one of my systems was recently infected by a virus/trojan detected as AMVO.exe, that was found in the system32 folder. i googled and found that i was not alone, in fact the link reflects my case word for word.
i use AVG free, and it seems to have cleaned it out. i did a system scan in safe mode too and it returned with no more infections. but i now have the folowing problems:
1. i cannot open my logical drives in explorer, i get a "open with" box, and even then, it opens in a new window. this is only with the logical drives, cd & usb drives open normally and if i go for the "explore" option on them, then i can browse my drives using the directory tree without any issues.
2. i cannot retrieve hidden files. the files are there since they're using disc space, but cannot be viewed, even after checking view hidden system files and folders.
i use AVG free on Win XP SP 2. hope some of you can help. if you want a hijack this log, can do, so lemme know. thanks
Youre not going to repair a windows shell problem with Hijack This,
If you have SP1 or SP2 installed, I recomend that you re install the service pack and hope this corrects your file system problem. Some other members that helped me do support here in the past helped confirm that the re installation of a SP is way easier than System File Checker, and if the SP doesnt fix it, YOUR FUXORED.
.
just one problem, i used an installation disc that had SP2 pre-integrated...does it also keep a SP uninstaller like the upgrade installer, or how do i go about uninstalling it?
you're my last hope krell, formatting'll make me cry the first time in 20 years...
You can download SP2 standalone.
WindowsXP-KB835935-SP2-ENU
*click - page loads - wait - click on download prompt at top of page*
This basically replaces your OS. You should turn off antivirus checker before attempting this. If you have any 3rd party utilities such as Tweak XP, uninstall them first.
Good luck!
.
thanks, i'll try it. watch this space!
*sign of the cross with Corona bottle*
I'm going to bed, if this doesnt work, play Xbox till I form a plan B.
" i cannot open my logical drives in explorer, i get a "open with" box, and even then, it opens in a new window."
" i cannot retrieve hidden files. the files are there since they're using disc space, but cannot be viewed, even after checking view hidden system files and folders."
Is this on the C drive also? The logical drives, are they other partitions on the same drive as C: or removable storage?
.
tried reinstalling SP2 like you said...no cigar.
yeah, it's the same with all my drives including c drive. thing is, i think the virus/worm altered something within the drives cause the same happened with my usb drive till i formatted it, now it opens normally while the other hard disk drives behave like errant hilton kids.
i'm off to my 360 till you come back with your plan B. i'll keep me fingers crossed besides others...
anyone else with ideas would be appreciated. thanks.
So you formatted your USB drive and you can view everything on there normally? Sounds like it may not be a Windows Explorer problem. To rule it out:
Have you tried to view those hidden files with an alternative program, like A43 (http://www.primitus.us/a43/)?
In an Explorer window, try 'Tools', 'Folder Options', 'Restore Defaults' (long shot).
Also in that menu, if you click the 'File Types' tab and locate the 'Drive' type and click 'Advanced', what's in that menu?
On last resort you can ask a friend with Windows XP SP2, export the following Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\explorer
Clean yours and export the one from your friend. Warning this could be dangerous.
If All fail, The other thing is reinstall windows. Reinstall (NOT FRESH INSTALL), you will not loose your apps and data, only think you will loose are windows updates since SP2.
Also, if you're going to reinstall windows, keep the lastest hardware drivers at hand, since reinstallation will put SP2 default drivers.
I want you to do the least intrusive and least impacting things first, which is why I recomended the SP2. If you try to re install windows it might just tell you that "you already have a newer verion, piss off".Originally Posted by w31n3r
We dont know if this virus affected something with the Local Policy on the machine or if you have some file system problem.
If you've been around here for any length of time, you know that I always tell people to get a copy of the MiniXT Cd of Happiness. Do you have another PC in the house? If so:
Mini PE XT
Diamond BootCD v1.00 [3 in 1 Hiren's BootCD v8.2, miniPE-XT v2k6.05.24, UlimateBootCD v3.4]
YOU NEED THESE.
Get and burn, and boot to the Mini XT cd, and browse your drives, can you see the data there and access all the folders?
Also, from this CD, run the CHKDSK.
There are also a buttload of antivirus and malware programs.
Get > Burn > Boot > Test = 2 hours.
.
You can always reinstall Windows XP, donno about vista, but you can reinstall XP always, the installation program will never say you can't because you have a newer windows in the machine, simple boot the Windows XP CD from DOS. This method will resolve those 90% of pesky missing/wrong registry settings. Also you can boot in recovery mode (Windows XP CD) and run chkdsk /f. Reinstalling windows will took you no more than 2 hours. Use this as your last resort.
Anyway, from what you say, seems the windows explorer may have some shell hooks wrong, or filetypes wrong, if you have access to other Windows XP machine, just backup your
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\explorer
with Regedit and Export from the other machine the same key, transfer the .reg file to your broken machine and import it or double click that reg file.
Last, but not last. Could be also some file permissions. Take ownership of the entire C: drive, Mark the C drive, Second Button, Properties, Security, Owner, and take ownership of the entire drive. you need to be logged with an administrator account to do so. It'll take time, it depends of the size and # of files of your drive the time you need to wait.
hi guys, thanks for the suggestions, just got back from out of town. i'm downloading the the mini XT and hirens boot cd from the torrents krell posted, might take some time since there're no seeds, i'll look into CW and Cheekcha's tips in the mean time.
@Krell, SP2 did install over itself (surprisingly! no newer ver. BS), but it didn't change anything.
i have a few USB drives that i can remove anytime, they open just fine, my problem only happens with the partitions on my HDD. i have 4 partitions - c: is the primary, while d, e, & f, are all logical drives of the single extended partn. the funny thing is, when i first detected the virus, even the usb drives could not open normally, till i formatted them, which lead me to believe that the virus changed something within the drive.
i'm not sure if the virus put in a hidden autorun type file to change the way i open the drive, and changed a reg key to make sure i cant see the file to delete it. makes any sense? dunno, just grasping at straws maybe.
i'll know when i'm done downloading the images...ahh, it's moving now. i'll keep you posted.
Great, I've been wating to hear back from you.
With the Mini Xt cd, you can do a better job at testing the file system, perms etc. There are 2 levels of chkdsk, you want the more thorough one that tests security descriptors.
Now that I know you keep other partitions for storage, im not nearly as concerned as you about re installing Windows. What we DONT want to do is back up folders from the C drive that might be affected, and re install XP, only to have you migrate the problem back again.
However, look on the bright side, you use the Mini Xt to copy your files and keys off the C drive, and you re install XP, then you can use the Mini PE again to make an image of the known good OS with firewall etc.
The next time shit hits the fan, you can restore the image in 2 minutes and have a "fuck it" attitude about being in a pickle. Voila! back to a known good configured system.
And btw - in the future Start > Run > compmgmt.msc /s
or Start > Administrative Tools > Computer Management
or other ways to get there. . .
Take a screen shot of the Disk Management console
I had to downsize the pic to attach here because I run my desktop at 1920x1080.
.
i really wish i had your PC...
I had to downsize the pic to attach here because I run my desktop at 1920x1080.
.
i'm just about ready to start, just about because i'm at work now and had a whole lot of shit to deal with at home yesterday. i've reserved this evening to fix this, so i'll cry for help later in a few hours again.
fingers crossed
Posting Permissions
Reply With Quote
Bookmarks