Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: My hard drive has been infected by Conduit

02 Oct 2013   #71
cottonball

Windows 7 Home Premium
 
 

NeverFindExt or NeverShowExt???

There are hidden files marked as Super Hidden Files that are not viewed by the normal routine.


Please download SystemLook from one of the links below:
Link 1
Link 2
(Only direct links available)

Save the file to the Desktop
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box into the open textfield:
Code:
:regfind 
NeverShowExt 
NeverFindExt
  • Click the Look button to start the scan.
  • When finished, a Notepad window opens with the results of the scan.
Please post the SystemLook.txt in your reply.


Thanks!


My System SpecsSystem Spec
.
02 Oct 2013   #72
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Thank you Cottonball. I learned something today and I like that.
Super Hidden Files
I didn't know I had any.
Thanks again.
My System SpecsSystem Spec
02 Oct 2013   #73
cottonball

Windows 7 Home Premium
 
 

@Layback Bear:

There is something to be learned every day you work here.
Don't you ever have some "What the heck is the OP talking about?" moments?
If you don't, you are lucky. I have those all the time. Some of them qualify under "Senior Moments"!

The hide or show files game is not my thing, although malware can do strange things and hide something where you least expect it. Normally, from what I understand, it is best to leave SuperHidden files just as they are.

Not sure if all files are displayed in Windows Explorer upon enabling 'Show hidden files' in Folder Options.
If a User insists on seeing them, or, if there is a valid need, to display SuperHidden files, you can do the following:

•Open the Registry editor(Start > Run > Regedit)
•Go to: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
•In the right pane, double-click on SuperHidden and set its value to: 1

When done, close the Registry and restart the PC.
My System SpecsSystem Spec
.

02 Oct 2013   #74
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

You might of taken me wrong.
I really didn't know what you just explained.
The thank you was meant whole heartily.

Quote:
Don't you ever have some "What the heck is the OP talking about?" moments
See them every day.

I really don't want to see my Super Hidden files. They are super hidden for a reason and until now I didn't even know their was such a thing. I do find many things on my computer that I don't know what they are. Sometimes I will Google them. 99.999% of the time I just leave them alone.

I will remember if I ever want to see them all I have to do is ask you how.
Once again Thanks!
My System SpecsSystem Spec
02 Oct 2013   #75
cottonball

Windows 7 Home Premium
 
 

There are other ways of viewing those SuperHidden files, I'm sure.

Quote:
I really don't want to see my Super Hidden files. They are super hidden for a reason...
Spot-on!!
My System SpecsSystem Spec
02 Oct 2013   #76
GerryR

Windows 7 Home Premium
 
 

For Cottonball

There are five instances of HideFileExt on the given Registry key. I ran it twice and both times came up with 5.

Checked Value is 0x00000001(1)

NeverShowExt does not appear in the Registry

Folder Options is 0.

I set SuperHidden to 1 and rebooted


GerryR
My System SpecsSystem Spec
03 Oct 2013   #77
GerryR

Windows 7 Home Premium
 
 
This is the result for Cottonball of using System_x64.exe

SystemLook 30.07.11 by jpshortstuff
Log created at 02:06 on 03/10/2013 by Gerald
Administrator - Elevation successful

========== regfind ==========

Searching for "NeverShowExt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.DataAccessPage.1]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Diagram.1]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Form.1]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.ShortCut.Function.1]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Macro.1]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Module.1]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Query.1]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Report.1]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.StoredProcedure.1]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Table.1]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.View.1]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Application.Reference]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECF03A32-103D-11d2-854D-006008059367}]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\fdse_file]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ffs0_file]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ffs1_file]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ffs2_file]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ffs3_file]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ffs4_file]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ffs5_file]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ffs6_file]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ffs7_file]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ffs8_file]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ffse_file]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\fse_file]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.URL]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.AssocFile.WEBSITE]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LibraryFolder]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Website]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchConnectorFolder]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchFolder]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SHCmdFile]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ECF03A32-103D-11d2-854D-006008059367}]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xnkfile]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}]
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ECF03A32-103D-11d2-854D-006008059367}]
"NeverShowExt"=""

Searching for "NeverFindExt"
No data found.

