one of my systems was recently infected by a virus/trojan detected as AMVO.exe, that was found in the system32 folder. i googled and found that i was not alone (http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/Q_23011591.html), in fact the link reflects my case word for word.

i use AVG free, and it seems to have cleaned it out. i did a system scan in safe mode too and it returned with no more infections. but i now have the folowing problems:

1. i cannot open my logical drives in explorer, i get a "open with" box, and even then, it opens in a new window. this is only with the logical drives, cd & usb drives open normally and if i go for the "explore" option on them, then i can browse my drives using the directory tree without any issues.

2. i cannot retrieve hidden files. the files are there since they're using disc space, but cannot be viewed, even after checking view hidden system files and folders.

i use AVG free on Win XP SP 2. hope some of you can help. if you want a hijack this log, can do, so lemme know. thanks

Youre not going to repair a windows shell problem with Hijack This,

If you have SP1 or SP2 installed, I recomend that you re install the service pack and hope this corrects your file system problem. Some other members that helped me do support here in the past helped confirm that the re installation of a SP is way easier than System File Checker, and if the SP doesnt fix it, YOUR FUXORED.


.

just one problem, i used an installation disc that had SP2 pre-integrated...does it also keep a SP uninstaller like the upgrade installer, or how do i go about uninstalling it?

you're my last hope krell, formatting'll make me cry the first time in 20 years...

You can download SP2 standalone.

WindowsXP-KB835935-SP2-ENU (http://www.softwarepatch.com/security/winxpsp2-security.html)

*click - page loads - wait - click on download prompt at top of page*

This basically replaces your OS. You should turn off antivirus checker before attempting this. If you have any 3rd party utilities such as Tweak XP, uninstall them first.

Good luck!


.

thanks, i'll try it. watch this space!

*sign of the cross with Corona bottle*

I'm going to bed, if this doesnt work, play Xbox till I form a plan B.

" i cannot open my logical drives in explorer, i get a "open with" box, and even then, it opens in a new window."

" i cannot retrieve hidden files. the files are there since they're using disc space, but cannot be viewed, even after checking view hidden system files and folders."

Is this on the C drive also? The logical drives, are they other partitions on the same drive as C: or removable storage?


.

tried reinstalling SP2 like you said...no cigar.

yeah, it's the same with all my drives including c drive. thing is, i think the virus/worm altered something within the drives cause the same happened with my usb drive till i formatted it, now it opens normally while the other hard disk drives behave like errant hilton kids.

i'm off to my 360 till you come back with your plan B. i'll keep me fingers crossed besides others...

anyone else with ideas would be appreciated. thanks.

So you formatted your USB drive and you can view everything on there normally? Sounds like it may not be a Windows Explorer problem. To rule it out:
Have you tried to view those hidden files with an alternative program, like A43 (http://www.primitus.us/a43/)?
In an Explorer window, try 'Tools', 'Folder Options', 'Restore Defaults' (long shot).
Also in that menu, if you click the 'File Types' tab and locate the 'Drive' type and click 'Advanced', what's in that menu?

On last resort you can ask a friend with Windows XP SP2, export the following Registry Key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\explorer

Clean yours and export the one from your friend. Warning this could be dangerous.

If All fail, The other thing is reinstall windows. Reinstall (NOT FRESH INSTALL), you will not loose your apps and data, only think you will loose are windows updates since SP2.

Also, if you're going to reinstall windows, keep the lastest hardware drivers at hand, since reinstallation will put SP2 default drivers.

tried reinstalling SP2 like you said...no cigar.

What does this mean? Did it install, would not install, did not resolve the problem?

yeah, it's the same with all my drives including c drive. thing is, i think the virus/worm altered something within the drives cause the same happened with my usb drive till i formatted it, now it opens normally while the other hard disk drives behave like errant hilton kids.

Be more specific, DO YOU HAVE DRIVES that you can disconnect and get out of the equasion?

i'm off to my 360 till you come back with your plan B. i'll keep me fingers crossed besides others...

anyone else with ideas would be appreciated. thanks.

I want you to do the least intrusive and least impacting things first, which is why I recomended the SP2. If you try to re install windows it might just tell you that "you already have a newer verion, piss off".

We dont know if this virus affected something with the Local Policy on the machine or if you have some file system problem.

If you've been around here for any length of time, you know that I always tell people to get a copy of the MiniXT Cd of Happiness. Do you have another PC in the house? If so:

Mini PE XT (http://torrents.thepiratebay.org/3669864/MiniPE_DigiWiz_2k5.09.03_release_-_23-2-2007.3669864.TPB.torrent)

Diamond BootCD v1.00 [3 in 1 Hiren's BootCD v8.2, miniPE-XT v2k6.05.24, UlimateBootCD v3.4] (http://torrents.thepiratebay.org/3502842/Diamond_BootCD_v1.00_[3_in_1_Hiren____s_BootCD_v8.2__miniPE-XT_v.3502842.TPB.torrent)

YOU NEED THESE.

Get and burn, and boot to the Mini XT cd, and browse your drives, can you see the data there and access all the folders?

Also, from this CD, run the CHKDSK.

There are also a buttload of antivirus and malware programs.

Get > Burn > Boot > Test = 2 hours.



.

You can always reinstall Windows XP, donno about vista, but you can reinstall XP always, the installation program will never say you can't because you have a newer windows in the machine, simple boot the Windows XP CD from DOS. This method will resolve those 90% of pesky missing/wrong registry settings. Also you can boot in recovery mode (Windows XP CD) and run chkdsk /f. Reinstalling windows will took you no more than 2 hours. Use this as your last resort.

Anyway, from what you say, seems the windows explorer may have some shell hooks wrong, or filetypes wrong, if you have access to other Windows XP machine, just backup your

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\explorer

with Regedit and Export from the other machine the same key, transfer the .reg file to your broken machine and import it or double click that reg file.

Last, but not last. Could be also some file permissions. Take ownership of the entire C: drive, Mark the C drive, Second Button, Properties, Security, Owner, and take ownership of the entire drive. you need to be logged with an administrator account to do so. It'll take time, it depends of the size and # of files of your drive the time you need to wait.

hi guys, thanks for the suggestions, just got back from out of town. i'm downloading the the mini XT and hirens boot cd from the torrents krell posted, might take some time since there're no seeds, i'll look into CW and Cheekcha's tips in the mean time.

@Krell, SP2 did install over itself (surprisingly! no newer ver. BS), but it didn't change anything.

i have a few USB drives that i can remove anytime, they open just fine, my problem only happens with the partitions on my HDD. i have 4 partitions - c: is the primary, while d, e, & f, are all logical drives of the single extended partn. the funny thing is, when i first detected the virus, even the usb drives could not open normally, till i formatted them, which lead me to believe that the virus changed something within the drive.

i'm not sure if the virus put in a hidden autorun type file to change the way i open the drive, and changed a reg key to make sure i cant see the file to delete it. makes any sense? dunno, just grasping at straws maybe.

i'll know when i'm done downloading the images...ahh, it's moving now. i'll keep you posted.

Great, I've been wating to hear back from you.

With the Mini Xt cd, you can do a better job at testing the file system, perms etc. There are 2 levels of chkdsk, you want the more thorough one that tests security descriptors.

Now that I know you keep other partitions for storage, im not nearly as concerned as you about re installing Windows. What we DONT want to do is back up folders from the C drive that might be affected, and re install XP, only to have you migrate the problem back again.

However, look on the bright side, you use the Mini Xt to copy your files and keys off the C drive, and you re install XP, then you can use the Mini PE again to make an image of the known good OS with firewall etc.

The next time shit hits the fan, you can restore the image in 2 minutes and have a "fuck it" attitude about being in a pickle. Voila! back to a known good configured system.

And btw - in the future Start > Run > compmgmt.msc /s

or Start > Administrative Tools > Computer Management

or other ways to get there. . .

Take a screen shot of the Disk Management console

http://img261.imageshack.us/img261/4501/mgnted1.th.jpg (http://img261.imageshack.us/my.php?image=mgnted1.jpg)

I had to downsize the pic to attach here because I run my desktop at 1920x1080.

.

http://img261.imageshack.us/img261/4501/mgnted1.th.jpg (http://img261.imageshack.us/my.php?image=mgnted1.jpg)

I had to downsize the pic to attach here because I run my desktop at 1920x1080.

.

i really wish i had your PC...

i'm just about ready to start, just about because i'm at work now and had a whole lot of shit to deal with at home yesterday. i've reserved this evening to fix this, so i'll cry for help later in a few hours again.

fingers crossed

I'll check in periodically

Good luck

What's going on with this? You're hangin out in fart threads when I could be out gettin smashed, instead Im here to see if you solved your problem yet.

:D not really, but I am curious if you made any progress.


.

lol, hey sorry man. my mother-out law is staying with us these days and she found chewing my balls the moment i get home a good winter hobby. last night it was about my wife's ex who's a doctor now. the old broad's getting senile since she forgot that i still got the 1st prize in that one.

i'm almost done here at work and go home early and have a crack at it before the game, i've been promised she won't be at home. i'll be back...

lol, hey sorry man. my mother-out law is staying with us these days and she found chewing my balls the moment i get home a good winter hobby. last night it was about my wife's ex who's a doctor now. the old broad's getting senile since she forgot that i still got the 1st prize in that one.

i'm almost done here at work and go home early and have a crack at it before the game, i've been promised she won't be at home. i'll be back...

Does she have a will? I can be on a plane.

Yeah it's not like anything is on fire, just take your time and work through this thoughtfully. It's better to stay than to move forward to some irrecoveable place.


.

Dear krell, i want to have your babies...

it worked like a charm!! i finally got around to doing it expecting to be on it the whole night, but it only took a few minutes.

i booted from the miniPE xt disc, and managed to browse my hard drives. turns out there was a hidden autorun.inf file on each drive, which basically wanted to open n1tedetect.com (which was identified & cleaned as a virus earlier by AVG). i deleted the file and the drives open normally in windows now.

i still cannot view hidden files in windows though, though they can be seen by the mini xt programs. any suggestions?

EDIT: when i deleted the autorun.inf files, i got a warning that it was a system file and some programs might not work. thought i'd let you know just in case it's important...

Cool. Autorun.inf is not an important file for a hard drive. It is however on the CD you are using so dont confuse the drive letters for the CD, it looks like an OS after all.

Did you run the CHKDSK /f on the partitions?

I would set the properties for the drives to NOT have any hidden files whatsoever. After those descriptors have been reset and you can see your formerly hidden files in the Windows Explorer of your OS, then try to make ONE file hidden, and see what the behavior is.

Good work, and just take your time checking things out. You can always just shut the whole thing down if you dont trust your instincts about doing something.


.

Done! :icon_chee i finally licked this bitch (with more than a little help from krell of course :icon_thum)

this may piss off the purist in you, but i used a couple of ready to use VBScripts tailor-made for this situation from here (http://www.edaboard.com/ftopic204338.html) (you have to sign up to view and download the files). i ran all three, restarted and voila! my hidden files are there to be seen! my PC's now running as it should be, i think...

next step for me is to back up my system like you and enter8 suggested...if you get a PM asking, bear with me.

and hey, thanks again!