Is this a virus help?

[digit i am thinking]

Please help me,whenever i right click on my external HDD insted of open is shows somthing ????(o). what is this? is it becaue of virus.

[Choto Cheeta]

possible, try a run a scan with AVS like Kaspersky, u may try their online scanner too, http://www.kaspersky.com/virusscanner,

get a Anti Spyware like, Spybot, http://www.spybot.info

[digit i am thinking]

I scan my whole pc with AVG & avast but find nothing, no virus found.

[boosters]

try Kaspersky or Bitdefender Online Scan. Winlogon is not a virus or spyware, it is only just like a winxo login option. It seems like a adword or spyware comes on your computer better to scan with spyware doctor.

[47shailesh]

i dont't think it's a virus... Most probably u have used some other ver of XP CD for ur OS install(not english ver) that's y u r facing such problem..

[koolbluez]

Me too dont think it's a virus.. some corrupt file.. that's all. As shailesh said... corrupted installation using some other MS version might have caused it... replace the corrupt files if possible using some live cds... might work...

[Projjwal]

Yes man it's a virus . It generally comes from "Pendrive" or flash memory.to trace it open ur task manager. from "Process" tab search a process which name is "EXPLORER.EXE" (the name is in caps/capital )It's the virus. Right click then chose "end process tree".I think it will work for u. Stop it from msconfig startup menu.

I think it is not a Dengarous virus.It just add a newitem right click menu on the place open.

[47shailesh]

^^ never heard of storage specific(pendrive) virus lol lol

[Projjwal]

Quote:

Originally Posted by 47shailesh

^^ never heard of storage specific(pendrive) virus lol lol

No man it's not storage specific it's kind of virus which create a exe file & set it on startup.The exe always search for removable7 writable disk like ur pendrive,mp3 player,flash memory & flopy also.after finding it ,It create an autorun on that removable disk.The autorun's job is just to create the virus prototype on the specific location.

[digit i am thinking]

WHAT the hell is this?
I format my pc still not get eliminated.
Projjwal when i try to end the process called EXPLORER.EXE it try to shut down my pc.
Also when i clicked on ????? it doesnt open removeable media insted of that it opens my documents.Only autoplay works to open removeable disk.

[abhipal]

Quote:

Originally Posted by digit i am thinking

WHAT the hell is this?
I format my pc still not get eliminated.
Projjwal when i try to end the process called EXPLORER.EXE it try to shut down my pc.
Also when i clicked on ????? it doesnt open removeable media insted of that it opens my documents.Only autoplay works to open removeable disk.

This virus has infected all of your harddisks. So even if you format your PC and install new OS, it is still on your PC in some other HDD like say D:\.

Here is the solution :

1) if the data you have on your PC is of no importance i.e. you can get that data from other friends, then format your all HDD.

2) otherwise go to a friend who has two or more antivirus (but good one like Kaspersky,AVG,Norton. Don't go for Avast, Ashampoo like antivirus. Personal experiance) and scan your whole system. But before you go to your friend install the antivirus I have suggested one by one and scan your system with updated antivirus just to minimize the risk to infect your friend's PC.


I will suggest you to go for the first option as now a days you can get your data form internet within no time if you know where to look.
No matter which option you choose after format and new installation, very first thing you do would be install antivirus and update it. After that you can go for driver/software installation.
I will also suggest you if possible use two antivirus like
kaspersky internet security + AVG
PCCillin internet security + AVG.
You must install AVG after you install Kaspersky or the PCCillin.

[47shailesh]

^^worst suggestion i had ever seen..

Never install more than one AV on ur system coz this always cause resource bottleneck..never ever do this ur system will hang frequently.

What we can do here small investigation if u post HijackThis log...

[Kiran.dks]

Quote:

Originally Posted by digit i am thinking

Please help me,whenever i right click on my external HDD insted of open is shows somthing ????(o). what is this? is it becaue of virus.

Your system is infected with malware.
Name: Trojan.vb.atv
Risk:High

This Trojan is usually transmitted from pen-drives. It opens two exe process "wsctf.exe" and "EXPLORER.exe". On transmitting further it kills most of the system32 process and has a disastrous effect on the computer. Proceeding further it will also make some changes in the registry, making "My Documents" folder to open automatically at Windows log-in. It also adds a value "EXPLORER.EXE" in winlogon key value and makes EXPLORER.EXE to run at start-up.

This is a Trojan, hence most of the antivirus won't recognise it. However antisyware applications do recognise it. Please follow the instructions I gave given exactly.

