Just a day back i inserted a pen drive the next second mozila closed and gave me error saying "I dont hate mozilla use IE instead" but i ended the process which was using tat"svchost.exe"...From tat day onwards am not able to view the hidden files and system protected files..If i click on show hidden files and press ok it resets back to its original hide hidden files..?..
Not able to view the hidden files and system helps-reg?
- Status
joey_182
Jack Sparrow
ya its trojan..
use ur anti virus to remove it... u can fix ur registry after removing virus by following VG's thread....
this is must read thread...>>>*thinkdigit.com/forum/showthread.php?t=61413
Note : always update ur anti virus and never forget to scan pendrive before using it(highly recommended)
use ur anti virus to remove it... u can fix ur registry after removing virus by following VG's thread....
this is must read thread...>>>*thinkdigit.com/forum/showthread.php?t=61413
Note : always update ur anti virus and never forget to scan pendrive before using it(highly recommended)
Yea thanks a lot got it back....But you told me a virus?...is it still residing in my comp?...I use avast it hasnt detected till now... And can you also tell me one thing...At startup everytime i recieve a message saying "rundll.exe was not found make sure you typed the path correctly"...I checked in msconfig der is no such startup item also...How do i remove tat error message and is tat file necessary??
joey_182
Jack Sparrow
well..virus may be still there..if avast is not detecting even after updatng then u can use avira for free..simply the best..
and for rundll.exe error..some hidden process is running at start up(may be virus or some corrupt windows registry)..just scan with hijackthis and paste ur log in hijackthis.de.....then check the report....and for all cross mark enteries in report just note down its number....then check these enteries in hijackthis and fix them all....
if still u getting problem...then do full system scan with KIS or AVIRA...and remove virus..
ATTACHMENT: hijackthis software
and for rundll.exe error..some hidden process is running at start up(may be virus or some corrupt windows registry)..just scan with hijackthis and paste ur log in hijackthis.de.....then check the report....and for all cross mark enteries in report just note down its number....then check these enteries in hijackthis and fix them all....
if still u getting problem...then do full system scan with KIS or AVIRA...and remove virus..
ATTACHMENT: hijackthis software
Logfile of HijackThis v1.99.1
Scan saved at 7:00:28 PM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.windowsue.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = *www.windowsue.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = *go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *www.windowsue.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Windows uE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [User Themes] C:\WINDOWS\system32\rundll.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=*www.windowsue.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
This is the log file i got...What to do now??
blueshift
Wise Old Crow
^ From your log file, it seems your Registry Editor is disabled.
See if this works.
If you can access Commmand Window, then execute this:
Open notepad and copy paste the following:
Save this file as somename.reg (i.e. with extension REG). Then double click to add the keys.
Check if it works.
See if this works.
If you can access Commmand Window, then execute this:
or download this free mini tool: Remove Restrictions Tool
Open notepad and copy paste the following:
Save this file as somename.reg (i.e. with extension REG). Then double click to add the keys.
Check if it works.
Open regedit and goto:
Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\HiddenUnder this key, you’ll see 2 more keys “NOHIDDEN” and “SHOWALL“. Make sure that the values of “CheckedValue” and “DefaultValue” in right-side pane are “2” and “2” for “NOHIDDEN” and “1” and “2” for “SHOWALL” respectively. If its not so, then change them and you’ll be able to enable/disable these options in “Folder Options”.
You can also alter Hide/unhide settings using registry as following:
Code:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedIn right-side pane, change value of "Hidden" to:
1 - To show hidden files
2 - To not show hidden files
Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\HiddenUnder this key, you’ll see 2 more keys “NOHIDDEN” and “SHOWALL“. Make sure that the values of “CheckedValue” and “DefaultValue” in right-side pane are “2” and “2” for “NOHIDDEN” and “1” and “2” for “SHOWALL” respectively. If its not so, then change them and you’ll be able to enable/disable these options in “Folder Options”.
