Win32.worm.autoruner.cd!

trinh minh duc
edited October 2007 in Malware talk

Bitdefender said that it moved the virus but i still can't see the hidden folders.What must i do <img class=" />

Comments

  • Hi trinh minh duc,


    Please explain better what your problem is:


    - where did BitDefender find the virus (what file, and where was it located)


    - how did BD find the virus (Realtime protection, or Manual Scan)


    - what hidden folders are you talking about?


    Cris.


    P.S.: I'll move this topic to the Malware section (it's more appropriate)

  • Hello trinh minh duc


    You have to enable the option in explorer before you can see hidden files/folders. Go to start,my computer,tools,folder options,display/view,check show/display hidden files/folders and press on apply to confirm. If the infection was placed on important system locations you have to uncheck hide protected operating system files press on apply and ok. Be very careful with it.


    To verify what was done with the infection do this open BitDefender by double clicking on the red BitDefender icon when you are in BitDefender Security Center,press on events (logfiles,logs) double click on the scan finished or by real time events and copy and paste the location and the action that was applied.


    Please be more specific if that wasn't what you wanted to know.


    Best regards


    Niels

  • trinh minh duc
    edited October 2007

    @ Cris:


    - e:\autorun.inf


    -by manual scan


    -local settings


    :rolleyes:


    @Niels:I did what you say but i stlll can't see the local settings :wacko:


    1595154890_2b1dee4b87.jpg


    Anyway,thanks <img class=" />

  • What about if you try to go directly to that folder?


    In Explorer, at the Address Bar, type: C:\Documents and Settings\<username>\Local Settings and press Enter. Even if you can't see the folder, it should get you into it (I've tested it and it worked).


    If this doesn't work, it means that the folder doesn't exist.


    Cris.

  • Hello trinh minh duc


    Try to do the same thing but press on apply on all folders. Normally when you do what I said you must be able to see the hidden folder but you have first to open the folder of your user account. But what Cris told you should work also.


    Best regards


    Niels

  • trinh minh duc
    edited October 2007

    OMG,this virus ate my bitdefender :wacko: :wacko: :wacko:


    why can't i find the BDF launcher???


    1635246696_da1a20366d.jpg


    1635462874_875477cf18.jpg

  • Yeah, i also saw the stituation as trinh minh duc so i asked in this topic :


    http://forum.bitdefender.com/index.php?showtopic=2456


    and :


    http://forum.bitdefender.com/index.php?showtopic=2425


    Cris have told me that he would test with sample. I hope he announced to BitDefender Labs

  • Yeah, i also saw the stituation as trinh minh duc so i asked in this topic :


    http://forum.bitdefender.com/index.php?showtopic=2456


    and :


    http://forum.bitdefender.com/index.php?showtopic=2425


    Cris have told me that he would test with sample. I hope he announced to BitDefender Labs


    Hi Crem,


    I tested the samples you sent me, but BD reacted just fine on them. I know you said that BD finds them only if the system hasn't already been infected, but this is what I did (all tests were made on Virtual Machine, WinXP SP2 as guest OS, BD 2008 IS fully updated):

    1. I turned off the BD protection
    2. I ran ntdelect.com. It installed the virus in many places (in System32, in StartUp, in Temp folder and in IE Cache folder)
    3. I restarted the system
    4. I tried to make the hidden files visible, but it didn't work (so the virus installed itself correctly)
    5. I enabled BD protection. Instantly, it reacted on the threats: kav0.exe, ntdelect.exe, autorun.inf. Moved these 3 in the Quarantine
    6. I restarted the system (normally, not in SafeMode)
    7. I made a QuickScan (in the Windows fodler and in the Documents and Settings folder). BD found the rest of the threats (some files in the Temp folder and a file in IE Cache). It successfully deleted all of them. I didn't report anything because I thought the issue has been fixed.
    And maybe the issue has been fixed. Try to make a BD Repair installation, then make an update and make a DeepScan of your system. Maybe now it will find all infected files.


    If it doesn't work, I'll give you instructions on how to manually remove the infection.


    Cris.