Folders Creating More folders Virus

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by pkaur117, Feb 26, 2011.

  1. pkaur117

    pkaur117 Private E-2

    Hi,

    I have read the READ & RUN ME FIRST and done everything on there and have attached the logs.

    I have a folder and it has the same folder inside it and the same folder inside that and so on. I have googled it, and there is a newfolder.exe virus, however I don't have anything else going on right now, other than that problem. Every time I try to delete it by taking out a few folders, it creates more. Also, when I try to delete it all together, it says the path is too long. I am not sure what to do, I have tried many things before I came across this site.

    Before this happened, I had a different virus (or maybe the same, not sure) which was defender.exe and it wouldn't let me open anything. I ran in safe mode and downloaded malwarebytes and found 2 trojans, and got rid of them. The next day (yesterday) is when this happened. I unzipped a file that a colleague of mine sent me and that is the same file that created multiple folders.

    I hope you can help!
     

    Attached Files:

    pkaur117, Feb 26, 2011
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.
     
    Kestrel13!, Feb 27, 2011
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What folder are you referring to? Please give Kes the full path.
     
    TimW, Feb 27, 2011
    #3
  4. pkaur117

    pkaur117 Private E-2

    It's C:\Users\Parmjeet TCG\Desktop\comparatorTest.

    This was a zipped file that I extracted.
     
    pkaur117, Feb 27, 2011
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It is showing in your newfiles log as a 0 byte file. Do this:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Please Disable Spybot's TeaTimer --> Should have been done as per the R&R instructions!

    * Run Spybot and click Mode
    * Select Advanced Mode.
    * Then click Tools and select Resident.
    * Now in the right window pane, uncheck TeaTimer.
    * Also while this is open, in the left column now select IE Tweaks
    * and then in the right pane make sure all the Miscellaneous locks are unchecked.
    * Now quit Spybot!

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

File::
C:\Users\Parmjeet TCG\Desktop\comparatorTest

Folder::
C:\Users\Parmjeet TCG\Desktop\comparatorTest
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    [​IMG]
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Note: If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Feb 27, 2011
    #5
  6. pkaur117

    pkaur117 Private E-2

    It is stuck on Deleting that folder, it says

    "Deleting Folders:

    C:\Users\Parmjeet TCG\Desktop\comparatorTest"


    (I am using my other computer to reply)

    Should I close it?
     
    pkaur117, Feb 27, 2011
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes, if it has stalled.

    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.

    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.
    Code:
    
:files
C:\Users\Parmjeet TCG\Desktop\comparatorTest

:Commands
[emptytemp]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.

    Uninstall the below:

    Reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    Kestrel13!, Feb 27, 2011
    #7
  8. pkaur117

    pkaur117 Private E-2

    Okay, I will try that, however before I do, I wanted to ask: Is it necessary to delete the different versions of Java? I need them for work purposes.
     
    pkaur117, Feb 27, 2011
    #8
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Ensure you are using the latest version, and uninstall any older versions.

    This Java(TM) 6 Update 16 is out of date for instance.
     
    Kestrel13!, Feb 27, 2011
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds