Mycomputer - tools - folder option??? no folder option

jayanbhm · May 17, 2007

Dear friend ,
when we go to my computer - tools - folder option that folder option is not showing. what i will do i cannot change any folder settings

please help me

with thanks
JC

Sparsh007 · May 17, 2007

try this
*www.myfixes.com/quickfixes/fixes/24

thinkdigitreader · May 17, 2007

Hi,

Did u check the Control Panel? In that u can find Folder Options directly.
Pls run the attached REGISTRY to enable Folder Options.

valtea · May 17, 2007

you maybe infected with Brontok. try brontok washer (google it)

Brontok Details (sorry i dont know the source for this information. I have it as a txt file in my computer, downloaded from the net last year)

SYMPTOMS:

* You can't start Regedit.exe
* When trying to start any other registry editor, the system restarts
* The system also restarts when executing certain EXE files
* The presence of the following files:

* %WINDIR%\eksplorasi.pif
* %UserProfile%\Local Settings\Application Data\smss.exe
* %UserProfile%\Local Settings\Application Data\services.exe
* %UserProfile%\Local Settings\Application Data\lsass.exe
* %UserProfile%\Local Settings\Application Data\csrss.exe
* %UserProfile%\Local Settings\Application Data\inetinfo.exe
* %UserProfile%\Local Settings\Application Data\winlogon.exe
* %UserProfile%\Start Menu\Programs\Startup\Empty.pif

* %UserProfile%\Templates\WowTumpeh.com
* %WINDIR%\%CURRENT_USER%'s Setting.scr
* %WINDIR%\ShellNew\bronstab.exe

All these files have the size of the worm's main executable: 42,028 bytes.

TECHNICAL DESCRIPTION:
The worm comes as an attachment in an infected email, that looks like this:

Subject: (empty)
Message:
BRONTOK.A [ By: HVM31-Jowobot #VM Community ]
-- Hentikan kebobrokan di negeri ini --
1. Adili Koruptor, Penyelundup, Tukang Suap, Penjudi, & Bandar NARKOBA
( Send to "NUSAKAMBANGAN")
2. Stop Free Sex, Absorsi, & Prostitusi
3. Stop (pencemaran laut & sungai), pembakaran hutan & perburuan liar.
4. SAY NO TO DRUGS !!!
-- KIAMAT SUDAH DEKAT --
Terinspirasi oleh: Elang Brontok (Spizaetus Cirrhatus) yang hampir punah[
By: HVM31-Jowobot #VM Community--
Attachment: Kangen.exe

The attached file has an icon that imitates an usual Windows folder:

If executed, an Explorer window with My Documents folder is open. The worm installs itself in the locations specified in the Symptoms section.

The worm starts scanning files having the following extensions in order to gather email addresses to havest:

* asp
* cfm
* csv
* doc
* eml
* html
* php
* txt
* wab

It will not consider the adresses mathing the following strings:

* ADMIN AHNLAB ALADDIN ALERT ALWIL ANTIGEN
* ASSOCIATE AVAST AVIRA BILLING@ BUILDER
* CILLIN CONTOH CRACK DATABASE DEVELOP
* ESAFE ESAVE ESCAN EXAMPLE GRISOFT HAURI
* INFO@ LINUX MASTER MICROSOFT NETWORK
* NOD32 NORMAN NORTON PANDA PROGRAM
* PROLAND PROTECT ROBOT SECURITY SOURCE
* SYBARI SYMANTEC TRUST UPDATE VAKSIN
* VAKSIN VIRUS

The email addresses are gathered into the following folder

* %UserProfile%\Local Settings\Application Data\Loc.Mail.Bron.Tok

This folder will contain as many files as the email addresses the worm found. Those files are named by the following pattern: found@email.address.ini

In the same folder as the one specified above, the worm creates the following ones, that it will use at the mass-mailing process:

* Ok-SendMail-Bron-tok
* Bron.tok-[x]-[y] (where x and y are two random numbers)

The worm also creates a task in C:\%WINDIR%\Tasks, that will execute a copy of it (WowTumpeth.com) every day, at 5:08PM.

In order to assure it is executed at every system startup, it creates the following registry entries:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"Bron-Spizaetus" = "%Windir%\ShellNew\bronstab.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Tok-Cirrhatus" = "%UserProfile%\Local Settings\Application Data\smss.exe"

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe %Windir%\eksplorasi.pif"

It will disable Folder Options in Windows Explorer, by setting the following Registry value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"="1"

And will also disable Regedit:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"="1"

The following entries will be set at the specified values:
[HKCU\Software\Microsoft\Windows\CurrentVersion\explorer\advanced]
"Hidden"="0"
"ShowSuperHidden"="0"
"HideFileExt"="1"

When the worm is in memory, if it finds any window that contains "Registry" or ".EXE", it will restart the computer.