Removal Instructions:

1. Download and install "AVG Antispyware Free Edition".

2. Disable "System Restore" in Windows. This is very important to see that the trojan doesn't come back.

3. Restart Windows in "Safe Mode"

4. Make sure all windows are closed. Now scan complete system using AVG Antispyware

5. Quarantine all the infections displayed after scanning.

6. Now restart Windows in normal mode.

If "My Documents" folder is opening automatically after log-on, do the following changes in the registry:

1. Start>Run
2. Type "regedit" and enter
3. Propogate to:

Code:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

4. In the right pane, right-click Userinit, and then click Modify.

5. In the String dialog box, you will find "EXPLORER.EXE". This is the entry left by Trojan. Type C:\WINDOWS\system32\userinit.exe under Value data, and then click OK. (I am assuming that you installed Windows in C drive. The drive letter may vary depending upon where you installed Windows)

6. Now propogate to:

Code:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

7. In the right pane, right-click PersistBrowsers, and then click Modify.

8. In the DWORD Value dialog box, type 0 under Value data, and then click OK.

9. Exit Registry editor

10. Log-off Windows and Log-in again, "My Documents" will not open automatically now.

Your problem must be solved if you follow all these exactly.

[sachin_kothari]

save the text as .bat.
run this file and follow the instruction.
unplug th external hdd/usb pen drive and plug it again.
virus gone.

Quote:

del /AH /F Autorun.inf
del /AH /F /S Recycled

[digit i am thinking]

I will try this.

[abhipal]

Quote:

Originally Posted by 47shailesh

^^worst suggestion i had ever seen..

Never install more than one AV on ur system coz this always cause resource bottleneck..never ever do this ur system will hang frequently.

What we can do here small investigation if u post HijackThis log...

I think you are a man who compromises his security for speed.
I suggested those two antivirus because I use them on my PC.
Never trust and relay on only on antivirus.
Slow speed because of two antivirus is better than slow speed because of virus along with data corruption.

[47shailesh]

^^ one more in series
look what M$ says.
http://www.law.umich.edu/currentstud...p-security.htm


http://www.avast.com/eng/faq-other-questions.html
http://www.firewallguide.com/anti-virus.htm

plz do not pm me on sily topics

[abhijangda]

Use anyother av friend.

[gaurav_indian]

Try formatting it.It happened with my pen drive too when it wasnt opening then i formatted it.And it worked.

[digit i am thinking]

well I scan my External HDD and got virus in system vol information
it's a trojan horse Generic2.FRK,worm generic.fx

The virus is deleted but still the problem remains the same.
it still gives something ?????(o) insted of open.
only autoplay can be used to open the HDD.
same as in pic that i have attached earlier.

[abhipal]

Quote:

Originally Posted by 47shailesh

^^ one more in series
look what M$ says.
http://www.law.umich.edu/currentstud...p-security.htm


http://www.avast.com/eng/faq-other-questions.html
http://www.firewallguide.com/anti-virus.htm

plz do not pm me on sily topics

I read the first and last url but don't tell me abou the antivirus website. They just want to promote their software.

Let us assume that two antivirus should not be used, but can you or they give me a satisfactory answer to that ?

I am using two antivirus since 1999 or 98, from the time when Norton and PCCillin could be installed simultaneously.

Don't just read the crap written by anyone and believe him without any proof.

Quote:

Originally Posted by gaurav_indian

Try formatting it.It happened with my pen drive too when it wasnt opening then i formatted it.And it worked.

It was possible with your pen drive as no other partition was infected.

Quote:

Originally Posted by digit i am thinking

well I scan my External HDD and got virus in system vol information
it's a trojan horse Generic2.FRK,worm generic.fx

The virus is deleted but still the problem remains the same.
it still gives something ?????(o) insted of open.
only autoplay can be used to open the HDD.
same as in pic that i have attached earlier.

I still think you must use my method. Is this a virus help?. Give it a shot man. It is going to work. I know because I have done this many times.

[47shailesh]

@digit i am thinking still i belive ur prob is due to corrupt XP CD or ur XP CD of diff lang made.. try installing with other(ur friend) XP disk.

And @abhipal the first link is not a product promoting link it's a well Known university link..

find "never use two" in link provided..

And where they say do not use they do not promote there product...

[digit i am thinking]

47shailesh
It is not a prob of corrupt or other lang CD.I have used it before and there was no prob at all.
The prob is that if i double click on my external Hdd it opens my documents.
the prob is limited to only external Hdd and not master Hdd,it works fine.

[Kiran.dks]

Did you do the registry changes I mentioned?

[digit i am thinking]

Kiran_tech_mania
I tried ur registry changes ,thing is that the my document doesn't open at winlogon but it opens when i double click on my external Hdd it opens.
also when i go
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced
I found all entries already right.
And In
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

I find Userinit entry already has value C:\WINDOWS\system32\userinit.exe and not Explorer.exe

So what to do?

[Kiran.dks]

Ok. The samething happened to my friends pendrive too. The worm was cleaned, but unusual ??? appears instead of "Open" in right-click context menu. At last formatting the pendrive solved the issue. I suggest you also to do the same. The worm is removed, but due to that there may be a possible corruption of the configuration files. Just format the HDD which is showing this problem.

[gopi_vbboy]

1. Download combofix.exe from one of the links below:

http://www.techsupportforum.com/sect...s/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

ComboFix will create a folder called QooBox in C: (C:\QooBox). It will contain any folders that were quarantined. When you are done you can delete this folder - QooBox.

[digit i am thinking]

well should i do this with external HDD connected to PC?

[gopi_vbboy]

do it on the harddrive affected with pc connected