Just as a summary.
Which programs have you already scanned your computer with?
I just dont understand it.
I do have win98 boot files and also HP USB Disk Storage Format Tool. They can help create a bootable pendive/USB stick.
[attachment deleted by admin]
Did you download something to make your Windows XP to look like Windows 7 and/or Windows Vista???
Because thats what I’m leaning towards
@All
Thanks for the feedbacks…
here’s to answer all quickly:
Did you download something to make your Windows XP to look like Windows 7 and/or Windows Vista?HuhHuh Because thats what I'm leaning towardsnewp... its WIndows 7 Pro x64
Just as a summary.Which programs have you already scanned your computer with?
a lot…
CCE
Comodo Suite
Sophos Anti Rootkit
and a few others…
i’ve yet to run HitmanPro and Dr Web but im feelin lazy about it coz nothing seems to detect it…
@jay2007tech
umm… perhaps you didnt read the recent updates on this case? hehe tnx though.
So where we are now?
-
System32 folder is still not showing explorer.exe and other new files i add into it, but it’s showing lots of other files… there are just some hidden ones
-
Though it was not visible , I was able to copy the explorer.exe getting flagged by comodo from w/in the system32 folder by copying the whole System32 folder to my desktop… and it turned out legit…
-
i know explorer.exe shouldnt be in the system32 folder, but it’s there, somehow goes active from time to time, but that explorer.exe as digitally signed and legit… i’m thinkin there’s a software in my system that’s doin this ? perhaps a file browse routine? or an update process or explorer shell tweak or something… some routine that the software needs a different copy of explorer.exe to be placed in system32?
-
NOW, for over 48 hours already, i’ve not seen this explorer.exe get flagged… and no … I’ve not made changes to the system, nothing was able to clean it… not evn find it… but it just stop getting flagged…
My side question… since only “certain files” plus any newly added files in the SYstem32 folder are hidden, and while my SUPERHIDDEN registry are set to SHOW ALL , then, WHAT REGISTRY Setting can make this SELECTIVE HIDING possible ?? if not registry , it’s got to be an application running selective hiding, but there’s no process… what are the other posibilities? group policy? … let’s start w/ this…
You did check the ‘Checked value’ as well as ‘ValueName’ and they are fine(You did mentions that in previous posts of yours), so there are some tweaks in group policy editor.
FINALLY GOT TO THE BOTTOM OF THIS MYSELF…
after days of testing and stuff (WASTED SO MUCH TIME and it’s supposed to be my xmas vacation from IT work)… i finally found the culprit…
It was the software called TeraCopy 2.1 that i use to make file transfers faster etc…
Once this software is installed the problem starts… where the files in System32 drive becomes partially visible (especially the suspected explorer.exe) and any file you add onto it becomes invisible also!
Comparing snapshots, there’s a bunch of registry added and modified , while i didnt have time to study each regkey i did notice it added a file explorer.exe in
C:\Windows\SysWOW64 … dunno if this is an explorer from w/in TeraCopy’s explorer or copied from the current Explorer.exe of my windows installation…
snapshot comparisons didnt detect any new explorer.exe in the System32 folder (where it was being flagged by comodo)… perhaps because it’s hidden already (right after installation of teracopy)…
finally uninstalling teraCopy restores full visibility in the System32 folder…
I was able to repeat the above scenarios numerous times, i also downloaded a fresh copy of teracopy off their site in one of the tests… just to make sure it’s their official installer…
So question now is… is this a normal/needed act by teracopy? is it NECESSARY? or is there something suspicious going on? what other “hidden” files could have been added in the system32 folder?
im contacting the developers about this as well…
regards
TJ
Congrats with finding the root cause of your problem. It sounds like you took the approach to start unisntalling recently installed programs.
Hi thanks
but on the contrary i still have not solved the problem… though finding the root cause is huge progress…
newp i didnt uninstall each (i didnt go backward) since if this is a virus then there’s really no uninstallation…
what i did is a deployed a fresh copy of win 7 x64 on and ran my monitors on it and installed all my apps 1 by 1 up to the point where my real rig was at… and discovered it…
Still some questions left to be answered…
Let us know how things go.
sadly no response from tera copy… 
should this kind of activity be trusted?
It’s holiday season. Let see if next week brings a reply from them.