Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

File and Folder Properties are messed up


  • Please log in to reply

#16
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts

step 2. everything in the log contained either desktop.ini, Desktop.ini, or DESKTOP.INI.


Yes, that's a given, since we were looking for those. But are they in folders that also have these unwanted hidden files? A long shot, I admit.

Let me go back and take another look at the OT log. Some malware settings just getting overlooked here.

Check this in the meantime please.

Go to Start Search, type regedit, and when that shows at the top of the menu right click it, and select "Run as administrator".

In the Registry Editor display, navigate to the following Registry key:

HKEY_USERS\S-1-5-21-1343024091-484061587-1801674531-1004

Most of the numbers in your Registry Editor will be different, except for the parts I hilighted.

Under that, see if something like this is there:

HKEY_USERS\S-1-5-21-1343024091-484061587-1801674531-1004\Software\Classes\.exe

For now just let me know.
  • 0

Advertisements


#17
Kasey21

Kasey21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Yes, some of the files that are hidden contain desktop.ini. the reason I say some is because there are just too many to look up all of them.. However I have confirmed 2 folders and it's contents in which they are hidden and contain desktop.ini. And no, there is no .exe in that part of the registry.
  • 0

#18
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
For those two folders, rename those desktop.ini files to larry1 and larry2 (just as shown). Reboot, and check the file that are hidden.
  • 0

#19
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Other user accounts have the same problem with the same files?
  • 0

#20
Kasey21

Kasey21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts

For those two folders, rename those desktop.ini files to larry1 and larry2 (just as shown). Reboot, and check the file that are hidden.


uhmm... I didn't really understand. I just renamed the folders and files to larry1 and larry2 and rebooted. It didn't fix anything but for some reason I think that isn't what I suppose to do. lol.. I got confused with the "(just as shown)" part.


Other user accounts have the same problem with the same files?


there is only one user account on the computer. the "Guest" account is disabled.
  • 0

#21
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Go to Control Panel - User Accounts, and create a new admin user account.

Restart the computer, log in to that new account, and just see if it experiences the same issues. Better to choose a keeper name for the new account. If it does not experience the same problems, you can just use the actual system's Administrator account, transferred personal data, then switch over to this new user account.
  • 0

#22
Kasey21

Kasey21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
All file properties are still messed up. However, I was able to update Adobe on the new one. I couldn't do it on this one as for some reason it said I didn't have permission.
  • 0

#23
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
There's a tool developed by Grinler over at Bleeping that does assist with unhiding the malware altered files. The procedure is not without some downsides, such as more files are unhidden than the system usually has. But given the mess the malware makes, the trade-off seems okay.

Click here and download unhide.exe to your desktop.

Then temp disable all security softwares, and click the file to run the fix. Agree to any prompts, and be sure to reboot after. I have not had time to check this fix yet, but the results for many others looks promising.

After the reboot check how everything is, and post back an update please. My thanks to Grinler for the great work on the tool.
  • 0

#24
Kasey21

Kasey21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
That fixed it. I can just use the other Administrator account and delete this one to fix the "permission" problems. Thanks for helping me :)
  • 0

#25
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
You did well there. Do you wish to check installed programs, for suggestions on any changes to be made, or just start cleaning up our work here?
  • 0

Advertisements


#26
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
A teammate at a different forum provided some very clear details of the infection your system has/had, and I now see how little I knew of these changes. If you still are running into problems on that system, feel free to still post here, or I can also ask someone more knowledgeable about this particular infection to assist here.
  • 0

#27
Kasey21

Kasey21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Well the only thing that was fixed was the hidden folders. Making a new account and using it instead, fixes the permission issues but it is more of ignoring the problem. lol. I also have folders that are suppose to be hidden that were unhidden. But there are just a few of them and I can manually change them. So, if you can I would really like to fix the permission problems instead of using a new account :unsure: . Thanks :)
  • 0

#28
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Good. Help me to be clear on the goals there. What exactly is having permissions issues there? Too many permissions, too few, a bunch of files/folders, these few files folders?
  • 0

#29
Kasey21

Kasey21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Not 100% on which folders exactly, but the problem occurs when I try to update Adobe Reader and I get an error message saying I don't have permission to access a folder that is needed for the update. Also, I didn't have permission to change the settings on some folders. Like I tried to change the folder ESET to unhidden when it was hidden a while back but it said I didn't have permission to do this. In fact, I just noticed, but it was the only folder in Program Files that didn't change when I used the unhide program. So I'd have to say that problem is too few permissions on a few files/folders.
  • 0

#30
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Let's do this methodically, going by some existing info. Just know there are some tools you can use to undo permissions, but better we not get to that just yet.


Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

dir /s /a "C:\Users\kelli\Local Settings\Temp\smtmp" > c:\larry.txt&c:\larry.txt

Your drive will be scanned and when finished, Notepad will pop up with some information. Copy and paste it in this thread.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP