Snake.exe.vbs

Status
Not open for further replies.

photon

Broken In
1. I have struck with a virus. I think it is snake.exe.vbs
It copies all the file and folder with an extension .exe makes it read only and shows as a application. It make the original folder(without extension) hidden, whose hidden option is internally disabled. It makes all the original and the copied folders read only. I cannot install or modify anything. I can not access C:\windows .It makes the folder option disappeared from control panel. Whenever I place the mouse over any file the information window shows as:

File version: 1.0.0.1
Date Created 04/05/2008 8:06 PM
Size: 180 KB

By clicking properties also it shows size as 180 KB, in properties version it shows created by Mrs. Challenger.

To enable folder option I have done the following:
HKEY_CURRENT_USER\Software\Microsoft\Windows\curre ntVersion\Policies\Explorer
NoFolderOptions DWORD value to ‘0’.

After restarting the folder option is coming up but it is holding for few seconds. Value becomes ‘1’ .


Then I have tried the following as suggested

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced
In right-side pane, change value of "Hidden" to 1 - To show hidden files.

After restarting the folder option is coming up but it is also not holding.

I scanned with ESET NOD32 Smart Security 3.0.650.0 Database sign. 2945(20080313). But no result.
I tried to repair XP but sorry..

What to do?
 

joey_182

Jack Sparrow
just use avira free edition do full system scan in safe mode and after that use 'trojan remover trial version' to clear any doubt for infected files if u feel any after using avira..and before using avira u need to uninstall nod 32 otherwise ur pc ll be very very slow...
and to install trojan u dont need to uninstall avira..they dont conflict...
nod32 shd detect but i guess virus has corrupted the database of nod32 antivirus...
ok..try and then reply.
 

blueshift

Wise Old Crow
@photon, before you make any changes to Registry, check if their are any suspicious processes in Task Manager. Else end the explorer.exe process and then proceed with the changes.

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced
In right-side pane, change value of "Hidden" to 1 - To show hidden files.
You must also check the 'SuperHidden' s value.

Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, check for the Userinit and Shell values.

Check the startup entries in MsConfig.
 
OP
photon

photon

Broken In
I Have tried all. Avira is a waste. AVG 8.0 done the trick.
But... It deleted all the files with .exe extension. But all the oroginal files are still hidden. They are not avialable in Folder Option> View > Show hidden file and folders.
It is avialable Only in Folder Option> View >Un Hide protected operating system files.
Whenever i Explore file properties the hidden check box is internally disabeled.
How I can restore normal file properties??
 
I Have tried all. Avira is a waste. AVG 8.0 done the trick.

Use a trial version of Trend micro Pro - you are infected with WORM_SPYBOT.B - more info at on how to remove the virus both manually and by auto tool - check at *www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SPYBOT.B&VSect=Sn
 

dagabharat

Right off the assembly line
Hi,

Even my laptop got struck by viron snake.exe.vbs.I was able to remove virus successfully using AVG 8.0.

I am unable to access my primary drives like C:/ etc. I did changed the registry setting like Nofolderoption, NoViewDrive under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer using administrator account in safe mode.

Now, whenever I logoff and log back using normal mode, the changes which I made to the Nofolderoption, NoViewDrive gets overwritten.

Please help...

Thanks...
 
Status
Not open for further replies.
Top Bottom