can't view hidden files

hey,
my pc is infected by trojan horse PSW. When i start READ & RUN ME FIRST i found out that i can't view the hidden files. when i enable the Show Hidden Files and Folders section and click OK. It will back to Do not Show Hidden Files and Folders section. BTW, please tell me how to remove the trojan horse. thanks

 

Hi netmillenium2001!
Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST Be sure to note those which apply to your operating system. When you've finished, attach the request logs with your next post and we will see what is left to fix.

abri

 

hey,
i've attached all the log files.
the problem i'm facing is once i start the window, 1 program keep running. the program name is k11981645844.exe. i've been format the pc but this problem still can't be solved. i've also attach the details of that program. and i still can't view all the hidden files as i stated earlier. while running the mg tools i get an error message and i also attached it.all the files i've been zip in problem.zip
please advise, thx

 

Hey netmillenium!
You forget to attach your logs?
abri

 

hey,
sorry. all the logs i've been zip inside problem.zip

 

Hi netmillennium2001!

The following instructions are long, but not difficult. Please read each part carefully before you do it and if you have questions, just ask.

First some information: There are some things about your computer which do not look good. You have a very small Uninstalls list where I do not see ANY Windows updates, no java, no uninstalls programs for anything except what you've just installed for us. Where did all your uninstalls go?

Your computer is very infected. Please do not do ANYTHING with your computer EXCEPT what we ask you to do here. As fast as you cleaned it, it got infected again. Do NOT use it for other things like downloading, games, mails or messaging. Do NOT use it for anything except our instructions until it is clean.

I would like for you to do the following steps without rebooting. This will take some hours, so please be patient. I will tell you when to reboot farther along.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Begin here:

1) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

2) Install the current version of Sun Java from: Sun Java Runtime Environment

3) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [SSLDyn] C:\WINDOWS\SSLDyn.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\ymxizs.exe
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
23 - Service: 1E632A4D - Unknown owner - C:\WINDOWS\system32\5EFC1127.EXE

Don't forget to close all browser windows before clicking on fix. After you click fix, just close hijackthis.

4) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

5) Now run CCleaner as you did in the READ & RUN ME instructions. Double click on the CCleaner icon on the desktop. Where it opens, you will see a button in the lower right-hand corner "Run Cleaner". Click on that. A warning will tell you CCleaner is about to delete files permanently from your computer. Click on okay. Allow it to run until it finishes. When it finishes, just close it with the X in the top right-hand corner.

6) After you have finished ALL of the above, I would like for you to run two online scans: BitDefender and Panda.

You will need to use Internet Explorer to run these online scans.
​

*** MAKE SURE YOU RUN BITDEFENDER BEFORE PANDA ACTIVE SCAN ***
*** But if Bitdefender cannot be run then run PandaActiveScan anyway ***

****NOTE**** DO NOT INSTALL Bitdefender's Antivirus program. Make sure you follow the directions below and run the ONLINE SCANNER only.


Bitdefender , agree to the license, and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan:

Click-on the Detected Problems tab. Then select Click here to export the scan report

When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these steps, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an ATTACHMENT. (You will not need to zip it) You MUST attach the Bitdefender log even it it indicates no problems. We want to see it anyway!!!!

AFTER you do the above, continue with the following online scan:

• Panda ActiveScan It will only fix certain viruses and trojans. Most items found will not be fixed. When it finishes the scan click on See Report . Then in the next window click Save Report. The default report name is Activescan.txt. Just save it where you can find it so you can attach to your message when you begin a thread with a request for help. If you have any problems trying to get a PandaActiveScan log, see the following link with more detail and follow it step by step: Using PandaActiveScan

7) Once you have finished the above instructions, please REBOOT your computer

8) Now run C:\MGtools\GetLogs.bat

9) When you finish, you will have the following logs to upload to us. Please use two posts, since you can only upload 3 at a time.

- Avenger
- BitDefender (bdscan.txt)
- Panda (activescan)
- MGlogs.zip

You do not have to post anything zipped except the last one.

Please tell me how your computer is doing?

abri

 

hey,
thanks a lot. i'll follow ur instructions. as u said it will take hours to fix it, so i need 1 free day to do it. update with u soon. the uninstall lists gone bcoz i juz format my pc to fix this virus, but fail to fix it.

