Questions

subfolders creates another folder( same name) and i cant delete it

Tags:
+
0 Votes
Locked

subfolders creates another folder( same name) and i cant delete it

younglai22
I CANT DO REGEDIT...
help!

inside all of my subFOLDERS in my C drive is another folder created with exactly the same folder name and when i checked in the folders properties it is an APPLICATION (archive) folder and i delete it but it still there everytime i go back into the folder... and when i open it up it opens MY DOCUMENTS...

example:
JELAI pics (folder name), inside the folder is another JELAI pics folder which says its an application and the file size is 42kb and everytime i open it up it opens up a new window for MY DOCUMENTS


it is all the same with all of my subFOLDERS
I DELETE IT but when i go back inside the folder it's there again... i cant get rid of it

pls help me
  • +
    0 Votes
    bhatnagar_nitin

    It seems that your system got infected with Windows NT task Scheduler vulnerability. This is explained in the following article...

    http://www.securiteam.com/windowsntfocus/3H5PSQUQAQ.html

    Due to this, the attacker can gain administrative control over your PC and limits you to do certain things. Are you facing any other problems like: Do you see one extra menu(something like Advanced Tasks or so) added in the menu bar of windows explorer?
    Also, do one thing, press the "Run" button in the windows Start menu and press 'regedit', press enter. Do you get a pop up message and then your system restarts automatically?

    These are some of the symptoms of this infection. If you are, then you need some extra information on how to kill this infection.

    Here's a forum which tells you how to kill this service...

    http://www.cybertechhelp.com/forums/showthread.php?t=60564&page=3

    +
    0 Votes
    younglai22

    i tried to go to run and type regedit it doesnt allow me... and i dont even have folder options!

    +
    0 Votes
    bhatnagar_nitin

    so, now it's confirmed that your are struck with Windows NT task Scheduler vulnerability. I would suggest you that you try step by step as explained in this forum:

    http://www.openrce.org/blog/view/407

    and if that doesn't help much, then try some of my points below. I hope you would atleast get an idea on how to kill this service.

    1) First go into windows tasks folder "C:\Windows\Tasks" and delete the At1 task.
    2) Next run Task Manager and kill the explorer.exe process. Your desktop will be gone after this. What you have only now is the Task Manager window.
    3) Next from the file menu of Task Manager, press "New Task(Run)" button and type cmd.
    4) Then try to query the registry using this command...
    C:\>reg query hkcu\software\microsoft\windows\currentversion\run
    5) Next type this command...
    C:\>reg delete hkcu\software\microsoft\windows\currentversion\run
    6) After you are done with these, on command prompt,
    try to delete the file br4017on.exe or something strange like that from your C:\Documents and Settings\Your Login Name\Local Settings\Application Data\br4017on.exe

    If you are not able to delete it, use some kind of unlocker or killbox utility found here..

    http://www.softpedia.com/get/System/System-Miscellaneous/Unlocker.shtml
    or
    http://www.softpedia.com/get/Security/Secure-cleaning/Pocket-Killbox.shtml

    KillBox is gud one which provides you an option to delete the file next time you reboot your PC("Delete on reboot" checbox).

    Also, clean all your temporary files from temp folders(windows\temp, temporary internet settings etc)

    But be sure that you are doing all these things in safe mode and not in normal mode of windows operation.

    +
    0 Votes
    younglai22

    i scanned my PC using SYMANTEC anti virus and it found w32.sillyFDC virus.

    it also opens my internet explorer automatically with a webpage that contains BRONTOK.A [10] [BY: HVM#!--JOWOBOOT#VM COMMUNITY

    pls help me...

    i will try to follow the steps you provided...
    thanks!

    +
    0 Votes
    bhatnagar_nitin

    You got to look at this article.

    http://payid.blogspot.com/2006/03/w32rontokbromm-aka-brontok-removal.html

    It gives you detailed step by step actions to remove Brontok from your system.

    I hope it is sufficient enough to provide you much help.

    After you are over with this exercise, get some good antivirus software.
    I prefer latest McAfee VirusScan than Symentec and I never faced such Brontok problem. Rest is your choice.

    +
    0 Votes
    romirgavino

    knew it was still that virus.. thnx for all the help, gona work on removing it now, can i ask tho for more details on how to perform steps 4 to 6? i type everything on the command prompt right? thats the dos like window if im not mistaken... the virus on my pc isnt br4017.exe tho, i forgot the name but its completely different.. hmmm have to find out

    +
    0 Votes
    gshankarvbg5

    hi young/- i am gowrishankar ..... U must know one information that is "If any folder's properties says it is Application(42kb) so THIS IS VIRUS FILE .., THIS IS NEW TYPE OF VIRUS GERNERTED IN 2008 SO U MUST FORMAT UR SYSTEM FOR BETTER PERFORMANCE "my system also affected by this type of virus ....


    Think format to better

    One more idea " Using Kaspersky2009 version of anti virus to delete this type of virus" so u cool


    reply must

  • +
    0 Votes
    bhatnagar_nitin

    It seems that your system got infected with Windows NT task Scheduler vulnerability. This is explained in the following article...

    http://www.securiteam.com/windowsntfocus/3H5PSQUQAQ.html

    Due to this, the attacker can gain administrative control over your PC and limits you to do certain things. Are you facing any other problems like: Do you see one extra menu(something like Advanced Tasks or so) added in the menu bar of windows explorer?
    Also, do one thing, press the "Run" button in the windows Start menu and press 'regedit', press enter. Do you get a pop up message and then your system restarts automatically?

    These are some of the symptoms of this infection. If you are, then you need some extra information on how to kill this infection.

    Here's a forum which tells you how to kill this service...

    http://www.cybertechhelp.com/forums/showthread.php?t=60564&page=3

    +
    0 Votes
    younglai22

    i tried to go to run and type regedit it doesnt allow me... and i dont even have folder options!

    +
    0 Votes
    bhatnagar_nitin

    so, now it's confirmed that your are struck with Windows NT task Scheduler vulnerability. I would suggest you that you try step by step as explained in this forum:

    http://www.openrce.org/blog/view/407

    and if that doesn't help much, then try some of my points below. I hope you would atleast get an idea on how to kill this service.

    1) First go into windows tasks folder "C:\Windows\Tasks" and delete the At1 task.
    2) Next run Task Manager and kill the explorer.exe process. Your desktop will be gone after this. What you have only now is the Task Manager window.
    3) Next from the file menu of Task Manager, press "New Task(Run)" button and type cmd.
    4) Then try to query the registry using this command...
    C:\>reg query hkcu\software\microsoft\windows\currentversion\run
    5) Next type this command...
    C:\>reg delete hkcu\software\microsoft\windows\currentversion\run
    6) After you are done with these, on command prompt,
    try to delete the file br4017on.exe or something strange like that from your C:\Documents and Settings\Your Login Name\Local Settings\Application Data\br4017on.exe

    If you are not able to delete it, use some kind of unlocker or killbox utility found here..

    http://www.softpedia.com/get/System/System-Miscellaneous/Unlocker.shtml
    or
    http://www.softpedia.com/get/Security/Secure-cleaning/Pocket-Killbox.shtml

    KillBox is gud one which provides you an option to delete the file next time you reboot your PC("Delete on reboot" checbox).

    Also, clean all your temporary files from temp folders(windows\temp, temporary internet settings etc)

    But be sure that you are doing all these things in safe mode and not in normal mode of windows operation.

    +
    0 Votes
    younglai22

    i scanned my PC using SYMANTEC anti virus and it found w32.sillyFDC virus.

    it also opens my internet explorer automatically with a webpage that contains BRONTOK.A [10] [BY: HVM#!--JOWOBOOT#VM COMMUNITY

    pls help me...

    i will try to follow the steps you provided...
    thanks!

    +
    0 Votes
    bhatnagar_nitin

    You got to look at this article.

    http://payid.blogspot.com/2006/03/w32rontokbromm-aka-brontok-removal.html

    It gives you detailed step by step actions to remove Brontok from your system.

    I hope it is sufficient enough to provide you much help.

    After you are over with this exercise, get some good antivirus software.
    I prefer latest McAfee VirusScan than Symentec and I never faced such Brontok problem. Rest is your choice.

    +
    0 Votes
    romirgavino

    knew it was still that virus.. thnx for all the help, gona work on removing it now, can i ask tho for more details on how to perform steps 4 to 6? i type everything on the command prompt right? thats the dos like window if im not mistaken... the virus on my pc isnt br4017.exe tho, i forgot the name but its completely different.. hmmm have to find out

    +
    0 Votes
    gshankarvbg5

    hi young/- i am gowrishankar ..... U must know one information that is "If any folder's properties says it is Application(42kb) so THIS IS VIRUS FILE .., THIS IS NEW TYPE OF VIRUS GERNERTED IN 2008 SO U MUST FORMAT UR SYSTEM FOR BETTER PERFORMANCE "my system also affected by this type of virus ....


    Think format to better

    One more idea " Using Kaspersky2009 version of anti virus to delete this type of virus" so u cool


    reply must