Solved

Found.000\USB_Files.chk

Posted on 2008-09-29
5
5,733 Views
Last Modified: 2013-12-06
I am facing some problem in my network becuse of some viruses. all foldersand thire child folders  in my server have some hidden and protected files named Found.000 and Autorun.inf. While if i open Autorun.inf it has text as following...
"[Autorun]
Explore=Found.000\USB_Files.chk
shellexecute=Found.000\USB_Files.chk
shell\Explore\command=Found.000\USB_Files.chk
Open=Found.000\USB_Files.chk
shell\Open\command=Found.000\USB_Files.chk"

So Please Help Me to solve this problem.
0
Comment
Question by:Taqvi11
  • 3
  • 2
5 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22601748

Hi Taqvi11,

What scanners have you tried using to remove the virus?

Try running these:
1.  Download Malwarebytes' Anti-Malware to your desktop, check for Updates before scanning.
http://www.malwarebytes.org/mbam.php

2.  DrWebCureIt:
http://www.freedrweb.com/cureit/

Let us know how you go.
0
 

Author Comment

by:Taqvi11
ID: 22652966
I Have Tried these but failed. I have even deleted these files from one computer by booting system  with ERD. but when i logged in as normal mode it was still there. I think it creates some hidden processes but i am not sure about that. Please if someone has solution for that please help me. you can see these files after enabling three options under "FOLDER OPTION" as shown in attached picture number one and two.
1.JPG
2.JPG
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 200 total points
ID: 22657803

Try these;
1.  Download and run this tool and follow the prompts:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe


2.  Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
0
 

Author Closing Comment

by:Taqvi11
ID: 31501184
hello rpggamergirl,

i have tried it. but it creates some other undeleteable folders. but when tried in other comuter it was not working. So it's fifty fifty. Please give 100% solution if you can. thank you.
I appriciate your help.
Thanks And Regards,
Taqvi.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22816872
Taqvi,

Flash_Disinfector does create autorun.inf folder but that folder is a harmless one, that's created to stop the spread of the infection.
Is that what you meant?

We've also expected you to attach the combofix log so we can check for any bad files that need to be removed using combofix script function.

You didn't have to close your question yet.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now