Tom's Hardware > Forum > Windows XP > Windows XP General Discussion > Explorer issue after trojan attack

Explorer issue after trojan attack

Forum Windows XP : Windows XP General Discussion - Explorer issue after trojan attack

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Woodman   03-02-2008 at 04:31:14 PM

AVG discovered a trojan hiding in my drives, and after a full scan, it uncovered two more files. One of the things it did was continually hide hidden files and folders, supposedly to keep from revealing itself for deletion. Changing the folder settings did nothing. Bizarrely my AVG managed to clean them of the infection, and there it sat, still partially running the stupid code and hiding hidden files from view. I say partially, since the option to uncheck "Hide protected OS files" was doable, no problem. I got a basic VBS script online to reset the problem, and after reviewing it in notepad, it looked fine... just a few regedits to reset the values of certain hide attribs here and there. It worked, and I manually deleted the now dis-infected files completely from my drives. I did another scan and everything looks good.

Unfortunately the virus sortof crippled my default viewing of My Computer icon. Normally I can double-click my C: and D:, and it'd show the contents within. Well now whenever I double-click C: and D:, or right-click and Explore the drive, it brings up the "Open With" dialogue box, asking for which program to open it with. I browsed to WINNT (Windows folder), and selected "explorer.exe", which is of course Windows Explorer. In the case of D:, it worked, and the box never showed up again. But for C:, the box keeps popping up, and I'm not sure what to do. There's a checkbox there which says to "Always use the selected program to open this file", which I'd like to check, but it's greyed out.

It's relatively minor, but it makes me feel uncomfortable just not being able to fix this small issue. I'd appreciate any help you guys can give me, perhaps a small regedit change is all thats required? Thanks.

Add a reply
Sponsored Links
Register or log in to remove.
badge   03-02-2008 at 07:32:49 PM
- 0 +

I use this registry repair on all my systems except VISTA 64 (this software does not work with VISTA 64, but works fine with VISTA 32). Download, install and run this small program and it may repair your registry. If not, you may have to do a repair install of your OS to solve the registry problem.

http://www.eusing.com/free_registr [...] leaner.htm

Reply to badge
Woodman   03-03-2008 at 03:13:48 AM
- 0 +

Thanks Badge. I installed the software and checked my registry for problems. But I'm a little hesistant in fixing them because it seemed to label genuine entries from non-threatening programs as problems. I'll look around some more. If I can't find anything, I'll do the XP repair. Thanks again.

Reply to Woodman
badge   03-03-2008 at 04:59:31 AM
- 0 +

Hi Woodman. I use Eusing on about a dozen BUSINESS computers we own. I have never had a problem, not a single one with XP. DO NOT use the software on VISTA 64. I just exchanged email with Eusing support, and they don''t have VISTA 64 to test with, so they had no idea their software didn't work with VISTA 64! I must have been the first to make them aware!


Message edited by badge on 03-03-2008 at 05:02:16 AM
Reply to badge
Woodman   03-03-2008 at 06:07:29 AM
- 0 +

Oh, okay thanks for the heads up on V64. I use XP too, so it's no problem.

Reply to Woodman
Woodman   03-04-2008 at 02:18:53 AM
- 0 +

Alright, I discovered the solution. When the virus attacked and was cleared, it left behind an incospicuous looking "autorun.inf" file in my C: drive. Editing it revealed some unfamiliar alphanumerical code, so out it went to the trash bin. At first I thought it didn't work, but a few seconds later, my C: drive started working correctly. 'Opening' and 'Exploring' now works flawlessly. So if any of you folks get hit, thats the solution.

Thanks again Badge. And in case any of you are wondering, the name of the virus was the NSanti.H Trojan. Not much on it on Google, and no autocleaners either so watch out.

Reply to Woodman
Ask the community Add a reply
Tom's Hardware > Forum > Windows XP > Windows XP General Discussion > Explorer issue after trojan attack
Go to:

There are 413 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.274 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them