Posts Tagged ‘Virus’
Getting virus infected is a daily occurrence for our pendrives. I never mind because I do have a very good virus protection tool, which will not allow the virus to spread into my system. In some cases what the virus does is that it hides all the folders, Changes widnows file/folder view options. Sometimes it doesn’t allow you to change the folder view settings. Well.. that matter is described in the following link:
Problem with “Show Hidden Files & Folders” in windows Folder Option – WORM_AUTORUN.RW
But here I’m going to share a new thing with you. After you clear up the viruses, after you fix the “Show hidden Folder option”- you may face that you are unable to unhide the folders in the pendrive. Those files/folders will remain Hidden as many times as you want to unhide them. If that’s the case I simply copied the contents of all the hidden folders to my local drive and then format the Pendrive (Pretty simple solution). But recently I faced this problem with the pendrive like storage of my LG Arena Phone set. This phone has a 8 GB internal memory and I often use it as a pendrive. Unfortunately I plugged this phone into a virus infected PC and it got virus infected too. I cleared up the virus files, but was unable to unhide the folders. Now, here I can’t just format the whole storage as there were many other system folders for that phone. I started googling and found a pretty simple solution at kioskea website. The solution was something like this:
1. click start>>run>>type in “cmd”
2. type the location of your flash drive.. e.g. “d:”, “e:”, “f:”, etc..
3. type “dir /ah”
*you will now see the files/folders with hidden attributes
4. type “attrib [name of file/folder] -r -a -s -h”
*if you’re going to unhide files, you should type the whole name plus the extension (format).. example “attrib picture.jpg -r -a -s -h”
**if you have folders with 6 characters and above, type the first 6 characters then “~1″.. example for folder named “birthday”
“attrib birthd~1 -r -a -s -h”
5. you should repeatedly type dir /ah after unhiding some files/folders so you’ll know if they’re now working or not..
6. now check your flash drive.. it should be there..
I hope this will help you if you are facing the same problem as mine.
Posted in Technology, Tips & Tricks, Uncategorized | 
Tags: antivirus, flash drive, folder option, hide unhide, maleware, pendrive, Virus | 
No Comments »
I recently suffered by a worm named W32/Mysamurai. It changed the background of the C:\WINDOWS folder with a scary photo.
My pc was dead slow and I was looking for the solution. Atlast the Norton Security Scan in my PC could detect it. There was a file named windxp.ini in the C:\WINDOWS\System32 folder which was responsible for that. As soon as Norton Security scan detected it, I deleted it and I found my C:\WINDOWS folder back to how it should Look. Mcafee Security Center couldn’t detect it and neither could it remove it.
Information about the W32/Mysamurai Worm:
W32/Mysamurai is a worm. The worm will infect Windows systems and spreads through shared network drives.
Upon execution, the worm copies itself as:
(Temp name).tmp in the Windows Temp folder,
AdobeGama.pif in the Documents and Settings\All Users\Start Menu\Programs\Startup folder,
AdobeGama.pif in the %User Profile%\Start Menu\Programs\Startup folder,
htSystem.cfg in the C:\System Volume Information\_Resto~1 folder,
explore.exe in the Windows folder.
It also copies iteslf as the following files in the Windows System folder.
CommandPrompt.Sysm
NvMedia.sysm
Restoration.msd
Windows 3D.scr
odbcad32.dll
shareNet.msd
Ngsys.exe
runer.exe
rvshost.exe
system31.exe
userint.exe
windxp.exe
winzipt.exe
It also creates WindXP.ini file in the Windows System folder.
The worm modifies the Desktop.ini configuration information file present in the Windows and Windows System folder.
It modifies the registry at the following location to ensure its automatic execution at every Windows startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CLASSES_ROOT\.Msd
HKEY_CLASSES_ROOT\.Msd\DefaultIcon
HKEY_CLASSES_ROOT\.Msd\Shell\Open\Command
HKEY_CLASSES_ROOT\.sysm
HKEY_CLASSES_ROOT\.sysm\DefaultIcon
HKEY_CLASSES_ROOT\.sysm\Shell\Open\Command
It also modifies the registry to ensure that the screensaver is active and will run. The threat will run when the computer is restarted in Safe Mode, and that file extensions are not shown.
The worm then spreads by copying itself to shared drives.
This worm first appeared on September 02, 2007.
Blueball Other names of W32/Mysamurai Worm:
This Worm is also known as W32.Mysamurai.