Help guys i got infected new folder.exe please help me how can i remove this virus . its already affect in my drive d:\i try scan in avg then it remove but in a couple of minutes the virus back again. i manually remove in regedit its okey but in my drive d: it could not remove please help.
New Folder.exe
Google is the answer.
http://tec-updates.blogspot.com/2007/10/new-folderexe-virus-removal-tool.html
http://tec-updates.blogspot.com/2007/10/new-folderexe-virus-removal-tool.html
Hmm.... im not quite sure about this... I've not encountered this virus.. i recently however had a boot sector virus which was a bit annoying.. Mhh, although im not a fan of AVG.... you could try what HamsterMan suggested, or if that doesnt work, try finding a different virus scanner. Nod32 works great for me most of the time.
Avg dnt work with this virus ill try to scan other anti virus but im infected..tired..
New Folder.exe has faced me several times, it's being created by another virus program called setup.exe which is hiden in the drive's root e.g C:/, D:/, F:/, G:/, etc... You can figure out if the drive is currying "SETUP.EXE", just go to My Computer then right click on any Drive over there, in the right click menu if "Auto..." is the top of all, there is a hidden "SETUP.EXE" in that certain drive. If you click "Auto..." the virus installs itself into the machine and searches another drive in which she copies another New Folder.exe and Setup.exe. Even it can hide certain folders names and rename itself as the innocent folder e.g. myfile.exe, it uses a tichnique to hide the extension "EXE" so the only thing you can see is myfile with the icon of real folder. If you click it, the sky will fall on your head...
However, it seems that AVG didn't recognize it yet. I used Kaspersky Antivirus. http://www.kaspersky.com, and I think this is the best tool to remove it. I don't know if McAfee and Symentic (Norton) can do that job, too...
Oki thanks for the advise and its great that you help me out ..im still sick for this virus he disable my task manager the folder options the registry , cmd, damn virus, i think i have to format my pc..
before u format the system... try a system restore.
start\programs\accessories\system tools\system restore. restore to the point where u think the virus doesn't exist.
start\programs\accessories\system tools\system restore. restore to the point where u think the virus doesn't exist.
| aningbo wrote: |
| before u format the system... try a system restore.
start\programs\accessories\system tools\system restore. restore to the point where u think the virus doesn't exist. |
Nice advise, this saves time to reformat the Computer, however, I think many viruses create a restore point automatically.
To prevent such virus, make a file named new folder.exe and make it readonly.
Im still infected with virus man.. i used kaspersky but he doesnt run with my operating system im using windows server 2003 man please help all my file is infected ..i dnt want to reformat co's we have important files to save for good..i got headache and sick very sick about this virus help frihost users..
There are several viruses that use the name NewFolder.exe
Tell me the exact properties of your virus file (file size, icon), Or even better, send me a copy of the virus. I can analyze the virus and make an antidote for it. Just zip and upload to rapidshare or someplace and m me the link. I'll make an antidote for you
I'll detroy the virus to smithereens
Tell me the exact properties of your virus file (file size, icon), Or even better, send me a copy of the virus. I can analyze the virus and make an antidote for it. Just zip and upload to rapidshare or someplace and m me the link. I'll make an antidote for you
I'll detroy the virus to smithereensHave you tried running the (free) McAfee Stinger? This is a virus removal utility that has a pretty good track record - it is probably a better idea than some "home-brew" removal batch files.
The virus identified as Autoit.Ck ..he created a new folder (man)(man.exe) please help me to get it the virus..thnks in advance ..im using windows server 2003
| airh3ad wrote: |
| The virus identified as Autoit.Ck ..he created a new folder (man)(man.exe) please help me to get it the virus..thnks in advance |
There are several viruses that do the same thing.
I need to know the files size. (Right click and see properties)
One particular virus which does that is sscvihost.exe.
Others include brontok, ssvichosst.exe, explorer.exe, newfolder.exe, and many others.
Here is the cure for sscvihost.exe
Use at your own risk. I am not responsible if your computer hangs, crashes, or goes up in smoke. Like Animal(Adam) said, never trust home-brew batch files unless they are from me
Cure for sscvihost.exe virus
Download sscvihost.exe removal tool
http://rapidshare.com/files/105588283/New-Antidote_for_SSCVIHOST-2.bat.html
I'm in the process of making cures for the other viruses too, but currently, I have a test coming up and am studying for it.
