Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Virus WILL NOT LEAVE !!!!

Status
Not open for further replies.
telomostro

telomostro

Technical User
Jul 12, 2006
22
US
I have gotten this virus in a computer running XP SP2, these are the weird symptoms:

Pop Ups everywhere.

Norton antivirus will always start with "Auto-Protect" disabled.

In My Computer 3 (shared) of my 6 hard drives have a strange (but pretty) icon, it represents a computer with an open box to the left and a CD ROM in front.

Inside these 3 HD at their root there is a "Setup.exe" with the same identical pretty icon.

So far this is all I have noticed, I have ran Ewido which cleaned 5 objects but did not seem to fix anything.

I am not sure where to go from here
 
Sort by date Sort by votes
If you've removed the file and a generic icon remains in it's place, I'd try Ewido and an anti rootkit of some sort (search for 'rootkit' in majorgeeks.com). Can you remove the icon(s) using the tool in HijackThis that will delete on boot?

@Erik, I wasn't sure about that file - I'm running Vista and Trend today - awful combination ...
 
Upvote 0 Downvote
Changing the icon of a drive
By editing the Registry it is possible to change the icon that Windows Explorer uses for a drive. For example, if you want to change Drive E's icon, create the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Explorer\DriveIcons\E\DefaultIcon\

When you create the above key, a string value named "Default" with value not set is automatically created. What you have to do is setting this value with the path of the icon, and this changes the drive icon of Drive E.

If you want revert back the default Icon, just delete the value of the "Default" string value, or just delete the above registry key. Here are two reusable routines to set or reset the icon for a specified drive:


Sub ChangeDriveIcon(ByVal driveLetter As String, ByVal icoPath As String)
Dim regKey As String
regKey = "Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\" & _
driveLetter & "\DefaultIcon"

' create the parent key
CreateRegistryKey HKEY_LOCAL_MACHINE, regKey
' set the (Default) value with the icon's path
SetRegistryValue HKEY_LOCAL_MACHINE, regKey, "", icoPath
End Sub

Sub ResetDriveIcon(ByVal driveLetter As String)
Dim regKey As String
regKey = "Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\" & _
driveLetter & "\DefaultIcon"

' delete the key
DeleteRegistryKey HKEY_LOCAL_MACHINE, regKey
End Sub
Click to expand...

Hope the above helps you out with the ICONs...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Sorry Satrow.... I didn't explain my self correctly:
removing the "setup.exe" file in the drive's root changes the icon of the drive from the same icon of the "setup.exe" to a generic windows icon, does that make sense....?

Can you upload pictures on this site...?
 
Upvote 0 Downvote
As far as I know, you can not upload pictures directly, but use a PicHost like Photobucket or Imageshack, then paste the DIRECT LINK here...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Thank you BadBigBen I followed your link so I can show the pictures of what I am talking about. This link:


will show you the pic of My Computer and as you can see C: drive, D: drive and H: drive are the 3 drives affected, the exception is H: inside which I have removed the file that's indicated by the arrow on the picture at this link:


"A picture is worth a 100 words"
 
Upvote 0 Downvote
Ok, follow the above what I had Posted as per direction to fix the ICONs for the Drives...

the way it looks is that the REGISTRY may have gotten a bit jumbled up, ergo the ICONS for the Drives got replaced by the SETUP ICON (that is the pretty one)...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
The generic icons are found in C:\WINDOWS\system32\SHELL32.dll

This file may be damaged or missing.

This may be worth a try.

Blackhole/crater all the setup.exe's as they should not be needed - but don't delete them at this point.

By blackhole I mean remove all access permissions.

open a command window and for each file type something like

cacls c:\setup.exe /D Everyone

This means that the file specified cannot be opened, run, executed or written to. It can be deleted however.

Now re-boot.

Then recover C:\WINDOWS\system32\SHELL32.dll from the windows CD ROM. It should be in the i386 folder and needs extracting. (Forgive me but I'm too tired right now to check out this exactly!)
 
Upvote 0 Downvote
BadBigBen, I tried to follow your sugestion above but:
1. there is not a DriveIcons folder in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Explorer\ (DriveIcons\E\DefaultIcon)
2. I do not understand what is a "reusable routine" and how do you put it to work.

I am still stuck

but thanx for the help
 
Upvote 0 Downvote
Format and Reinstall! The best thing you can do, when you surf the web to use a "user" rights account. This way there is no rights to install anything.
 
Upvote 0 Downvote
Whaaaaat....? Format and Reinstall...??????

BridgeRe, you are like a doctor that tells his patient: "I am not too sure what kind of desase you have, why don't you try jumping from the 12th floor ?"

Just kidding man, that would really be suicide, I have thousand of $ worth of software, codecs, it would be a job that would last several days maybe weeks considering I cannot spend the whole day by the computer, not to talk about the fact that some of this stuff I don't even have the original disk, if that was an option I would have done it before posting anything here. thanx for trying to help though.
 
Upvote 0 Downvote
@telemostro - ignore what I wrote, it may be a tad to complicated at present... just follow what STDUC mentioned first...

if all else fails... you can always do a REPAIR INSTALL, the only thing you loose are the Windows Hotfixes/Updates, not your Software...



Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Well that's a little extreme. There is no death here. I tend to burn anything of importance to a DVD just for that reason. Surfing the web with admin rights these days is like unprotected sex, you never know! Good luck!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Locked
  • Question
Programs not loading on Windows 11 Version 22H2.
Replies
9
Views
440
pjw001
pjw001
VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
375
guitarzan
guitarzan
Flinx
  • Locked
  • Question
Nero Burning ROM not seeing disk change 2
Replies
3
Views
268
gbaughma
gbaughma
pmonett
  • Locked
  • Question
Cannot install Notes R12 1
Replies
13
Views
246
Rick998
Rick998
moveit
  • Locked
  • Question
MSDOS PROGRAM IN WINDOWS 10 32BIT WILL NOT WORK
2
Replies
21
Views
287
Deniall
Deniall

Part and Inventory Search

Sponsor

Back
Top