Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: \!\ folder

  1. #1
    Network Engineer SolMiester's Avatar
    Join Date
    Feb 2005
    Location
    Napier
    Posts
    8,184

    Default \!\ folder

    Hi guys, a virus not sure what it is has created a folder shown above full of files but I cant find it probably due to ! name....any idea how to find and destroy

    Also explorer and desktop icons keep disappearing and reappearing.....???
    HOME-LianLi PC-9F,ASRock P67Pro3, i5 2500k @4Ghz, 8Gb HyperX, ASUS GTX660 OC, Corsair Force 120 SSD, HP zIPS22", HOME SERVER HP ML110G6 HOST-Plex\Ubuntu\8

  2. #2
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: \!\ folder

    Might have to post a HJT log, or get Comobofix whatever its called.

    Have you scanned it ? Or can it be scanned?

    And where is it on the hdd?

  3. #3
    Computer Technician wainuitech's Avatar
    Join Date
    Aug 2007
    Location
    Wellington
    Posts
    27,503

    Default Re: \!\ folder

    Little tool I find useful sometimes, shows hidden folders/processes, give This a Go, see if it locates the folder/files.
    Update / Upgrades = Replace old bugs with new ones.

  4. #4
    Network Engineer SolMiester's Avatar
    Join Date
    Feb 2005
    Location
    Napier
    Posts
    8,184

    Default Re: \!\ folder

    Thx guy, will try that hidden folder, have scaned the drive & killed 12 viruses but as i said, the desktop is doing some strange stuff, just reinstalling sp3 to see if it will fixed missing or corrupted files, then will try that hidden files...

    Saw them all when doing a boot scan, but of course illegal character folder and I cant use windows to find them!
    HOME-LianLi PC-9F,ASRock P67Pro3, i5 2500k @4Ghz, 8Gb HyperX, ASUS GTX660 OC, Corsair Force 120 SSD, HP zIPS22", HOME SERVER HP ML110G6 HOST-Plex\Ubuntu\8

  5. #5
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: \!\ folder

    See if Unlocker will delete it.

    Or disable system restore first then delete it in safe mode. If that doesnt work, disable SR and try Unlocker

  6. #6
    Computer Technician wainuitech's Avatar
    Join Date
    Aug 2007
    Location
    Wellington
    Posts
    27,503

    Default Re: \!\ folder

    By any chance was /is the virus called W32/Rjump.worm
    Update / Upgrades = Replace old bugs with new ones.

  7. #7
    Network Engineer SolMiester's Avatar
    Join Date
    Feb 2005
    Location
    Napier
    Posts
    8,184

    Default Re: \!\ folder

    Quote Originally Posted by wainuitech View Post
    By any chance was /is the virus called W32/Rjump.worm
    Didnt see the names...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:47:22 p.m., on 28/05/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\nvraidservice.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\WINDOWS\System32\wbem\unsecapp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
    C:\Program Files\Desktop Sidebar\dsidebar.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\taskmgr.exe
    H:\PortableApps\PortableApps\PortableAppsMenu\Port ableAppsMenu.exe
    H:\PortableApps\PortableApps\ClamWinPortable\ClamW inPortable.exe
    H:\PortableApps\PortableApps\ClamWinPortable\App\c lamwin\bin\ClamWin.exe
    H:\PortableApps\PortableApps\ClamWinPortable\App\c lamwin\bin\clamscan.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\explorer.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.co.nz/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Traffic Usage Checker.lnk = C:\Program Files\Traffic Usage Checker\TUC.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 6063 bytes
    HOME-LianLi PC-9F,ASRock P67Pro3, i5 2500k @4Ghz, 8Gb HyperX, ASUS GTX660 OC, Corsair Force 120 SSD, HP zIPS22", HOME SERVER HP ML110G6 HOST-Plex\Ubuntu\8

  8. #8
    Network Engineer SolMiester's Avatar
    Join Date
    Feb 2005
    Location
    Napier
    Posts
    8,184

    Default Re: \!\ folder

    I did see a message about a svhost.exe wanting to register for startup, which I said no, but it keep asking and asking etc.....dont know what that winpcap is, may get rid of that!
    HOME-LianLi PC-9F,ASRock P67Pro3, i5 2500k @4Ghz, 8Gb HyperX, ASUS GTX660 OC, Corsair Force 120 SSD, HP zIPS22", HOME SERVER HP ML110G6 HOST-Plex\Ubuntu\8

  9. #9
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: \!\ folder

    Hmm log looks ok.

    But you can tick these then tick fix checked

    Close browsers

    Whats H?? Internal or external hdd?

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    Does task manager / the firewall / regedit still open?

    Uninstall all versions of Java, then install the latest version

    Does Avast still work, or is it disabled?

  10. #10
    Network Engineer SolMiester's Avatar
    Join Date
    Feb 2005
    Location
    Napier
    Posts
    8,184

    Default Re: \!\ folder

    avast still works, got rid of some of those above, h: is flash drive.

    Whats unlocker?
    HOME-LianLi PC-9F,ASRock P67Pro3, i5 2500k @4Ghz, 8Gb HyperX, ASUS GTX660 OC, Corsair Force 120 SSD, HP zIPS22", HOME SERVER HP ML110G6 HOST-Plex\Ubuntu\8

Similar Threads

  1. .tif to .doc Folder
    By Poppa John in forum PressF1
    Replies: 8
    Last Post: 27-12-2006, 12:57 PM
  2. Help! Can't delete folder
    By bigburger in forum PressF1
    Replies: 5
    Last Post: 24-12-2005, 01:01 PM
  3. VCM.000 Folder
    By B.M. in forum PressF1
    Replies: 3
    Last Post: 21-05-2004, 01:05 PM
  4. Replies: 4
    Last Post: 17-04-2001, 11:00 PM
  5. Folder with no name
    By in forum PressF1
    Replies: 0
    Last Post: 12-10-1998, 10:32 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •