I have a problem with my “My computer”. When I try to open the C:, it says this command can’t be done in Win32; however, I can access the C: using the “explore” command. When I try to open the D: (my hard drive was separated in two parts) it opens a new window instead of opening the folder in the main window…
I was using another antivirus which couldn’t find the problem, so I installed Avast. After the first analysis it detected and suppressed 3 Trojan and a rootkit (xmor.exe).
Howeve, the problem still persists. When I open the D:, I get a notification of infection in :\Documents and Settings[my name]\Local Settings\Temp\cvasds0.dll. The Trojan itself is Win32: Patched-HN.
I tried an analysis of the C: before lauching Windows, Avast detected and suppressed the Trojan, but after launching “My computer”, no improvement…
I don’t know what to do anymore, can someone help me getting rid of that stupid Trojan please?
Thanking you by advance.
Hello,
this file was created by some malware dropper (very often create files “cvasds0.dll” and “herss.exe”). If you find the file which creates this file(s) send them please to virus@avast.com
Try Pocess monitor, where you can see which process creates that. You can filter “operation” called “WriteFile”.
Thanks for your answers! And sorry for not waiting but this problem really pisses me off… @Pondus: BitDefender 2009 @Milos: If I find these infos I’ll send them, but I think they’re gone… (see under)
I changed my antivirus again to try McAfee (though Avast was really helpful, since it allowed me to find where the problem was located). It found 30 more malwares, including one in herss.exe. Now “My Computer” asks me which program it has to use to open the C: and D:!
I’ll launch a new analysis in a few minutes, but I have the feeling my computer is clean now. Then I should find a way to repair the damages done by the virus…
Does it sound correct to you, or do you have another idea? Any suggestion is welcome, I’m really a newbie when it comes to computers :-\
try this:
open a CMD window, then type "CD " (without “”) and enter. Type “DIR” and enter, if you see an autorun.inf type “del autorun.inf” to delete the file, else type “attrib” it shows you many files, find the file and it’s attibutes (may be h) and type “attrib -h autorun.inf” and then delete it.
If you see some file with shr attribute and the name of file ends with “.exe” do the same with the “attrib -s -h -r file.exe” and delete it then.
you have to do that in each disc infected, especialy in removable media like pendrives, mp3 player, etc, just change the "CD " with the drive letter of the media (d:, e:, …)