The night before last I had a very bad experience, and only managed to avoid a complete wipe and reload by the skin of my teeth.
I was downloading a file from a site I had used before, and my AV software trapped something called "Downloader". I stopped the download immediately. I then noticed that all the items in the system tray have been blanked out and replaced with "<" signs (like you get when it's hiding icons). I couldn't bring up Task Manager, and my other running software (Spy Sweeper) also reported a strange file it was quarantining.
I then found that my internet access seemed to have disappeared and that there was only minimal activity showing. I tried a reboot and Spy Sweeper popped up during the start up sequence to say it was deleting a file. However, when I logged back in the situation was the same - no system tray icons, no internet, no Task Manager. Help, I thought.
At that stage, I thought I might be in real trouble. I ran HijackThis but couldn't see anything obvious.
I had a thought to check if this was also happening on other accounts, so I managed to log out and log in to the alternative account.
Everything seemed fine, and then a window popped up (from WinPatrol) asking if I approved "c:\Documents and Settings\<name>\svchost.exe" as an addition to the startup folder. Oh, oh! Answer definitely NO. Is this the problem? Log back into my account and check the running processes.
Since I couldn't get Task Manager to come up, this could have been a problem, but WinPatrol allows me to check the startup processes and the running tasks. I could see the real svchost.exe (from Microsoft) plus an extra one without an owner. I disabled this and things came back to normal!!! When I looked at the HijackThis log I spotted that process (a bit late).
And now the kicker. When I look in my Documents and Setting folder there is no svchost.exe file (I have 'show hidden files' on in explorer). So apparently the system can run a file I can't see in explorer. I would like to be able to get rid of this file, but how?
I have run adsspy but this doesn't show anything. While it was running it showed itself scanning a directory called "c:\Documents and Settings\<name>\!" (with a "!"), that seemed to contain mostly zip files. I can't see anything called "!" under explorer, so what is this folder?
So what is going on?
normanallen
4
Junior Poster
Recommended Answers
Jump to PostI'd say either your antivirus software deleted it, or it's still hidden and not showing for some reason. I'm not familiar with the "!" directory but that doesn't necisarrily mean it's malicious.
Try navigating to that accounts D&S folder from another account, if there is an alternate virus that's …
All 3 Replies
OlyComputers
110
Practically a Master Poster
normanallen
4
Junior Poster
normanallen
4
Junior Poster
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.