Kiran.dks
Technomancer
My day with my computer went on smooth until the afternoon when my friend brought pen drive of stuff for burning a CD...
My Confidence: Never a virus infection to my lappy
My defence system:
Antivirus: AOL Activ Virus Shield (A free version of Kaspersky Antivirus)
Antispyware: Windows Defender + Spybot
Firewall: ZoneAlarm Pro
Friend: Hey..I have some stuff to burn on CD. Are you free this afternoon?
Me: Yep..2:00pm
So here we go...my friend lands up will a bag of CD's and a pen drive.
I insert the pen drive into USB slot. Autorun open's up a menu. I cancel it as usual so that I perform a full scan of the pen drive. But this time busy in conversation with my friend, I forget on-demand scanning of the pen drive.
I open "My Computer" and double click the "Removable drive".
Then I see that nothing happens. Let me try again... double click double click...
Now I landed up in surprise. Then alas! I see CPU utilization shoot up to max and system speed sluggish! Suddenly ZoneAlarm shoots up a message that xxxx wants to be added everytime computer starts. Second mistake, I clicked yes! Then I realized I have done something wrong! Sh!t..what the hell was I doing?..
I right click the removable drive and select Open.
The contents open up. I just glance through the contents and alas! I see hidden exe files with the same folder name. powerpoint.exe....songs.exe...etc.
Me to friend: Hey..what are these files? Did you put this in pen drive?
Friend: Nope...I dono what they are!!
I am screwed up! At the back of my mind what the hell is my antivirus doing? No warnings...nothing..
SERIES OF TROUBLES:
Then I right-click on taskbar to see running processes.... But "Task manager" greyed out!
Now...I knew..My system is INFECTED!
Friend: Whatz that man? Why is it greyed out?
Me: yep...now jus see "Folder Options" will not be missing. I go to Tools>..folder options gone!
I give a big smile...
Friend: So you are screwed up! Are you gonna format ur PC?
Hey..Hey...nope not at all. The word FORMAT is not in my dictionary!
Then the last thing to check.. "Start>Run> regedit
Windows shoots up: "Registry editing is disabled by the administrator"
Yep! I knew that!
Now I do all the process of restoring "Folder Options", enabling "Registry editing" and restoring "Task Manager".
I think most of us here know the process! So I am not gonna explain that. There are many threads already running!
I rebooted the system in "Safe mode" and started a full scan of the system using AOL Antivirus, Windows Defender Antispyware, and spybot! I know that Windows Defender and Spybot will never detect it because it is a Trojan Worm. But what happened to KASPERSKY ENGINE BASED ANTIVIRUS? It also showed zero infection!
I immediately run "HijackThis" and get a report of running process. I see scvhost.exe running in some strange named folder in "WINDOWS" directory!
There is the culprit!..
"My Computer">"Windows"> xxxx folder. I see a scvhost.exe, some other files and a mp3 file here!!
I opened mp3 file in WMP and hear a "Laughing sound...Hehahehahhahaha"
I knew that this is the sound that will be played if the worm creeps into my lappy's boot sector! That will be the FINAL SHOW DOWN OF THE WORM.
Now the real show begins! My Lappy Vs WORM
I downloaded "Avira AntiVir", uninstalled AOL Antivirus, and installed Avira.
SCAN...
Avira immediately shoots up! Win32.Agent.abt, scvhost.exe virus detected! I
I immediately choose "DELETE" and complete the scan!
Now is that the end of the story? I thought so.
BUT...
Why are the hidden files not showing up? I go to "Folder Options" and see that the option "Don't show hidden files" checked.
I check the option "Show Hidden files" and click Ok.
But I still see no hidden files. I go back to "Folder options" and see that it has automatically reset to "Don't show hidden files"!
I try many times but nothing works.
Start> Run>regedit
I navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
and change the "Hidden" dword value to 1 and click "OK".
But no sign of hidden files. I again go to regedit and see that the value has changed back to 2!
That's not a good sign! Is the culprit still there? Avira has done it's part in removing some..but ...
then it's turn of avast!. I uninstalled Avira and installed avast! and performed a full scan.
The result: No infection found! But problem still there.
I am pretty sure that a culprit is still there causing not to show the hidden files. A script from "Kelly's Korner" for restoring the hidden files works, but it's temporary.
I am in process of sorting out this problem. Now downloaded "BitDefender" trial version. Let me have a go!
And if you think this is only faced by me...
Check this link form Kaspersky forum: *forum.kaspersky.com/index.php?showtopic=32239&st=0
My Confidence: Never a virus infection to my lappy
My defence system:
Antivirus: AOL Activ Virus Shield (A free version of Kaspersky Antivirus)
Antispyware: Windows Defender + Spybot
Firewall: ZoneAlarm Pro
Friend: Hey..I have some stuff to burn on CD. Are you free this afternoon?
Me: Yep..2:00pm
So here we go...my friend lands up will a bag of CD's and a pen drive.
I insert the pen drive into USB slot. Autorun open's up a menu. I cancel it as usual so that I perform a full scan of the pen drive. But this time busy in conversation with my friend, I forget on-demand scanning of the pen drive.
I open "My Computer" and double click the "Removable drive".
Then I see that nothing happens. Let me try again... double click double click...
Now I landed up in surprise. Then alas! I see CPU utilization shoot up to max and system speed sluggish! Suddenly ZoneAlarm shoots up a message that xxxx wants to be added everytime computer starts. Second mistake, I clicked yes! Then I realized I have done something wrong! Sh!t..what the hell was I doing?..
I right click the removable drive and select Open.
The contents open up. I just glance through the contents and alas! I see hidden exe files with the same folder name. powerpoint.exe....songs.exe...etc.
Me to friend: Hey..what are these files? Did you put this in pen drive?
Friend: Nope...I dono what they are!!
I am screwed up! At the back of my mind what the hell is my antivirus doing? No warnings...nothing..
SERIES OF TROUBLES:
Then I right-click on taskbar to see running processes.... But "Task manager" greyed out!
Now...I knew..My system is INFECTED!
Friend: Whatz that man? Why is it greyed out?
Me: yep...now jus see "Folder Options" will not be missing. I go to Tools>..folder options gone!
I give a big smile...
Friend: So you are screwed up! Are you gonna format ur PC?
Hey..Hey...nope not at all. The word FORMAT is not in my dictionary!
Then the last thing to check.. "Start>Run> regedit
Windows shoots up: "Registry editing is disabled by the administrator"
Yep! I knew that!
Now I do all the process of restoring "Folder Options", enabling "Registry editing" and restoring "Task Manager".
I think most of us here know the process! So I am not gonna explain that. There are many threads already running!
I rebooted the system in "Safe mode" and started a full scan of the system using AOL Antivirus, Windows Defender Antispyware, and spybot! I know that Windows Defender and Spybot will never detect it because it is a Trojan Worm. But what happened to KASPERSKY ENGINE BASED ANTIVIRUS? It also showed zero infection!
I immediately run "HijackThis" and get a report of running process. I see scvhost.exe running in some strange named folder in "WINDOWS" directory!
There is the culprit!..
"My Computer">"Windows"> xxxx folder. I see a scvhost.exe, some other files and a mp3 file here!!
I opened mp3 file in WMP and hear a "Laughing sound...Hehahehahhahaha"
I knew that this is the sound that will be played if the worm creeps into my lappy's boot sector! That will be the FINAL SHOW DOWN OF THE WORM.
Now the real show begins! My Lappy Vs WORM
I downloaded "Avira AntiVir", uninstalled AOL Antivirus, and installed Avira.
SCAN...
Avira immediately shoots up! Win32.Agent.abt, scvhost.exe virus detected! I
I immediately choose "DELETE" and complete the scan!
Now is that the end of the story? I thought so.
BUT...
Why are the hidden files not showing up? I go to "Folder Options" and see that the option "Don't show hidden files" checked.
I check the option "Show Hidden files" and click Ok.
But I still see no hidden files. I go back to "Folder options" and see that it has automatically reset to "Don't show hidden files"!
I try many times but nothing works.
Start> Run>regedit
I navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
and change the "Hidden" dword value to 1 and click "OK".
But no sign of hidden files. I again go to regedit and see that the value has changed back to 2!
That's not a good sign! Is the culprit still there? Avira has done it's part in removing some..but ...
then it's turn of avast!. I uninstalled Avira and installed avast! and performed a full scan.
The result: No infection found! But problem still there.
I am pretty sure that a culprit is still there causing not to show the hidden files. A script from "Kelly's Korner" for restoring the hidden files works, but it's temporary.
I am in process of sorting out this problem. Now downloaded "BitDefender" trial version. Let me have a go!
And if you think this is only faced by me...
Check this link form Kaspersky forum: *forum.kaspersky.com/index.php?showtopic=32239&st=0
Last edited:
