Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Hidden program files folder

18 Jul 2009   #21
darkassain

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
 
 

mikaka next time can put code tags so the post does not run too long....
also (and if get dont get this correctly please correct me)
you ran Spybot S&D/Nod32 and it found something...
(do you know what you deleted [some sort of log would help from spybot and nod])
you deleted it
and then you went working into MSconfig tool looking for some more malware...

from the screen shot it (and following dinesh's advice)check these two
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
and these
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

and from this info (and your msconfig screenshot)
it might seem you already deleted the file (although the only way you can be sure is if
boot a live cd (its more harder to infect a read only media to read/write media...) mount that disk and from there look if the file/s are there...

you can also use WinRE (pressing F8 and clicking on repair your computer) you can pick up a cmd prompt and you can check (throught the use of cd and dir commands) if the file is there and then delete it (using the del command)...
although do not try this is if you are not proficient with a DOS prompt style interface..


My System SpecsSystem Spec
.
18 Jul 2009   #22
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Would you please upload (individually) and scan each of these files to jotti
Jotti's malware scan
C:\Windows\System32\drivers\SRK.sys
C:\Windows\ɢU
C:\Windows\”˙o
C:\Windows\System32\%APPDATA%
C:\Windows\System32\APOMngr.DLL

Post the result logs {copy and paste} the link from the address bar ---> http://
My System SpecsSystem Spec
19 Jul 2009   #23
Dinesh

Windows« 8 Pro (64-bit)
 
 

I guess he will need to do a clean install.
My System SpecsSystem Spec
.

19 Jul 2009   #24
Mikaka

Windows 7 build 7600 64 bit
 
 

@darkassain

I think the log from Nod32 is gone, I cannot find it (unless there is a way to retrieve it, after Nod has been reinstalled).
But here is what Spybot found:
Imageshack - przechwytywanie

The registry entries look clean to me, both RunOnce's are empty.
Run in CURRENT_USER contains Google Update (I have Chrome browser), and Sidebar.
Run in LOCAL_MACHINE contains Ad Muncher (ad blocker, installed by me), Ad-watch (Ad Aware also installed by me), and Egui (GUI process for ESET Nod32).

I'm gonna boot with 7 DVD, and check if the two files of the _scott things are still there.

@Jacee
SRK.sys
ɢU
”˙o
index.dat (The only file inside %AppData%/Microsoft/Windows/IETldCache
APOMngr.DLL

@dinesh
I hope not
My System SpecsSystem Spec
19 Jul 2009   #25
Dinesh

Windows« 8 Pro (64-bit)
 
 

Did you try the Boot scan with avast?
My System SpecsSystem Spec
19 Jul 2009   #26
Mikaka

Windows 7 build 7600 64 bit
 
 

Quote   Quote: Originally Posted by dinesh View Post
Did you try the Boot scan with avast?
Yes, it came clean.
So when it came clean, and then another scan with Nod32 also came clean, there's nothing strange in Run/Runonce, and I resolved the invisible Program Files, do you think I don't have to worry about this virus anymore??
I'll do a full scans in Spybot and AdAware just in case.
My System SpecsSystem Spec
19 Jul 2009   #27
darkassain

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
 
 

looks like a rootkit...
run the disenfector
Sophos - Troj/RKProc-Fam and Troj/Stinx disinfection instructions
just in case run this to see if you have any traces of this trojan...;
My System SpecsSystem Spec
19 Jul 2009   #28
Dinesh

Windows« 8 Pro (64-bit)
 
 

Quote   Quote: Originally Posted by Mikaka View Post
Yes, it came clean.
So when it came clean, and then another scan with Nod32 also came clean, there's nothing strange in Run/Runonce, and I resolved the invisible Program Files, do you think I don't have to worry about this virus anymore??
I'll do a full scans in Spybot and AdAware just in case.
How did you fix the program files issue?
Glad to hear that its fixed now.
My System SpecsSystem Spec
19 Jul 2009   #29
darkassain

Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
 
 

Quote   Quote: Originally Posted by dinesh View Post
How did you fix the program files issue?
Glad to hear that its fixed now.
he ran in a elevated cmd prompt attrib -h -s Program Files
My System SpecsSystem Spec
19 Jul 2009   #30
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote   Quote: Originally Posted by Jacee View Post
Have you visited 'GameSpot' forums and downloaded any games, cheats or etc?
Quote   Quote: Originally Posted by Mikaka View Post
Last time I downloaded Harry Potter 6 demo, and yes, I may have downloaded some cheat.
Looking at all the games you have, did you download Bypassing GameGuard?

This 'cheat' would be detected as Troj/RKProc-Fam
My System SpecsSystem Spec
Reply

 Hidden program files folder




Thread Tools




Similar help and support threads
Thread Forum
Cannot view hidden Folders and Files Even When through Folder Options
Hi! I have a pretty frustrating problem. I seem to have some hidden files and folders which I CANNOT view in the normal way. Normally, if I have hidden files and folders and I want to reveal them, I do the normal thing and go to Tools > Folder Options > View And I check the box "Show hidden...
General Discussion
C: Drive files replicated in hidden folder
Hello, my desktop has two very strange symptoms: Last night Action Center was giving a maintenance warning that there is a problem with "Kitten Cannon" and I need to go to Spiral Orbit and download the latest update. That warning just disappeared a few minutes ago. and When I choose to show...
General Discussion
Tool to showing hidden files and folder
Before, i have a small tool to enable virus hidden all files and folders to show it up back by hitting that utility bat. I lost this tool so can any body let me know or provide me that tool? Sorry for my English because it's not my native Thanks
General Discussion
Recover files hidden by a folder hiding application
Hi, I use windows 7 x86...I had hidden my folders containing files using a folder hiding application { i dont remember the aPP}...Recently i formatted my laptop and reinstalled the windows..The problem is that i cant see the folder previously hidden by the application...Before reinstalling the...
Software
what are these hidden folder (.files) ??
can any one tell me about these hidden folders (.files) ? they are same name as my pictures ! check this picture http://imgdl.ir/images/7861.jpg how can i remove or prevent create these are folders ?
General Discussion
Opening old xp profile folder leaves hidden files
My older xp computer's power supply went bust and destroyed the motherboard. Thankfully, the hard drive was ok. When I bought a new computer I put the old hard drive into an external enclosure and connected it to transfer files over. When I opened \Documents and Settings\profile I got some message...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

ę Designer Media Ltd

All times are GMT -5. The time now is 01:32.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App