Unknown std text found in my pc

freezebee · April 1, 2008, 11:13am

Hi,
Well my pc got infected with some malware its like showing an undefined characters ($&?!*) on the context menu for all the local drives

The problem is : I couldn’t able to double click my local drives (C:,D:,E: etc) suppose if i try to open it by double-click it opens a “Open-With” dialog box

or if i do right click and select the menu option of undefined character its opening the same “open-with” dialog box

Because of this i have downloaded the comodo antivirus to detect and repair it but it says no virus found

Right now im using ZoneAlarm firewall with antivirus its also not detecting it

and even i searched for help doc in the net it says like i have to delete the autorun.ini file but i searched for that file there is no presense of that file in my pc by enabling the show hidden file folders

so suggest me any idea to get rid of the malware in my pc

I think i got this error from one of my thumb drive

Thanks and waiting for your suggestion

freezebee · April 2, 2008, 8:46am

Stiil i didn’t get any suggestion from any body to get rid of that ■■■■ characters

so help me out to sort this problem! ???

Thanks

Prabhu.R

panic · April 2, 2008, 9:31am

Download hijackthis.exe from www.merijn.org/downloads and run it (Do a scan and save a log file). The section we’re interested in are the “02” entries that relate to context menu items. Attach the log file to reply and we’ll see what we can find.

Cheers,
Ewen

freezebee · April 2, 2008, 4:25pm

Hi Ewen,

Thanks for replying to my post

I here by attaching my malware screen shot and hijack information for your suggestion.

Thanks,

Prabhu.R

[attachment deleted by admin]

Ragwing · April 2, 2008, 6:08pm

Protocol: vfsp - (no CLSID) - (no file) - Now what the hell is this?

[b]Winlogon Notify: WgaLogon - C:\WINDOWS[/b] (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify) - This ins’t malware, but if it’s C:\WINDOWS, it means that the key containing the value is empty. I don’t know why it’s there. There’s not supposted to be such an entry in \Winlogon\Notify as far as I know.

Else, I can’t find any other suspicious items in your log. Try to delete them and see if it solves your problem (if no one has anything against it).

Cheers,
Ragwing

freezebee · April 4, 2008, 4:26am

Hi Ragwing,

                             I couldn't able to get you like which entry i have to delete!

the whole wgalogon folder it self

Thanks

Prabhu.R

Ragwing · April 4, 2008, 9:50am

No, don’t delete the Winlogon-key. I meant that you should delete these entries in HijackThis. Just mark those two, and choose Fix checked (I think that’s the correct name of the button :P).

Cheers,
Ragwing

freezebee · April 5, 2008, 5:29am

thanks for patience Ragwig

but i coulnt able to delete the entry in “hjack this” for "Protocol: vfsp - (no CLSID) - (no file) "

Now what should i do?

Thanks and Regards,

Prabhu.R

Ragwing · April 5, 2008, 12:09pm

Open the start menu and click Run. Write regedit. Now go to HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler and delete vfsp.

OR

Open notepad and write:
[b]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vfsp][/b]

Save as delete.reg (name won’t matter, but include .reg). Now double-click it and then do a new HijackThis-scan to see if it’s gone.

Cheers,
Ragwing

freezebee · April 5, 2008, 6:43pm

Hi Ragwing,

               The entry got deleted now but my malware problem which u saw above in the  screen shot is still exist

Thanks and Regards,

Prabhu.R

freezebee · April 7, 2008, 6:40am

May i have any suggestion from anybody to tell me whats wrong with my pc (Screen shot is attached for your reference)

Thanks and Regards,

Prabhu.R

panic · April 7, 2008, 7:21am

Download Context Menu Editor from

Cheers,
Ewen

freezebee · April 8, 2008, 8:32am

Hi Ewen,

           I have tried Context menu editor which you told me to download but still the malware exists 


          Wat to do  :o

Thanks and Regards,

Prabhu.R

panic · April 8, 2008, 9:06am

If, by “still the malware exists” you mean that you still have the undefined characters on your context menu, then you can remove these manually. This does mean that you will have to edit the registry, and if you are at all uncomfortable about this, DONT.

The steps for manual removal are;

If you are at all not sure of this, then stop.
Create a backup of your registry
Click Start
Click Run
Type in regedit and click ENTER
Browse to the following: HKEY_CLASSES_ROOT*\shellex\ContextMenuHandlers
This will show the items that are currently on your explorer context menu
Select the one you want to delete and press delete

Reboot and the odd item should not be on your explorer context menu.

Please note, the above instructions are for the English language version of Windows XP.

Other than the context menu entry, are there any other signs that the malware is still active on your system?

Ewen

system · June 1, 2008, 4:48am

Topic Locked.

Reason: Out-Dated post.

Josh