Announcement

Collapse
No announcement yet.

Folders become 'Hidden' and an .EXE takes their place on C:

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Folders become 'Hidden' and an .EXE takes their place on C:

    Hey all,

    A weird problem this one..

    While looking at one of our contract customers systems, we noticed that 4 or 5 folders on the 'C' drive had become hidden and in their place were Executable files (.exe) that have the same name and have the folder icon.

    We have run a full scan with a Kaspersky trial, which brings up nothing, and are about to run a full scan with Ad-Aware as well..

    I've searched to no avail..

    This same error happens on their server (which only had an expired trial version of some AV on it for god knows how long) and a few PC's which all have Avast! on them (All up to date)..

    Any ideas would be muchly appreciated..

    EDIT: Also, thankfully they haven't actually clicked on the .EXE versions yet, but randomly a web page will pop up displaying a chinese website, of aigianming... Aigian Ming? Ai Gian Ming??

    Not gonna post it unless you want me to..

    Thanks,

    DJ
    Last edited by djohn86; 13th July 2009, 00:48. Reason: See EDIT
    Daniel John
    A+, HDA, MCP (x3), VCP

    "There are 10 types of people in this world. Those who understand binary and those who don't."


    ************************************************** **********************
    ** Remember to give credit where credit is due and leave reputation points where appropriate **
    ************************************************** **********************

  • #2
    Re: Folders become 'Hidden' and an .EXE takes their place on C:

    Sounds vaguely familiar. Scan with http://www.malwarebytes.org/mbam.php (safe mode of course).
    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Folders become 'Hidden' and an .EXE takes their place on C:

      Downloading it now, will post back with results...
      Daniel John
      A+, HDA, MCP (x3), VCP

      "There are 10 types of people in this world. Those who understand binary and those who don't."


      ************************************************** **********************
      ** Remember to give credit where credit is due and leave reputation points where appropriate **
      ************************************************** **********************

      Comment


      • #4
        Re: Folders become 'Hidden' and an .EXE takes their place on C:

        That's a virus, i normaly use Kaspersky, then Malawarebytes to finish it up.

        Kevin

        Comment


        • #5
          Re: Folders become 'Hidden' and an .EXE takes their place on C:

          Yeah, I figured it was, the guy that looks after that customer finally ran Ad-Aware last night, and yeah it was.. Malware and a Trojan or two and I think there was a worm as well....

          Kaspersky didn't pick it up though...

          DJ
          Daniel John
          A+, HDA, MCP (x3), VCP

          "There are 10 types of people in this world. Those who understand binary and those who don't."


          ************************************************** **********************
          ** Remember to give credit where credit is due and leave reputation points where appropriate **
          ************************************************** **********************

          Comment


          • #6
            Re: Folders become 'Hidden' and an .EXE takes their place on C:

            Do you know any name of the malware that was found on the computers?
            Was it something like "brontok" or "rontok"? or named "kesenjangansosial" or "rakyatkelaparan" (Indonesian names).

            Can you still run regedit.exe or open"File options" on the computers that were infected?

            These worms can break-out on the network by coping the install file to shared folders on the network, and will automatically installed on other computers using the Autorun feature.

            To block the Autorun feature on the clients you can use a computer startup script, see this thread:
            http://forums.petri.com/showthread.p...295#post151295


            \Rems

            This posting is provided "AS IS" with no warranties, and confers no rights.

            __________________

            ** Remember to give credit where credit's due **
            and leave Reputation Points for meaningful posts

            Comment

            Working...
            X