Hello! Please help me!!!

I have found almost 200 image files (supposedly!), all rootnamed "AlbumArt" spreading within all my music folders and in the recycler folder. When trying to delete them, the confirmation pop-up window says that they're system files. I've scanned my pc with Antivir PE (installed and updated) and several online anti-virus scanners but ALL FAILED to find something!!! This weekend I lost access to the internet without any apparent reason and only got it back after restoring the system back to a few days ago. Also, I have disabled 2 suspicious entries (squares both under Startup item and Command) in the startup menu, located in
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows.

Oh, and I'm running Windows XP SP2. Is there anything else you need to know?

What should I do? I have no idea how to find and remove a virus without an antivirus tool signaling it for me!!! I thank you in advance for your help!!!

Hi

Don't panic. Try sending the suspicious file to virus@free-av.com for analysis.

It could be a new virus. But who knows, it might be a system problem as well..

But before u do that, zip the file using winzip or winrar and encrypt it with a password and send the password along with the file to the above-mentioned address.

You can be sure to get a reply from AntiVir within a day.

Also, you could try google to find if there is a virus with the characteristics you describe.

Regards

Hi!

First of all, thanks for your reply!

I tried to do that just now and I guess something went wrong!!!! I was trying to compress and encrypt a sample of the files and protect with a password on Winrar and as soon as I hit the "OK" button, the pc automatically terminated the session and tried to reboot (it didn't crash, rather closed normally, except that I didn't tell it to do so...). I pulled the plug on it, but it only "died" after completely closing Windows!!! I think the virus in those files must have been activated in this process, although I never opened any, and probably had the time to lodge itself on my boot sector...

What should I do now???? Is it safe to turn the pc on and try to restore the system to yesterday, for instance? Can I do that in safe mode? I have a boot CD, but it's still for the SP1, I didn't have the chance to make a new one... Will it work neverthess? PLEASE HELP!!!!

(I'm at a friend's pc now)

Hi

I tried to search the net to see if there is a virus like the one you described but havent found anything in particular. The only virus I read about that writes itself into music folders as a deliberate ploy is W32/Zafi.D. You can follow this link http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez@mm.removal.tool.html
to get a removal tool for it. Maybe its worth a try.

Try restoring the system with system restore but you can be sure that there is a very high probability that the system restore might write back infected files. But before you do anything else, try to BACKUP all your important files.

If I was in your place, I would have backed up important files, formatted my hard disk and reinstalled winows. But that is an extreme measure.

I strongly suggest you wait till some of the other more experienced users in this forum can help you out.

Best wishes and Regards

Hi satishincbs!

I took my pc to the guy in the pc room at my university and he took a look at it... It seems to be alright, although there is some residue of spyware in my HJT log (which I had already posted in the appropriate forum). Those files in my music folders must have been automatically downloaded by a previous version of some player (although I ALWAYS uncheck that option), but it is odd that they are hidden and also that they appear as system files when trying to delete them. We tried every player I have (and I never had others) and none used those images, nor could we get either to download similar ones... Anyway, he checked and they're safe. Also, my pc must have crashed completely by coincidence when I hit "OK" to compress the sample files. It closed properly because that is an option in Windows XP SP2, one which I didn't know of. I ran the removal tool you indicated and my pc is clean.

Thank you so much for your help, even if it turned out to be a false alarm! I still have those funky entries (the squares) in my startup menu though, but I guess that will be dealt with in the HJT forum... THANKS AGAIN!

Nice work satishincbs. We appreciate it.

Glad Papoila got the help needed. Now that the problem is solved this thread is closed.


Best regards