Jpeg virus?

Ok, this is a bit of a weird one. I hadn't even noticed I had a virus but a friend of mine (a professional photographer) tells me I do. Apparently the reason he knows this is because the shape of my folders is weird. Instead of being straight they kind of look like they are half open. Some other things that apparently indicate this virus are that when I download photos from my memory card they save onto the computer out of order. This is really just annoying but my friend tells me it gets worse. Sorry, this is all I know at this stage. Virus scans don't come up with anything.

 

Hi superfallingdowngirl,
Welcome to the Malware Forum!

Please follow the instructions in the READ & RUN ME FIRST and attach the requested logs with your next post. Be sure your computer is in normal startup mode. This is described in the procedures. Also, please give us a little bit more information. What are you downloading the pictures from? When did the problems start?

abri

 

Ok, done the read and run and logs are attached.
Now as far as when I noticed the problems, I hadn't noticed that I had a problem until my friend told me. As far as I know, the problem with downloading photos has always been there but my friend tells me that the virus is carried in the folder. When I last reinstalled my OS I also put all the photos I had back on the hard drive so apparently I reinfected my computer then. And I'm downloading from an SD card.

BTW you know any good reason why Combo fix replaced Mozilla with Internet Explorer?

 

Hi superfallingdowngirl,

Our scans don't pick up what you are describing. That doesn't mean it's not there. You may wish to run some of the alternate scans and see if one of those might pick it up. I recommend after you finish the below instructions, that you go to the Alternate Scans and run the BitDefender online scan. This scan has to be run with Internet Explorer and Active X has to be enabled. There are a set of instructions to help you create a log that we can use when you're finished. Also, you should have it fix anything it finds. It's a lengthy scan, so expect for it to run at least an hour or so.

Why Combofix (or MGTools) places an Internet Explorer on the desktop, I'm not sure, but I had not before heard of it replacing Firefox. I'll ask about that.

And now, before you run BitDefender, please do the following:

1) Please disable your guest account if this has not already been done.

2) Do you know what the following files are?

C:\"
aoedoppl.txt 2008-03-06 5891 "aoedoppl.txt"
aoewvlog.txt 2008-03-06 1119 "aoeWVlog.txt

3) Also, are the following files you recognize?

"C:\Documents and Settings\Penelope.PENNY\My Documents\
”qŒ[.doc 2008-02-13 19456 "”qŒ[.doc"
”qŒ[1b~1.doc 2008-02-15 26624 "”qŒ[1 back.doc"
”qŒ[1.doc 2008-02-16 26624 "”qŒ[1.doc"

4) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

5) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

After you click fix, just close hijackthis.


6) Please run CCleaner at the default setting with the Windows tab as the one on top.

abri

 

Ok, thanks. I've done everything up to running BitDefender but it won't let me download. My OS is Windows XP (sorry I didn't mention that before).
Also I don't know what the following files are;
C:\"
aoedoppl.txt 2008-03-06 5891 "aoedoppl.txt"
aoewvlog.txt 2008-03-06 1119 "aoeWVlog.txt


"C:\Documents and Settings\Penelope.PENNY\My Documents\
”qŒ[.doc 2008-02-13 19456 "”qŒ[.doc"
”qŒ[1b~1.doc 2008-02-15 26624 "”qŒ[1 back.doc"
”qŒ[1.doc 2008-02-16 26624 "”qŒ[1.doc"

 

Hi superfallingdowngirl,

Please attach the two .txt files and the odd documents to your next two posts (or zip them and you can attach them all at once in once post). After that, you can just delete them.

What is it that BitDefender is not downloading? The virus definitions? There are two BitDefenders listed. One of them is the online scan and the other is a resident antivirus which requires downloading and installing. I want you to do the online scan. It simply scans through your browser. You have to use Internet Explorer and you have to have Active X enabled. After you click on I agree, then you click on start scan and it begins by updating the virus definitions. Have you done everything I mentioned correctly?

If all of the above is correct and BitDefender still won't run, please see if you can run Panda or Kaspersky online scans.

Thanks.
abri

 

Oops! It was just the pop-up blocker. Ok, I'm running Bit Defender but in the meantime, here are those files.
And I think I figured out what the other documents are. The "qŒ" should read as Japanese text.

 

Well BitDefender didn't come up with anything. I'm starting to wonder if it's just made up.

 

Hi superfallingdowngirl,

In the two files you posted, they seemed like they might be related to something from a game company, maybe Age of Empires? I don't think they are anything to worry about. You might just open them and look at the contents to see if it gives you more information as to what they are. If you don't recognize them, you can just delete them.

I need to ask if anyone has encountered what you are talking about regarding your jpg files. It's not made up if you are having symptoms, but I'm not sure what the cause of it might be. It would be a good idea to post in the software forum and ask there as well.

abri

 

Ok the only real symptom is that photos download out of order from the memory card. Could that possibly be something wrong with the settings? I will post in the software forum too.
Also is there any way of finding out what the folders are supposed to look like? I'm really only going on my friend's word that there's actually something wrong. One other thing he said is that the virus is carried on the folder itself. So if you copy the contents of the folders, the virus doesn't carry, but if you copy the folder, the virus is copied too.

 

When you first mentioned this, I thought of the shuffle setting or random setting for playing music files. It might be that there is another order to the photos which is not chronological. What causes something to be ordered alphabetically or by date or by the file number is laid down somewhere, but I don't know where, but I think somebody here must know.

Can you test this by copying the contents of a folder from your SD card to a clean directory? Do they have the same order if you do this? Have you tried a different SD card? Do you get the same problems?

I would be interested to read what feedback you will get from the people in the Software Forum as they have a lot of different kinds of experience to draw on rather than just malware.

abri