Unknown std text found in my pc

[Guest]

[freezebee]

Hi,
                   Well my pc got infected with some malware its like showing an undefined characters ($&?!*)  on the context menu for all the local drives   


The problem is : I couldn't able to double click my local drives (C:,D:,E: etc) suppose if i try to open it by double-click it opens a "Open-With" dialog box

or if  i do right click and select the menu option of undefined character its opening the same  "open-with" dialog box

Because of this i have downloaded the comodo antivirus  to detect and repair it but it says no virus found

Right now im using ZoneAlarm firewall with antivirus its also not detecting it

and even i searched for help doc in the net it says like i have to delete the autorun.ini file but i searched for that file there is no presense of that file in my pc by enabling the show hidden file folders

so suggest  me any idea  to get rid of the malware in my pc

I think i got this error from one of my thumb drive

Thanks and waiting for your suggestion

[freezebee]

Stiil i didn't get any suggestion from any body to get rid of that crap characters

so help me out to sort this problem!

Thanks

Prabhu.R

[panic]

Download hijackthis.exe from www.merijn.org/downloads and run it (Do a scan and save a log file). The section we're interested in are the "02" entries that relate to context menu items. Attach the log file to reply and we'll see what we can find.

Cheers,
Ewen :-)

[freezebee]

Hi Ewen,

Thanks for replying to my post 


I here by attaching my malware screen shot and hijack information for your suggestion.

Thanks,

Prabhu.R

[Ragwing]

Protocol: vfsp - (no CLSID) - (no file) - Now what the hell is this?


Winlogon Notify: WgaLogon - C:\WINDOWS\ (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify) - This ins't malware, but if it's C:\WINDOWS\, it means that the key containing the value is empty. I don't know why it's there. There's not supposted to be such an entry in \Winlogon\Notify as far as I know.

Else, I can't find any other suspicious items in your log. Try to delete them and see if it solves your problem (if no one has anything against it).

Cheers,
Ragwing

[freezebee]

Hi Ragwing,

                                 I couldn't able to get you like which entry i have to delete!

the whole wgalogon folder it self

Thanks

Prabhu.R

[Ragwing]

No, don't delete the Winlogon-key. I meant that you should delete these entries in HijackThis. Just mark those two, and choose Fix checked (I think that's the correct name of the button ).

Cheers,
Ragwing

[freezebee]

thanks for patience Ragwig

but i coulnt able to delete the entry in "hjack this" for    "Protocol: vfsp - (no CLSID) - (no file) "

Now what should i do?

Thanks and Regards,

Prabhu.R

[Ragwing]

Open the start menu and click Run. Write regedit. Now go to HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler and delete vfsp.

OR

Open notepad and write:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vfsp]

Save as delete.reg (name won't matter, but include .reg). Now double-click it and then do a new HijackThis-scan to see if it's gone.

Cheers,
Ragwing

[freezebee]

Hi Ragwing,


                   The entry got deleted now but my malware problem which u saw above in the  screen shot is still exist


Thanks and Regards,


Prabhu.R

[freezebee]

May i have any suggestion from anybody to tell me whats wrong with my pc (Screen shot is attached for your reference)


Thanks and Regards,

Prabhu.R

[panic]

Download Context Menu Editor from

http://www.snapfiles.com/get/contextmenueditor.html

Cheers,
Ewen :-)

[freezebee]

Hi Ewen,

               I have tried Context menu editor which you told me to download but still the malware exists


              Wat to do 

Thanks and Regards,

Prabhu.R

[panic]

If, by "still the malware exists" you mean that you still have the undefined characters on your context menu, then you can remove these manually. This does mean that you will have to edit the registry, and if you are at all uncomfortable about this, DONT.

The steps for manual removal are;

1. If you are at all not sure of this, then stop.
2. Create a backup of your registry
3. Click Start
4. Click Run
5. Type in regedit and click ENTER
6. Browse to the following:  HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
7. This will show the items that are currently on your explorer context menu
8. Select the one you want to delete and press delete

Reboot and the odd item should not be on your explorer context menu.

Please note, the above instructions are for the English language version of Windows XP.

Other than the context menu entry, are there any other signs that the malware is still active on your system?

Ewen :-)

[3xist]

Topic Locked.

Reason: Out-Dated post.

Josh

[Tags:]