I have a serious problem with my hdd partitions..please help.

[ashjas]

Hi,

This has happened 3-4 times since about a month.

The problem that i am having is that an unknown setup file
automatically resides on my partitions that has a size of about 48
KB..I virus checked it with bitdefender with latest virus
signatures..but it isnt infected..

But what it does is that it changes the default partition icon that win
xp shows for the partitions for a HDD..here are the images image..::

image1::http://img165.imageshack.us/img165/1773/1qo3.png
image2::http://img100.imageshack.us/img100/8199/2es2.png
image3::http://img100.imageshack.us/img100/227/3oc9.png


earlier it was for only drive d and e..and now its for drive c and e..

also one can see an autorun file(in image2) that is also generated with
that setup file that has the following contents::

[autorun]
open=setup.exe
icon=setup.exe,0



And when i delete that setup file..the icon of the partition doessnot
restores to the default hdd icon
(which is the icon of store1(D partition that is correct as no setup
file resides on that partition)
but shows the same icon which the windows shows for file types that
are not registered to be opened by any application defaultly..

earlier..after deleting that setup file..i had to reformat my partition
to get back that icon..

well there is no harm in such a situation..no virus..no unexpected
behaviour..or something..but this thing is irrating..

And if i restore the system partition from an image ,to check if there
is something wrong with the system files..then also that icon of the
other partitions remain as it is..

Please help me in figuring out what is happening..

I am providing a link for the suspicious setup file aswell..which i
have checked for virus(image3)..and it passed clean..

Thanks for helping..

 

[ashjas]

I forgot to give the link for that suspicious file...::

http://rapidshare.de/files/31067339/setup.exe.html

 

[Malke]

I forgot to give the link for that suspicious file...::

http://rapidshare.de/files/31067339/setup.exe.xxxx

Hi,

This has happened 3-4 times since about a month.

The problem that i am having is that an unknown setup file
automatically resides on my partitions that has a size of about 48
KB..I virus checked it with bitdefender with latest virus
signatures..but it isnt infected..

But what it does is that it changes the default partition icon that
win xp shows for the partitions for a HDD..here are the images
image..::

image1::http://img165.imageshack.us/img165/1773/1qo3.png
image2::http://img100.imageshack.us/img100/8199/2es2.png
image3::http://img100.imageshack.us/img100/227/3oc9.png


earlier it was for only drive d and e..and now its for drive c and
e..

also one can see an autorun file(in image2) that is also generated
with
that setup file that has the following contents::

[autorun]
open=setup.exe
icon=setup.exe,0
And when i delete that setup file..the icon of the partition doessnot
restores to the default hdd icon
(which is the icon of store1(D partition that is correct as no
setup file resides on that partition)
but shows the same icon which the windows shows for file types that
are not registered to be opened by any application defaultly..

earlier..after deleting that setup file..i had to reformat my
partition to get back that icon..

well there is no harm in such a situation..no virus..no unexpected
behaviour..or something..but this thing is irrating..

And if i restore the system partition from an image ,to check if
there is something wrong with the system files..then also that icon
of the other partitions remain as it is..

Please do not post unmunged url's that lead to possible malware. Please
send the suspect file to VirusTotal and report back with the results.

http://www.virustotal.com/flash/index_en.html

In the meantime:

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with either Sysclean or Multi_AV, plus Ewido. Do all
prep/finishing work and follow instructions to do all scans in Safe
Mode.

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

If the procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a professional
computer repair shop (not your local version of BigStoreUSA).

Malke

 

[ashjas]

yes..it was infected with a trojan..here is the screen::

http://img95.imageshack.us/img95/3900/virusvr0.png

Installed kaspersky 6.0..updated virus def...picked straight away..

Thanks for suggesting virustotal.com..awsome site..

Uninstalled bitdefender..

Thanks.

I forgot to give the link for that suspicious file...::

http://rapidshare.de/files/31067339/setup.exe.xxxx

Hi,

This has happened 3-4 times since about a month.

The problem that i am having is that an unknown setup file
automatically resides on my partitions that has a size of about 48
KB..I virus checked it with bitdefender with latest virus
signatures..but it isnt infected..

But what it does is that it changes the default partition icon that
win xp shows for the partitions for a HDD..here are the images
image..::

image1::http://img165.imageshack.us/img165/1773/1qo3.png
image2::http://img100.imageshack.us/img100/8199/2es2.png
image3::http://img100.imageshack.us/img100/227/3oc9.png


earlier it was for only drive d and e..and now its for drive c and
e..

also one can see an autorun file(in image2) that is also generated
with
that setup file that has the following contents::

[autorun]
open=setup.exe
icon=setup.exe,0
And when i delete that setup file..the icon of the partition doessnot
restores to the default hdd icon
(which is the icon of store1(D partition that is correct as no
setup file resides on that partition)
but shows the same icon which the windows shows for file types that
are not registered to be opened by any application defaultly..

earlier..after deleting that setup file..i had to reformat my
partition to get back that icon..

well there is no harm in such a situation..no virus..no unexpected
behaviour..or something..but this thing is irrating..

And if i restore the system partition from an image ,to check if
there is something wrong with the system files..then also that icon
of the other partitions remain as it is..

Please do not post unmunged url's that lead to possible malware. Please
send the suspect file to VirusTotal and report back with the results.

http://www.virustotal.com/flash/index_en.html

In the meantime:

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with either Sysclean or Multi_AV, plus Ewido. Do all
prep/finishing work and follow instructions to do all scans in Safe
Mode.

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

If the procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a professional
computer repair shop (not your local version of BigStoreUSA).

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[Malke]

yes..it was infected with a trojan..here is the screen::

http://img95.imageshack.us/img95/3900/virusvr0.png

Installed kaspersky 6.0..updated virus def...picked straight away..

Thanks for suggesting virustotal.com..awsome site..

Uninstalled bitdefender..

Glad to hear you got it sorted. Thanks for posting the solution.

Malke