You can also alter Hide/unhide settings using registry as following:
Code:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedIn right-side pane, change value of "Hidden" to:
1 - To show hidden files
2 - To not show hidden files
Ya am using tat RRT tool to re-enable everytime coz it switches back to disabled everytime the com starts again...!..May be stil virus residing the avast dint detect any stil..!..I just want to know wat is the rundll.exe error everytime i get during startup tat it is missing??...I changed those key to 1 and 2 perfectly now the hidden files r working properly...only i want to know about the rundll error ..thx
joey_182
Jack Sparrow
ok yes ur log shows that regeditor is disabled..u have solutions for that..in above posts..
and it also show that rundll.exe file is connected with some process of ur theme..
and this file is missing...
there is a easy way to restore the rundll.exe file
go to start RUN box>>type sfc /scannow
it may ask u for windows cd..
after restoring if it again gives u same popup of missing file then there's some malware or trojan which is corrupting rundll.exe...tell me if first one worked for u..
NOTE: rundll.exe runs in background..u may or may not be able to see in taskmanager process
and it also show that rundll.exe file is connected with some process of ur theme..
and this file is missing...
there is a easy way to restore the rundll.exe file
go to start RUN box>>type sfc /scannow
it may ask u for windows cd..
after restoring if it again gives u same popup of missing file then there's some malware or trojan which is corrupting rundll.exe...tell me if first one worked for u..
NOTE: rundll.exe runs in background..u may or may not be able to see in taskmanager process
Am not able to delete the bonjour folder it says "Access is denied"...So i tried to log in safe mode and delete...It dint enter into the safe mode also...After loading safe mode i get a mouse pointer everything else blank before the user logon in safe mode..I know the safe mode was working before a 2 week ago..Something screwed really need help..grr
And also i tried brontok variant tool to remove wat you told ...I used Micrworld antivirus and antispyware removal kit it detected lots of adwares/spwares but was not able to remove since i need to buy...IS der any other brontok variant tool ?..i searched in google dint get anything proper...Is brontok removal tool and adware/spyware remover are same or something different coz if it is adware/spyware remover i wil use some other tool...Any suggestions plz??
And also i tried brontok variant tool to remove wat you told ...I used Micrworld antivirus and antispyware removal kit it detected lots of adwares/spwares but was not able to remove since i need to buy...IS der any other brontok variant tool ?..i searched in google dint get anything proper...Is brontok removal tool and adware/spyware remover are same or something different coz if it is adware/spyware remover i wil use some other tool...Any suggestions plz??
joey_182
Jack Sparrow
ok.this tool shd help u..SDfix...
If the Command Prompt window flashes on then off again on XP then follow these steps..
Click on the Start menu, then Run, and then copy and paste the following line into the Run field:
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
Then click OK, then type Y and press Enter when prompted, Reboot and start SDFix again
DOWNLOAD
SDFix
NOTE: you must be logged in as an Administrator and in safe mode in order for SDFix to work properly.
If the Command Prompt window flashes on then off again on XP then follow these steps..
Click on the Start menu, then Run, and then copy and paste the following line into the Run field:
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
Then click OK, then type Y and press Enter when prompted, Reboot and start SDFix again
DOWNLOAD
SDFix
NOTE: you must be logged in as an Administrator and in safe mode in order for SDFix to work properly.
MetalheadGautham
AFK
which operating system do you run ?
the virus looks clearly like a dedicated Microsoft virus
anyway, if you are using Microsoft's older OS, Windows XP, then do the following steps:
1. Turn PC on
2. Bash F8 key continuously the moment Windows XP is about to load
3. Select Boot Windows in Safemode With networking
4. Log in as "Asministrator". Its a default account.
5. update AVs, do a full system scan
6. check your registry for any errors
7. see if the problem can now be fixed by selecting show hidden files in Folder Options menu
8. There is a 90% chance that the problem will be solved.
PS: I remember a reverse virus, which did the following:
1. Disabled loading part of IE into memory on startup
2. Said similar message on opening IE
3. A variation also speeded up firefox startup time by adding a FF quicklauncher to startup
I remember it was a set of two programs, the first doing #1 and #2, being a virus, and the second was the FF Quicklauncher.
- Status