 

hey,
juz to let u know tat i have format my pc bcoz i can't enter the windows. i've redo the READ & RUN ME FIRST. i've attached the logs.

in the MGtools\analyse.exe & The Avenger, i can't find the files tat u mention. is this mean my pc is not infected by trojan aedy??i oso attach the bitdefender and panda active scan.while doing the scan i face a problem which is generic host process for win32 services problem and this stopping my internet connection error. the windows showing the connection is there but when i open the browser my pc is not connected to internet. is this the driver problem??this problem causing me to reboot the pc to do rescan bcoz when i wanna to see the report my pc is not connected to internet, so when i do the second scan after i get the total detected problem in the 1st scan, i stop the scan and click the save report in order to save the report.

plz help

 

this is the logs for ur instructions

 

this is the problem tat i mention

 

Hi netmillenium!

Your fresh install of windows got rid of most of your infections. BitDefender still picked up one trojan. I will give you a removal tool for that.

1) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


2) Run Trojan.Win32.Agent.akk Removal Procedure
which removes IE Defender, AntiSpyPro and the associated Trojan.Downloader.Delf infection.

1. Download FixIEDef.zip by ShadowPuterDude to the Desktop.
   • NOTE: It must be saved to your Desktop or it may not work properly
2. Double-click FixIEDef.zip, this will create a folder named FixIEDef on your Desktop.
3. Double-click of the FixIEDef folder.
4. Locate FixIEDef.bat and double-click on it.
5. FixIEDef will now run.
6. Press any key to close the CMD Console when the script is finished.

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.


Make sure you tell me how things are working now!

abri

 

hey,
thanks for ur help....now my pc become ok aedy.

 

Hi netmillenium,

It's a good sign that your computer is running better. If you're not having any further signs of malware I would like for you to do the following which will include setting a new clean restore point. Do not skip this step. After you do the below instructions including setting a new restore point, please be sure to download all your Windows Update. Your computer will be very vulnerable without them. You need the most recent service pack as that will contain a lot of the previous updates. By having a new restore point which you know is clean, you can download the updates and still have a known point to fall back on if you run into any difficulties with any of the updates. And now the final cleanup instructions:

abri

 

hey,
i completed all the instructions and my pc now is in good condition. but i still facing the problem which i said b4. this happen when i online for awhile, an error msg will suddenly prompt out and then my pc is not connected to internet. i've attached the picture file. please help

 

Hi netmillenium,

I'm not sure about the following, but this error may be because you're missing your Windows Updates. Go to Start/Run and type in services.msc

In the window that opens up, scroll down and see if either of these services is in the list: (Be sure they are worded exactly this way.)

"Windows Genuine Advantage Registration Service"
"Windows Genuine Advantage Validation Monitor"

If you find either one, right-click on it and click on properties in the list that opens up and click on stop service. Then set the start-up type to disabled.

The error you are receiving can result from a vulnerability in Windows as described at http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx. It's unlikely it will resolve the issue to download the update if you are already infected.

For this particular issue, Microsoft recommends that you use their free Windows Live Care scan at http://onecare.live.com/site/en-us/default.htm?s_cid=msep if you think you are infected.

You need to install your Windows Updates as soon as possible, but try to resolve this one last issue first, so that you can install on a clean computer.

Tell me if this information helps (or if it doesn't help also).

abri

 

hey,
the instructions you gave doesn't help. when i run services.msc i cant find Windows Genuine Advantage Registration Service and Windows Genuine Advantage Validation Monitor. besides, i oso cant complete the scan on windows live care scan because of tat problem. i've attached another jpg file to show the details of tat error.

 

Hi Netmillenium!

I looked into your exact error message in more detail and came up with several people all having the same problem. See the following article and note, that what finally seemed to work (towards the end of the thread) was this:

Here's the thread where that came from: http://www.bleepingcomputer.com/forums/lofiversion/index.php/t61962.html

I hope this helps you. If not, please start a thread in the Software Forum so you can get more input on it from other people.

abri

 

hey,
i guess it help me. coz so far i does not have tat problem after installing the MS06-040. thx a lot

 

You're welcome!
Wish you much enjoyment & success with your computer.
abri