Sign in with
Sign up | Sign in
Your question

Explorer issue after trojan attack

Last response: in Windows XP
Share
March 2, 2008 1:31:14 PM

AVG discovered a trojan hiding in my drives, and after a full scan, it uncovered two more files. One of the things it did was continually hide hidden files and folders, supposedly to keep from revealing itself for deletion. Changing the folder settings did nothing. Bizarrely my AVG managed to clean them of the infection, and there it sat, still partially running the stupid code and hiding hidden files from view. I say partially, since the option to uncheck "Hide protected OS files" was doable, no problem. I got a basic VBS script online to reset the problem, and after reviewing it in notepad, it looked fine... just a few regedits to reset the values of certain hide attribs here and there. It worked, and I manually deleted the now dis-infected files completely from my drives. I did another scan and everything looks good.

Unfortunately the virus sortof crippled my default viewing of My Computer icon. Normally I can double-click my C: and D:, and it'd show the contents within. Well now whenever I double-click C: and D:, or right-click and Explore the drive, it brings up the "Open With" dialogue box, asking for which program to open it with. I browsed to WINNT (Windows folder), and selected "explorer.exe", which is of course Windows Explorer. In the case of D:, it worked, and the box never showed up again. But for C:, the box keeps popping up, and I'm not sure what to do. There's a checkbox there which says to "Always use the selected program to open this file", which I'd like to check, but it's greyed out.

It's relatively minor, but it makes me feel uncomfortable just not being able to fix this small issue. I'd appreciate any help you guys can give me, perhaps a small regedit change is all thats required? Thanks.
March 2, 2008 4:32:49 PM

I use this registry repair on all my systems except VISTA 64 (this software does not work with VISTA 64, but works fine with VISTA 32). Download, install and run this small program and it may repair your registry. If not, you may have to do a repair install of your OS to solve the registry problem.

http://www.eusing.com/free_registry_cleaner/registry_cl...
March 3, 2008 12:13:48 AM

Thanks Badge. I installed the software and checked my registry for problems. But I'm a little hesistant in fixing them because it seemed to label genuine entries from non-threatening programs as problems. I'll look around some more. If I can't find anything, I'll do the XP repair. Thanks again.
Related resources
March 3, 2008 1:59:31 AM

Hi Woodman. I use Eusing on about a dozen BUSINESS computers we own. I have never had a problem, not a single one with XP. DO NOT use the software on VISTA 64. I just exchanged email with Eusing support, and they don''t have VISTA 64 to test with, so they had no idea their software didn't work with VISTA 64! I must have been the first to make them aware!
March 3, 2008 3:07:29 AM

Oh, okay thanks for the heads up on V64. I use XP too, so it's no problem.
March 3, 2008 11:18:53 PM

Alright, I discovered the solution. When the virus attacked and was cleared, it left behind an incospicuous looking "autorun.inf" file in my C: drive. Editing it revealed some unfamiliar alphanumerical code, so out it went to the trash bin. At first I thought it didn't work, but a few seconds later, my C: drive started working correctly. 'Opening' and 'Exploring' now works flawlessly. So if any of you folks get hit, thats the solution.

Thanks again Badge. And in case any of you are wondering, the name of the virus was the NSanti.H Trojan. Not much on it on Google, and no autocleaners either so watch out.
!