Hidden program files folder

Page 3 of 4 FirstFirst 1234 LastLast

  1. Posts : 2,899
    Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
       #21

    mikaka next time can put code tags so the post does not run too long....
    also (and if get dont get this correctly please correct me)
    you ran Spybot S&D/Nod32 and it found something...
    (do you know what you deleted [some sort of log would help from spybot and nod])
    you deleted it
    and then you went working into MSconfig tool looking for some more malware...

    from the screen shot it (and following dinesh's advice)check these two
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
    and these
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

    and from this info (and your msconfig screenshot)
    it might seem you already deleted the file (although the only way you can be sure is if
    boot a live cd (its more harder to infect a read only media to read/write media...) mount that disk and from there look if the file/s are there...

    you can also use WinRE (pressing F8 and clicking on repair your computer) you can pick up a cmd prompt and you can check (throught the use of cd and dir commands) if the file is there and then delete it (using the del command)...
    although do not try this is if you are not proficient with a DOS prompt style interface..
      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #22

    Would you please upload (individually) and scan each of these files to jotti
    Jotti's malware scan
    C:\Windows\System32\drivers\SRK.sys
    C:\Windows\U
    C:\Windows\”o
    C:\Windows\System32\%APPDATA%
    C:\Windows\System32\APOMngr.DLL

    Post the result logs {copy and paste} the link from the address bar ---> http://
      My Computer


  3. Posts : 8,476
    Windows 8 Pro (64-bit)
       #23

    I guess he will need to do a clean install.
      My Computer


  4. Posts : 65
    Windows 7 build 7600 64 bit
    Thread Starter
       #24

    @darkassain

    I think the log from Nod32 is gone, I cannot find it (unless there is a way to retrieve it, after Nod has been reinstalled).
    But here is what Spybot found:
    Imageshack - przechwytywanie

    The registry entries look clean to me, both RunOnce's are empty.
    Run in CURRENT_USER contains Google Update (I have Chrome browser), and Sidebar.
    Run in LOCAL_MACHINE contains Ad Muncher (ad blocker, installed by me), Ad-watch (Ad Aware also installed by me), and Egui (GUI process for ESET Nod32).

    I'm gonna boot with 7 DVD, and check if the two files of the _scott things are still there.

    @Jacee
    SRK.sys
    U
    ”o
    index.dat (The only file inside %AppData%/Microsoft/Windows/IETldCache
    APOMngr.DLL

    @dinesh
    I hope not
      My Computer


  5. Posts : 8,476
    Windows 8 Pro (64-bit)
       #25

    Did you try the Boot scan with avast?
      My Computer


  6. Posts : 65
    Windows 7 build 7600 64 bit
    Thread Starter
       #26

    dinesh said:
    Did you try the Boot scan with avast?
    Yes, it came clean.
    So when it came clean, and then another scan with Nod32 also came clean, there's nothing strange in Run/Runonce, and I resolved the invisible Program Files, do you think I don't have to worry about this virus anymore??
    I'll do a full scans in Spybot and AdAware just in case.
      My Computer


  7. Posts : 2,899
    Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
       #27

    looks like a rootkit...
    run the disenfector
    Sophos - Troj/RKProc-Fam and Troj/Stinx disinfection instructions
    just in case run this to see if you have any traces of this trojan...;
    Last edited by darkassain; 19 Jul 2009 at 14:39.
      My Computer


  8. Posts : 8,476
    Windows 8 Pro (64-bit)
       #28

    Mikaka said:
    Yes, it came clean.
    So when it came clean, and then another scan with Nod32 also came clean, there's nothing strange in Run/Runonce, and I resolved the invisible Program Files, do you think I don't have to worry about this virus anymore??
    I'll do a full scans in Spybot and AdAware just in case.
    How did you fix the program files issue?
    Glad to hear that its fixed now. :)
      My Computer


  9. Posts : 2,899
    Windows 7 Ult x64(x2), HomePrem x32(x4), Server 08 (+VM), 08 R2 (VM) , SuSe 11.2 (VM), XP 32 (VM)
       #29

    dinesh said:
    How did you fix the program files issue?
    Glad to hear that its fixed now. :)
    he ran in a elevated cmd prompt attrib -h -s Program Files
      My Computer


  10. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #30

    Jacee said:
    Have you visited 'GameSpot' forums and downloaded any games, cheats or etc?
    Mikaka said:
    Last time I downloaded Harry Potter 6 demo, and yes, I may have downloaded some cheat.
    Looking at all the games you have, did you download Bypassing GameGuard?

    This 'cheat' would be detected as Troj/RKProc-Fam
      My Computer


 
Page 3 of 4 FirstFirst 1234 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 04:58.
Find Us