After cleaning PC still looks for virus

Topic

New Reply

I recently found myself infected by a Hacktool.Rootkit virus. After finding my Symantec Antivirus could not find and remove the file, I was able to successfully use an online scanning tool from F-Secure, which found and cleaned the file, which was named “Microsoft.exe”.

However, I found that when I, and a coworker, tried to remap a drive, we get a message that says it cannot find microsoft.exe. This is, of course, a good thing as it means that the virus infected file is gone. However, I cannot seem to it to stop looking for this file. I tried removing references to the file in the registry, but every time I try to map the drive, it reinserts the entries into the registry.

I tried looking for references in the File Types dialog as referenced in the MS Knowledge Base, but I could not find a relevant file type that referenced this.

Any ideas how I get my laptop to stop looking for microsoft.exe?

Thanks!!
Troy

Reply | Quote

Replies

Repair your OS. Reads as though one of the operating system files has been replaced.

Joe

--Joe

Reply | Quote

There is no OS file called “microsoft.exe”. This was simply a smartly named virus infected file. As I said, it has been removed. However, part of the process of this virus was obviously to look for the file when you map to a new network drive (which is where this file came from). That looking for the file is what I am trying to stop.

Thanks!!
Troy

Reply | Quote

I understand that the microsoft.exe is not an operating system file. I’m saying that the virus/trojan may have altered a system file. I don’t know what system files (.exe or .dll) are involved in drive mapping. So a repair install may fix it.

Joe

--Joe

Reply | Quote

You might want to take a look here and try the free scan that is offered for .microsoft errors. Or check out this Google search for some insight.

Reply | Quote

Further searching turned up this Symantec page with instructions for removal.

Reply | Quote

Thanks, but this is the first thing I tried. The scan never found the files that were infected. I.E. It doesn’t work, at least not for me or anyone else who tried it.

Only the scan at F-Secure found and cleaned the affected files.

Thanks any way!!

Reply | Quote

Since there is a leftover reference you may want to try CCleaner and/or another registry cleaner and perform some standard maintenance after by running CHKDSK and SFC. Also many times these little nasties can only be removed in safe mode and system restore needs to be turned off to be cleared. Good Luck.

Reply | Quote

All,
I think I found the problem. In doing some searching for “microsoft.exe” on my own hard-drive, I came across a file at the root of my C: drive called “autorun.inf” that automatically was to try to seek out “microsoft.exe”. There was no other information in this file other than that referring to “microsoft.exe”. Thus, I deleted the file.

I still experience the error I mentioned when mapping to the drive. So I went and looked, and guess what? That same autorun.inf file was also located at the root of the V and W drives. That, evidently, was the problem.

I deleted those files and now I can map to V and W without getting that error.

Enjoy!!
Troy

Reply | Quote

Well done.

Thanks for posting back with the solution.

Reply | Quote