-= EOF =-

I then ran it twice more and both times got the following result.

SystemLook 30.07.11 by jpshortstuff
Log created at 02:32 on 03/10/2013 by Gerald
Administrator - Elevation successful

========== regfind ==========

Searching for "NeverShowExt "
No data found.

Searching for "NeverFindExt"
No data found.

-= EOF =-
My System SpecsSystem Spec
03 Oct 2013   #78
GerryR

Windows 7 Home Premium
 
 
To Cottonball re System_x64.exe

1) Can you tell me what the significance of this is?

2) Is there any point in keeping System_64.exe on my desktop any longer
My System SpecsSystem Spec
03 Oct 2013   #79
cottonball

Windows 7 Home Premium
 
 

Quote:
1) Can you tell me what the significance of this is?
It all deals with file extensions which have a NeverShowExt Registry value.

If you take one of the entries, at random, like:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}]
"NeverShowExt"=""

There's an entry in the Send To menu called "Compressed (zipped) Folder". It is obtained by right-clicking on a file,
If you take a look at the folder specifying the entries for the Send To menu, %APPDATA%\Microsoft\Windows\SendTo, you'll find that this item is: ZFSendToTarget.

The purpose of this shell extension is to allow for creating a compressed folder using Send To.

Some other entries point to file extensions for Supper Hidden Files.


Quote:
2) Is there any point in keeping System_64.exe on my desktop any longer
Have no clue what System_x64.exe is. However, if you mean SystemLook_x64.exe, you can remove it any time you wish.
My System SpecsSystem Spec
04 Oct 2013   #80
GerryR

Windows 7 Home Premium
 
 
SystemLook_x64

We must be in radically different time zones. I don't receive Seven Forums notices from you until about 2:30 AM my time. I am not at my best then. Yes, I meant SystemLook_x64. Does this mean that my computer is now clean of conduit? Unfortunately I am dealing with some people who insist that all pdf files be opened by Adobe Reader. As I really have to deal with them, I'm stuck. I consider that to be a program of dubious security. I had been using Sumatra for PDF files but have temporarily uninstalled it. Somehow their PDF files won't allow Sumatra or Foxit to open them. I consider FlashPlayer to be another hacker target. I've uninstalled Java and so far no adverse effects have followed.

Except for that, is my disaster officially over?

In any case, many thanks,

Gerry
My System SpecsSystem Spec
Reply

 My hard drive has been infected by Conduit




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Install on E: drive without removing infected files from other drives
I want to install Windows 7 on my E: drive without removing data and WinXP installation already present on the other two drives. Will the new Windows 7 installation get infected? Or is it possible to install antivirus and firewall as soon as Windows 7 is installed and thus prevent infection?
Installation & Setup
Conduit.com
I am trying to get rid of conduit.com search on Firefox. It does NOT show in IE 11. I have run Malwarebytes full scan and removed everything there. Does anyone have any idea of an easy way to remove the conduit.com search ??
System Security
hard drive failed, system image not found on hard drive
hi all, i hope someone can help me out, i am a newbie to all this so bare with me. my hard drive failed over a month ago but i managed to do a system image with win7 to my new 2tb internal hard drive. i cannot get the image recovery to work as i says "no image can be found on hard disk". i am at...
Backup and Restore
cant get rid of conduit and bing
Some how I got conduit and bing search when I select explorer. I have deleted Conduit using uninstall. Also have removed bing search engine from Manage search engines in google chrome. Also have selected Chrome as my default search engine. But when I select Explorer it still comes up with web site...
Performance & Maintenance
Trying to copy healthy dll from one drive over infected dll on another
Hi Everyone, I am having an issue with a "missing" dll file - the effects of this error (shown below) is that many programs are not behaving. http://www.systemcontrol.com.au/images/captures/DLL-File.PNG I removed the drive containing the error from my laptop and plugged it into an external...
System Security
would I need to worry about 2nd hard drive getting infected as well
I recently installed another 500GB hard drive in one of my dell desktops (i5 580) and have a question regarding viruses. I used to store my system images on an external hard drive however I prefer using an internal hard drive since it seems to create images faster and I also don't have to plug and...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:28.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App