Help! cannot see hidden file

spycampers

16 Feb 09, 09:46

Hi all.. i am a XP user.

Recently i get a virus attacker..

weiai.exe

So installed AVG anti virus software..

Do a full scan, filter out the weiai.exe.

Now the problem is when i set tools->folder options ->View->show hidden files and folders.

It will auto set back to "Do not show hidden files and folders"

So how ?? anyone can help??

LatecomerX

16 Feb 09, 12:35

http://sgforums.com/forums/2250/topics/342052#malware

caleb_chiang

16 Feb 09, 12:54

You had not remove the malware from the running procces yet... thus, it is still resident in the memory. Get it removed and it should not be making any trouble anymore.

spycampers

16 Feb 09, 15:52

how to removed the malware from the proccess??

from the http://sgforums.com/forums/2250/topics/342052#malware...

it said go download application from

http://www.malwarebytes.org/mbam.php

......

does it help??

cause I got bad experience.. after DL this type of anti virus stuff..

after installing the stuff.. and run..

my PC crashed...

LatecomerX

16 Feb 09, 16:30

Originally posted by spycampers:

how to removed the malware from the proccess??

from the http://sgforums.com/forums/2250/topics/342052#malware...

it said go download application from

http://www.malwarebytes.org/mbam.php

......

does it help??

cause I got bad experience.. after DL this type of anti virus stuff..

after installing the stuff.. and run..

my PC crashed...

If it doesn't help solve malware issues, what do you think we put it there for?

ditzy

16 Feb 09, 16:36

Put it there for fun and laughter, peace and joy.

LatecomerX

16 Feb 09, 16:58

Originally posted by ditzy:

Put it there for fun and laughter, peace and joy.

Eh, don't laugh laugh hor. If it doesn't work, you not only tio scold "sai", but you also have to chop your head off leh.

ditzy

16 Feb 09, 17:06

Originally posted by LatecomerX:

Eh, don't laugh laugh hor. If it doesn't work, you not only tio scold "sai", but you also have to chop your head off leh.

It will work, just make sure he update the damn thing before he run a scan and removal. See my china friend do all the funny funny stuff, disable services, play with registry, use what antihijack, want to give up already, I say install that, wah lah, removed in 10 mins.

LatecomerX

16 Feb 09, 17:22

Originally posted by ditzy:

It will work, just make sure he update the damn thing before he run a scan and removal. See my china friend do all the funny funny stuff, disable services, play with registry, use what antihijack, want to give up already, I say install that, wah lah, removed in 10 mins.

Seems pretty good eh. But in any case, I got my chopper ready. Now awaiting TS' response.

spycampers

16 Feb 09, 23:37

Me installed the mbam ..exe already.

installed and run...

problem still persist..

think either the china win or i do wrong step in the installation and update phase..

or maybe i kanna double combo or something ....

sigh.. think the worst case.. i copy my harddisk..

pass it to my friend. and see if he can open my hidden file..

then ask him convert all back to "unhidden"...

which is a super super long long procedure

kenn3th

17 Feb 09, 01:34

ditzy prepare to chop head.

kenn3th

17 Feb 09, 01:37

Originally posted by spycampers:

Me installed the mbam ..exe already.

installed and run...

problem still persist..

think either the china win or i do wrong step in the installation and update phase..

or maybe i kanna double combo or something ....

sigh.. think the worst case.. i copy my harddisk..

pass it to my friend. and see if he can open my hidden file..

then ask him convert all back to "unhidden"...

which is a super super long long procedure

if you copy your hdd, it's still the same. problem wil still be there.

LatecomerX

17 Feb 09, 02:10

Originally posted by spycampers:

Me installed the mbam ..exe already.

installed and run...

problem still persist..

think either the china win or i do wrong step in the installation and update phase..

or maybe i kanna double combo or something ....

sigh.. think the worst case.. i copy my harddisk..

pass it to my friend. and see if he can open my hidden file..

then ask him convert all back to "unhidden"...

which is a super super long long procedure

So you did a full scan or a quick one? And by the way, is that weird-menu-after-right-clicking-C-Drive issue resolved?

spycampers

17 Feb 09, 12:07

both problem still persist wo...

Apepal

17 Feb 09, 12:15

Look like you need more than a Malwarebyte..download hijackthis from this link and post the log here...i guess the moderator will help you with your infection... Hijackthis

LatecomerX

18 Feb 09, 03:51

Originally posted by spycampers:

both problem still persist wo...