Garbage · May 17, 2007

Try to scan ur computer for viruses !!

or Re-Install windows

Vishal Gupta · May 17, 2007

If someone would mentioned this topic, then there will be no need of further discussion or suggestions:

*www.thinkdigit.com/forum/showthread.php?t=43523

Ron · May 18, 2007

hey

I am unable to view the hidden files........

Whenever i go To tools>Folder Option..........
and check/select the option....."SHOW THE HIDDEN FILES AND FOLDERS" and then click on apply and then ok...........

The hidden files not shown.......
In addition the option in the folder option "SHOW THE HIDDEN FILES AND FOLDERS" in unchecked......which was actually checked by me................... thus l the settings remains unchanged............

Pls help me
thnks in advance

Ron

jayanbhm · May 18, 2007

Dear friends thanks for your valualbe comments i all these are working tips even in the first tip itself cleared my problem (special thanks to thinkdigitreader) that registry file was excellent so i did n't try the rest any way thank you very much friends thanks for he co - operations

with thanks

jc

Sparsh007 · May 18, 2007

@ ron if u gotta some emergency or smthing tht u ent ur hidden files press windows key+f(for search)go to advanced option then check Search hidden files and folders also. this shd do it

fun2sh · May 18, 2007

jayanbhm said:
Dear friends thanks for your valualbe comments i all these are working tips even in the first tip itself cleared my problem (special thanks to thinkdigitreader) that registry file was excellent so i did n't try the rest any way thank you very much friends thanks for he co - operations

with thanks

jc

ME TOO HAVIN THIS PROBLEM PLZ HELP

Ron · May 19, 2007

@Sparsh007
thns buddy for ur reply.......but i know this trick already.............and i do hv a regisry tweak which shows all the hidden files...................but i want to know why the option of FOLDER OPTION is not working

Sparsh007 · May 19, 2007

go to the control panel and see if it is there or not.

Vishal Gupta · May 19, 2007

@Ron
its a virus symptom buddy. Pls post ur HijackThis logfile contents here.

Ron · May 20, 2007

Vishal Gupta said:
@Ron
its a virus symptom buddy. Pls post ur HijackThis logfile contents here.

hey vish.....
form where can i get the Hijack LOGfile contents..........
thnks in advance

Sparsh007 · May 20, 2007

download from here
*www.spywareinfo.com/~merijn/programs.php
and then run it

Ron · May 21, 2007

@Sparsh007thnks buddy for the link.......
------------
Here it the file buddy........

Code:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:35:53 AM, on 5/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Internet Explorer\iexp1ore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\New Folder\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = *search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *login.live.com/login.srf?id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = *login.live.com/login.srf?id=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = *red.clientapps.yahoo.com/customize/ycomp/defaults/su/**www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Ronak Agrawal
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Vistadrv] C:\Modification\VISTA DRIVE STATUS\vsdrv.exe
O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Styler.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro    Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=*login.live.com/login.srf?id=2
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - *toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D29E72-8348-4900-A5D8-288D1B9B7011}: NameServer = 202.79.32.98 202.79.32.97
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: IE Browseui preloader - {240E2B94-741E-4513-B66A-60EC26A9EF26} - C:\WINDOWS\system32\ieframe.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

--
End of file - 7743 bytes

thnks for the reply buddy...............

Sparsh007 · May 21, 2007

Now this is vishals work

Ron · May 21, 2007

Hey buddy….

Luckily or Unluckily …………….. When I was trying to get rid of the OPENWITH Companion which Starts …when i Double-Click in a drive………… I accidentally got the way to view the hidden files and folders………………. from folder option…………….

When I Run the given command to remove the companion and so to open the drives normally………………….I noticed it…………….

regsvr32 /i shell32.dll
(A tip from David Candy.)

Henceforth……..Guys I would be glad if u could be explain me the function of this command………………………& how to read and understand the Hijack LOGfile content

And hey please help me to solve the following issue………………………
*www.thinkdigit.com/forum/showthread.php?t=6060

Thnks In Advance…………
Yours Sincerely
Ronak Agrawal

Sparsh007 · May 21, 2007

this shd help u out
*www.pcworld.in/hereshow/index.jsp/artId=3637248

Vishal Gupta · May 21, 2007

@Ron
pls fix following entries:

Code:

C:\Program Files\Internet Explorer\iexp1ore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = *search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *search.bearshare.com/sidebar.html?src=ssb
O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe

Mycomputer - tools - folder option??? no folder option

Broken In

Formerly Spashy

Broken In

In the zone

God of Mistakes...

Microsoft MVP

||uLtiMaTE WinNER||

Broken In

Formerly Spashy

Pawned!... Beyond GODLIKE

||uLtiMaTE WinNER||

Formerly Spashy

Microsoft MVP

||uLtiMaTE WinNER||

Formerly Spashy

||uLtiMaTE WinNER||

Formerly Spashy

||uLtiMaTE WinNER||

Formerly Spashy

Microsoft MVP