win32/dodaykil.b and Hidden System Files

Hi all,

I am a newbie here. I am not familiar yet with the forum and I need BIG help. I have some problems with my computer. I have Windows XP Home Edition ver 2002 service pack 2, and it is not connected to any other computer. Actually I have posted this earlier by replying to one of the topic. I did that because for some reason I could not "post a new thread." But then after I retried several times to post a new thread, it worked. And here I'm reposting my problems. So please ignore the one I posted earlier.

Here is my problem. One time my anti virus was expired. Then this virus invaded while my computer did not have any anti-virus. I got it from USB drive that I had used on another computer. In my USB drive that was infected, there is a file called autorun.inf, and there is file folder that you cannot delete, no matter how many times you try to do that. Then I download trial version of CA Anti-Virus. And without doing any preventing action, because I did not think I needed to, I did the scanning. Yes CA found quite many viruses called files with extension *.scr and "win32/dodaykil.b" and the action is to delete them.

But then most of the system files (in drive C: ) become hidden, only "Documents & Settings" that is left visible. And since I scanned some USB drives and some external hard drives too, their files also became hidden. I have tried many many times to "show the hidden files" using Folder Option from the Tools menu on Windows Explorer, but it never works. Those files are kept hidden.

Has anyone had similar problems? And does anyone know how to do with this virus "win32/dodaykil.b"? How can I get all my files visible?

Thank you.

 

Hi Juvo,
Please try this: USING MG TOOLS

Look for the instructions that go with your operating system. We can see better what's going on with your computer if you can do these scans for us and post the logs to us. Be sure to put HijackThis in C:\Program Files\HijackThis (if C is where your operating system is located) and rename the .exe file from hijackthis.exe to analyse.exe.

Then post the logs to us.

abri

 

Hi abri,

Thanks for your response. I did what you suggested. Drive C is now visible, but I don't know if this is temporary or permanent. Many of the file folders (like Program Files and Windows) are hidden (which I still dont understand why they became hidden) but visible. And All file folders in my external hard drives are now visible but their attribute are still hidden. Is it ok if I uncheck their attribute to become not hidden?

And here is the logs files that you requested.
Thank you so much.

Juvo

 

... And I found two file folders called "RECYCLER" and "System Volume Information" in almost every drive, including my external drives. I am not sure if I am familiar with these file folders. And their attributes are hidden but grey, means you cannot uncheck/change it. And the "System Volume Information" Folder is not accessible. I tried to delete this, but these folders cannot be deleted.

Any logical explanations?

Thanks.

Juvo

 

Hi Juvo,
Don't uninstall things without knowing what you're doing. The folders you're trying to uninstall are the foundation of your computer. They're inaccessible so people don't try deleting them or deleting things out of them.
A now a question for my information: When you uninstall programs, do you uninstall them via add/remove programs?

Please download and run the following:

After you've run ATF Cleaner, please try to rerun HijackThis which should have been installed with the other MG Tools. You should be able to find the executable file by doing a search of your C: drive for the name analyse.exe
Once you find that, double click on it and have it scan and produce a log. Then attach the log to your next post.

abri

 

Hi abri,

Thanks for the reply. I dont use Add/Remove Programs to delete them, just right click on the folders and select delete, but thank God it won't let me do that since those folders are not accesible.

anyway, I did rescan using analyse.exe and I got the log file already. But I cannot attach the file here. For some reason the feature for attaching files in my MG site is not active. There is no hot spot when I roll the pointer on there. I don't know why. well, I will attach it later. Maybe next time it will work fine.

Thanks.

Juvo

 

Hi Juvo,
The file attachment problems here are a problem of ours mainly. It's important to log on with the Remember Me button checked. Also, it helps to switch browsers sometimes. Sorry for the delay.

When you remove programs from your computer, it's really important to use add/remove programs whenever there is the possibility to do so. The reason for this is because many programs share files with each other, so if you simply delete the folder without installing the program properly, you are in danger of taking legitimate files off the system which may leave you unable to use other programs. The other reason is because by using add/remove programs, less remnants are left hanging around.

abri

 

Hi abri,

Thanks for the info. I think the attachment feature is working now I can upload the log file. And please find the attachment file.

Have a good one!

Juvo

 

Hi juvo!

1) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


2) Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

3) Double-click ATF-Cleaner.exe to run the program.

• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

4) After you have completed ALL of the above in the correct order, please attach the following logs.

• ShowNew Log (newfiles.txt)
• GetRunKey Log (runkeys.txt)
• HijackThis (hijackthis.log)

abri

 

Hi abri,

Here is the log files that I got after I did all the steps you mentioned. Anyway, while I am doing these repair to my computer, is it ok to change my anti-virus that I am using now (CA) to AVG?

Thanks.

Juvo

 

Hi Juvo,
Please go back to post #5 and rerun ATF according to the instructions. It's very important to remove the temporary files on your computer. You must check everything as requested. It did not remove anything at all.

As for uninstalling CA and installing AVG, yes. Check with the CA website to see if there are any automated removal tools for their software.

It's important to change while you're not connected to the internet, so first download the installation program for AVG without actually installing it. You can download it here at http://www.majorgeeks.com and look for the antivirus button on the lefthand side. Then scroll down to AVG. There are several AVG applications, a free one and a paying one. Choose which one you want.

After you have the installation program for AVG somewhere on your computer where you can find it later, then disconnect from the internet and do whatever removal procedures are required by CA. It may be that it can be installed via add/remove programs.

After you've uninstalled it, run a HijackThis scan and look through it for any remaining CA entries. If you find any, post the log to us so we can see how to stop them and remove them.

After CA is completely out of your computer, reboot and run the installation program for AVG. Allow it to connect to the internet and to update automatically.

abri