So what was the results of the scan using MBAM?

spycampers

18 Feb 09, 23:46

Ya... it finally okie already.. thank Q..

just that now got 1 more problem...

My 250 GB External hard disk also.. kanna virus and malware....

So can i cure the 250 GB external Hard disk.??

can i do the same with MBAM??

LatecomerX

19 Feb 09, 03:39

Originally posted by spycampers:

Ya... it finally okie already.. thank Q..

just that now got 1 more problem...

My 250 GB External hard disk also.. kanna virus and malware....

So can i cure the 250 GB external Hard disk.??

can i do the same with MBAM??

Yea sure, why not? Ditzy's head is still on his neck, ready to roll anytime.

spycampers

19 Feb 09, 05:14

I think this time.. big headache..

After i insert my Ex Hard Disk into my USB Drive.

It become my F:\

I right click on my f:\.... it show me those weird character again..

so I okie.. thought happily can use the MBAM method..

So do a scan usin MBAM.. on f:\

happily found some malware and removed...

so right click again..

and to my surprise..

same @#$% character ...

and it affected my C:\ also..

now my C :\ cannot go in..

double click on it will prompt me a Open With window..

Me do a update on MBAM .. and AVG...

then do full scan...

both not use..

problem persist....

how now??

spycampers

19 Feb 09, 05:16

My log file using Hijack:

http://hjt-data.trendmicro.com/hjt/display_data.php?report=9017826

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:44 AM, on 2/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\SOUNDMAN.EXE
C:\windows\AGRSMMSG.exe
C:\windows\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Real\Update_OB ealsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
E:\PhoneConnectorVMC.exe
E:\vmc.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files\easyMule\modules\IE2EM.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB ealsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [weiai] C:\WINDOWS\system32\weiai.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Download by easyMule - C:\Program Files\easyMule\IE2EM.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{44E51107-7CDA-4AF0-BD2F-5791AD30F303}: NameServer = 202.65.247.152 202.65.247.198
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5506 bytes

LatecomerX

19 Feb 09, 16:33

Originally posted by spycampers:

I think this time.. big headache..

After i insert my Ex Hard Disk into my USB Drive.

It become my F:\

I right click on my f:\.... it show me those weird character again..

so I okie.. thought happily can use the MBAM method..

So do a scan usin MBAM.. on f:\

happily found some malware and removed...

so right click again..

and to my surprise..

same @#$% character ...

and it affected my C:\ also..

now my C :\ cannot go in..

double click on it will prompt me a Open With window..

Me do a update on MBAM .. and AVG...

then do full scan...

both not use..

problem persist....

how now??

Have you restarted your com after doing a full scan with MBAM?

spycampers

19 Feb 09, 17:52

Yes I did... and the best thing is after restart ..

fault still there..

do a full scan via MBAM....

and this time ...

luckily best... show no error. very good..

Using AVG anti virus..

show no virus..

but the fault still there...

sigh...

LatecomerX

19 Feb 09, 21:24

Try this:

http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

spycampers

20 Feb 09, 00:12

Work a bit ..

but not completely.

Cause i was using XP.. i create 2 acc for this laptop.

1 is adminstrator acc and another is a Limited acc..

For the adminstrator acc..

It Work.. so naturally i thought for the Limited acc will work also..

So i logged off admin acc and logged into limited acc..

and to my dismay..

fault still persist..

Immediately i logged off limited.. and logged in admin..

There is not fault in the admin acc

So i CREATE another Limited acc.

and logged in to the NEW Limited acc..

and the fault is there...

bloody win already...

It meants the Virus/malware is still some where in the PC.

but dun know where to find and kill it..

(btw.. i got restart and try.. same..

Admin acc.. no problem.. no fault

Limited acc... no matter how many acc i created , fault still there.

the only stuff i never try is create a NEW Admin acc )

spycampers

21 Feb 09, 01:04

I check via a VIRUS scanner and get a prompt of this:
anyone know how to remove them??

too bad.. can scan.. cannot removed

1- DiskKnight
Location : HKEY_LOCAL_MACHINE\SOFTWARE\Knight
Type: RegKey

2-tracking Cookie
Location: did-it
Type: Cookie

3-tracking Cookie
Location: server.iad.liveperson
Type: Cookie

4- IEFEATs.A
Location: C:\windows\UNINSTALL.INI
type: File

5- Spyware.Apropos
Location : C:\windows\Temp\setup.inf

6- Adware.Elodu
Location: C:\autorun.inf
type: File