Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Downloaded Program Files" are invisible


  • Please log in to reply

#1
Jonah the Whale

Jonah the Whale

    Member

  • Member
  • PipPip
  • 13 posts
I'm on Windows 98 SE, and I have a file I want to delete (C:\windows\dpf\ATPartners.inf). In the windows folder if I right click on DPF and select properties it tells me I have 31 files using 11Mb. When I open the folder it appears empty, even though I have enabled the "view hidden files" option. Any ideas?

Jonah.
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Jonah the Whale

You have a ATPartners.dll, Win32/TrojanDownloader.Rameh.C trojan

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and we'll remove what's left.

kc :tazz:
  • 0

#3
Jonah the Whale

Jonah the Whale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for getting back to me. I ran housecall antivirus and it found 125 (!) infected files. They were all in the C\windows or C\windows\system folder and were created between 21st-22nd December. They were listed as uncleanable so I deleted them, which doesnt seem to have done any harm. I downloaded Moosofts "The Cleaner", but since I had already downloaded it before I am past my 30 day trial period and couldn't do a trojan scan with it. It would cost nearly $50 to buy which is quite a lot. I have to say I am very disappointed that Norton didn't detect these trojans. How come a big outfit like Norton can't figure out how to deal with these things? Anyway, here's my latest Hijack This log:

Logfile of HijackThis v1.98.2
Scan saved at 5:06:35 PM, on 12/30/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\PROGRAM FILES\NORTON INTERNET SECURITY\NISSERV.EXE
C:\WINDOWS\EXPLORER.EXE
D:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
D:\PROGRAM FILES\NORTON INTERNET SECURITY\SYMPROXYSVC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
D:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
D:\PROGRAM FILES\NORTON INTERNET SECURITY\IAMAPP.EXE
D:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
D:\THE CLEANER\TCA.EXE
D:\THE CLEANER\TCM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\DOCUMENTS\DAD\HIJACKTHIS.EXE

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0rnmrwr9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0rnmrwr9.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [WinPatrol] D:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe
O4 - HKLM\..\Run: [tcactive] D:\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [tcmonitor] D:\THE CLEANER\tcm.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [nisserv] D:\Program Files\Norton Internet Security\NISSERV.EXE
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wa...ct/instwact.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://netscape.musi...ad/mnviewer.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylom....gamesplayer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

Cheers,

Jonah.
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Download: DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

Then get the latest version of HijackThis (1.99) and post a new log made with that.

Regards,

Pieter
  • 0

#5
Jonah the Whale

Jonah the Whale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Great, thanks Pieter. Couldn't work out how to get rid of those trusted zones - they kept coming back. Now they are fixed. Still can't see my invisible downloaded programs though. Here's my log:

Logfile of HijackThis v1.99.0
Scan saved at 12:57:03 AM, on 12/31/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\PROGRAM FILES\NORTON INTERNET SECURITY\NISSERV.EXE
C:\WINDOWS\EXPLORER.EXE
D:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
D:\PROGRAM FILES\NORTON INTERNET SECURITY\SYMPROXYSVC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
D:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
D:\PROGRAM FILES\NORTON INTERNET SECURITY\IAMAPP.EXE
D:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
D:\THE CLEANER\TCA.EXE
D:\THE CLEANER\TCM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\DOCUMENTS\DAD\HIJACKTHIS.EXE

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0rnmrwr9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\0rnmrwr9.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [WinPatrol] D:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe
O4 - HKLM\..\Run: [tcactive] D:\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [tcmonitor] D:\THE CLEANER\tcm.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [nisserv] D:\Program Files\Norton Internet Security\NISSERV.EXE
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wa...ct/instwact.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://netscape.musi...ad/mnviewer.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylom....gamesplayer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

Cheers,

Jonah.
  • 0

#6
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Congratulations! Your system is CLEAN :tazz:

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox Posted Image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. ;)
  • 0

#7
Jonah the Whale

Jonah the Whale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks Coachwife. I am downloading Firefox as I type this, and will instruct the kids to use it. I am still left with my original question - why are all the programs in my "Downloaded Program Files" folder invisible? There are 31 files in there, and when I open the folder it says "0 object(s)" in the status bar at the bottom. Is it maybe the after-effects of some virus or malware, and is there any way to get it back to normal? I can view normal hidden files.

Jonah.
  • 0

#8
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I'm not on my 98 right now so I can't compare, but I don't remember my 98 having a downloaded programs folder.

Is that something you created? Are you missing any programs?

Are you making sure that all files are showing? Even those that Microsoft recommends not be available for viewing?
  • 0

#9
Jonah the Whale

Jonah the Whale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I'm pretty sure it came with Windows - it has its own little icon which is a folder with the IE logo in the middle. When I right click on it and select properties it tells me that it was created in May 2004 which is when I reinstalled Windows last. Other properties it lists are:

Type: ActiveX Cache Folder
Location: C:\Windows
Size: 11.3MB
Contains: 31 Files, 0 Folders

Attributes: "Read Only" is checked. "Hidden" and "Archive" are unchecked. "System" is ghosted.

I've heard of "superhidden" files, but I can't remember where. Could this be something to do with it? At the moment it doesn't seem to be causing a problem, but when I had to delete C:\windows\Downloaded Programs File\ATPartners.inf it disturbed me to find it was invisible. Fortunately when I performed "Find" it listed it and I was able to delete it using the results of "Find".

A new priblem I have now is with Firefox which I would love to use. Unfortunately a couple of sites which are visited regularly from this computer need a Java plugin, and invite me nicely to click here and download the plugin. However I have already downloaded it. I'm new to Firefox and don't really know anything about Java anyway. Is there some setting I need to change somewhere? An example of the type of thing that won't load is on the games page of my Internet Provider:
http://web.wanadoo.n...hp-20549-1.html
When I click on any of the games, I sit through half a minute of advertising (this is normal) then instead of the game starting I get this friendly advice to download Java. Any ideas?

Many thanks,

Jonah.
  • 0

#10
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Windows 98 doesn't have supper hidden folders, only NTFS operating systems (NT/2K/XP). I don't remember the exact reason at this late (early) hour, but I'm pretty sure that's normal behavior for that and other Windows system folders.
  • 0

#11
TerraFaxx

TerraFaxx

    New Member

  • Member
  • Pip
  • 1 posts
QUOTE "I've heard of "superhidden" files, but I can't remember where."

Probably in this excellent article:

http://sillydog.org/mshidden.html


TerraFaxx
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP