Results 1 to 12 of 12
  1. #1
    2 Star Lounger
    Join Date
    Feb 2009
    Location
    Tucson, AZ, USA
    Posts
    142
    Thanks
    3
    Thanked 3 Times in 3 Posts

    Gray folders, gray files

    I’m hoping somebody can identify the problem as something simple. Otherwise, I’ll see what happens Monday.

    A friend has a Gateway box running Win 7 Home Premium 64 bit recently returned from mobo replacement under warranty. He is computer knowledge averse and sometimes does things that drive me to drink. I gave him a license to Vipre Internet Security prior to the mobo repair and that was installed.

    He complained to me that his computer was “running slower” and that MS patches failed to install. Following advice on a Lounge thread, I did a win 7 repair install with my oem disk iaw http://www.sevenforums.com/tutorials...r-install.html. It seemed to work and 86 out of 88 patches installed properly but there are problems.

    First, he has a rootkit called “asktofriends” that may have come in when the firewall was down or it may have been there and come through the repair-install. We’re getting professional help from Vipre on Monday for that.

    Second, file management has gone walkabout. When I drill down to a jpeg image using windows explorer, all of the folders under “Our pictures” are gray and just folders. All the icons in a folder are also gray but images are available and pop up in Windows Viewer when clicked. I can open these images in paint-dot-net (they’re gray in the file-open box there, too) but Faststone file-open does not see either the folders or their images.

    He complains that the image folders used to have pictures in them (as they do on my machine), that he identified folders with those images, and he wants them back.

    Suggestions (and scotch) appreciated.
    Dan Lynch
    The stonecherub

  2. #2
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 932 Times in 853 Posts
    First, Read this thread on Vipre.

    The infection is causing all kinds of problems. You might need more than one scotch. Boot into safe mode. You might have to install Malwarebytes Antimalware onto a flash drive that you can plug in. Try downloading this app (the infection may prevent you connecting to the download site) and running a full scan.

    I would also try a couple of online virus scanners (Google search for Online Virus scanners)

    If all else fails, a complete reinstall using Custom (Clean) install will wipe out everything including the infection. This is a long approach but is effective in giving a pristine installation. Then ensure the AV/AM and firewall are in place before he touches things. I would also install and Imaging app and create an Image of the complete system after everything in installed, updated and customized with all apps installed. With this image, the next time, this restoration will take less than 10 minutes.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  3. #3
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Slough, Berkshire UK
    Posts
    920
    Thanks
    52
    Thanked 52 Times in 50 Posts
    I would try using windows security essentials its free and in my opinion better than Vipre.
    Clive

    All typing errors are my own work and subject to patents pending. Except errors by the spell checker. And that has its own patients.

  4. #4
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 932 Times in 853 Posts
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  5. #5
    2 Star Lounger
    Join Date
    Feb 2009
    Location
    Tucson, AZ, USA
    Posts
    142
    Thanks
    3
    Thanked 3 Times in 3 Posts
    I'll run MSE.

    Any thoughts on the gray files/folders?
    Dan Lynch
    The stonecherub

  6. #6
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 932 Times in 853 Posts
    I would think the gray folder and files are the work of the Virus. Hard to tell for sure.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  7. #7
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,357
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by Ted Myers View Post
    I would think the gray folder and files are the work of the Virus. Hard to tell for sure.
    I would say the same. You can't be sure until you solve the malware problem.

  8. #8
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    5,480
    Thanks
    130
    Thanked 499 Times in 459 Posts
    You'll need to get some kind resolution to the infection issue;

    I would recommend copying all the jpeg images he whishes to keep to a thumb drive, then attempt to verify their integrity from a secured computer other than his. If the jpeg images are good/usable from an independant computer, then the rootkit eradication on his computer should be initiated and post infection cleanup and non destruct repair should be done.

    1 back up the needed data
    2 Repair/eradicate infection
    3 Post eradication repairs


    When all is said and done, your friend will require assistance and some degree of training into the concept of data backup. If there is anything at all
    to be learned in computing, it is this.
    It is much easier to have a well planned backup in place and ready to go than it is to manually toil in a rootkit recovery attempt, even for an expert.
    And you need to be 100% sure it's gone, otherwise you will have a compromised system that needs to be clean installed.

    Asktofriends.com Virus Removal - Asktofriends.com Browser Hijacker
    Last edited by CLiNT; 2012-04-22 at 19:36.

  9. #9
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 932 Times in 853 Posts
    This could be one of those nightmares that PC pros make their livings on. After saving the stuff that really needs to be saved, and as Clint says making sure this stuff is clean, you have to ask yourself, "Is it quicker to attempt to clean this PC or wipe it out and reinstall from scratch." There are many times a reinstall from scratch, and everything that involves is quicker than trying to repair what you have. Not only do you have to remove all traces of the malware, but then you have to repair all the damage done by that malware and still hope you did find all traces. I do not envy you. Good luck and try to stay as sober as possible with this one Dan.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  10. #10
    2 Star Lounger
    Join Date
    Feb 2009
    Location
    Tucson, AZ, USA
    Posts
    142
    Thanks
    3
    Thanked 3 Times in 3 Posts
    Thanks for the advice, all, It just occurred to me that since I'm going to get Al a half T drive to use as a backup, I might as well just do a clean install on that. He's using less than 10% of the one T drive in the Gateway box. I'll scan his files, move them over, and then nuke the infected drive.
    Dan Lynch
    The stonecherub

  11. #11
    2 Star Lounger
    Join Date
    Feb 2009
    Location
    Tucson, AZ, USA
    Posts
    142
    Thanks
    3
    Thanked 3 Times in 3 Posts
    RESOLUTION: I got the new drive and did a fresh install of win 7 on it. I looked at the original drive on my box and found all of Al's files with both hidden and write-protect bits set by the malware.

    Thanks for the help, guys.
    Dan Lynch
    The stonecherub

  12. #12
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    5,480
    Thanks
    130
    Thanked 499 Times in 459 Posts
    Strong work.
    Thanks for posting back.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •