2009.04.17 W32.Wullik@mm TheHacker 6.3.4.0.309 2009.04.16 W32/Wukill.worm TrendMicro 8.700.0.1004 2009.04.17 WORM_WUKILL.GEN VBA32 3.12.10.2 2009.04.12 Email-Worm.Win32.Rays ViRobot 2009.4.17.1697 2009.04.17 I-Worm.Win32.Rays.49152 VirusBuster 4.6.5.0 2009.04.16 Worm.Wukill.N Additional information File size: 49152 bytes MD5...: 01aefd7cd0168b1589c4e567d9cfeb36 SHA1..: 602d343f0e483e42e573dd116a1b9aad9201eeaf SHA256: ccb82810a3ac25b3a7b611fdcbb7b694c99d4ec4866e102ed52c111c35ad0c35 SHA512: d76d82b2d72d6e1a1d8ee70b17b4a82f1295569996194a4a2dd119e1a6bb4089 e7eedd3ba347468e475b195981e8ca824da9bfeafeb938cf7a9859bfee513d6e ssdeep: 768:uWsw7HPGiVRLpBj3PbnsfC/uLBVSEFFoHa0Z:peaUFFoHx PEiD..: - TrID..: File type identification Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x113c timedatestamp.....: 0x3f0817ed (Sun Jul 06 12:37:01 2003) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x7ebc 0x8000 4.94 ae148c4970f8ecd18f12a934b0c95d53 .data 0x9000 0xc98 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0xa000 0x2b6c 0x3000 3.43 2b3531193dfc6e85f9012738e2a0cdce ( 1 imports ) > MSVBVM60.DLL: MethCallEngine, -, -, -, -, -, -, -, -, EVENT_SINK_AddRef, -, -, DllFunctionCall, EVENT_SINK_Release, -, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, -, -, ProcCallEngine, -, -, -, -, -, -, -, -, -, - ( 0 exports ) RDS...: NSRL Reference Data Set - ThreatExpert info: http://www.threatexpert.com/report.a...c4e567d9cfeb36 CWSandbox info: http://research.sunbelt-software.com...c4e567d9cfeb36 Prevx info: http://info.prevx.com/aboutprogramte...042E001C4900CF Last edited by itconsultant; 04-22-2009 at 04:33 AM. |
|
|
|
|
| Thread Tools | |
|
|