I'll be back in a few days.
man thanks for the help o scan my pc its good now and clean i dn't know if that virus totally clean..thnks your site also amazing ill visit your blog lastnigth..keep going.
| airh3ad wrote: |
| man thanks for the help o scan my pc its good now and clean i dn't know if that virus totally clean..thnks your site also amazing ill visit your blog lastnigth..keep going. |
Thanks
. I'm working on making my own antivirus software. But haven't got time for it yet. Maybe next weekend or something. Have lots of tests coming up this week 
I'm making antidotes for more viruses one by one, especially for the viruses that NOD32 and Kaspersky are not detecting. If you find viruses like that, just send me the details and I'll see if I can make an antidote for it.
| FunDa wrote: |
|
I'm making antidotes for more viruses one by one, especially for the viruses that NOD32 and Kaspersky are not detecting. If you find viruses like that, just send me the details and I'll see if I can make an antidote for it. |
I am just wondering if you could help me out with something. I have one on my usb flash drive, I think I got it from a friend's pc. It keeps creating folders and such, flashy.exe and vault.exe I am completely clueless on what to do I am hoping you could help me. File size is about 59kb and it is always a read-only file. I think my memory cards are infected as well. I tried reformatting my usb flash disk and memory cards but it's still there. Please help me. I would really appreciate it. Thanks thanks super thanks in advance.
Oh and here's the link for the file:
http://rapidshare.com/files/138247311/Flashy.zip.html
http://rapidshare.com/files/138248117/Vault.zip.html
| beancocktail wrote: |
| File size is about 59kb and it is always a read-only file. I think my memory cards are infected as well. I tried reformatting my usb flash disk and memory cards but it's still there. Please help me. I would really appreciate it. Thanks thanks super thanks in advance.
|
If it keeps coming back it means that your computer is infected.
Use Process Explorer to find the running file, kill the active process and delete the file.
The active process filename will be flashy.exe or vault.exe
I might not get time for making an antidote now, coz of exams and stuff. I'll have a lokk at the file anyway.
P.S. I'm using Linux, so I'll have to get to a Windows computer before I see what the virus actually does.
I'm back.
Here is the antidote i made :
http://rapidshare.com/files/138478507/Flashy-virus-remover-fundazone-com.bat.html
Here is a link about the Flashy virus
http://vil.nai.com/vil/content/v_140308.htm
The virus Flashy.exe copies itself to
C:\Windows\system32\Flashy.exe
And to the Startup folder in
WINDOWS Start button > All Programs > Startup\systemID.pif
These are the registry settings it modifies
Just run this batch file
http://rapidshare.com/files/138478507/Flashy-virus-remover-fundazone-com.bat.html
Then format your USB drive.
Here is the antidote i made :
http://rapidshare.com/files/138478507/Flashy-virus-remover-fundazone-com.bat.html
Here is a link about the Flashy virus
http://vil.nai.com/vil/content/v_140308.htm
The virus Flashy.exe copies itself to
C:\Windows\system32\Flashy.exe
And to the Startup folder in
WINDOWS Start button > All Programs > Startup\systemID.pif
These are the registry settings it modifies
| Quote: |
|
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Flashy Bot" = %SystemDir%Flashy.exe * HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = 2 * HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "HideFileExt" = 1 * HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoFolderOptions" = 1 * HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 1 "DisableRegistryTools" = 1 |
Just run this batch file
http://rapidshare.com/files/138478507/Flashy-virus-remover-fundazone-com.bat.html
Then format your USB drive.
| FunDa wrote: |
| I'm back.
Here is the antidote i made : http://rapidshare.com/files/138478507/Flashy-virus-remover-fundazone-com.bat.html Just run this batch file http://rapidshare.com/files/138478507/Flashy-virus-remover-fundazone-com.bat.html Then format your USB drive. |
Oh that was so fast. Thank you so much. I almost cried seeing your post.
I tried it already and it works perfectly. Thanks thanks thanks thanks thanks thanks thanks thanks thanks SUPER! I am sorry for troubling you during your examination period. Again thanks a lot for helping me out. I cant thank you enough.
Oh and one more thing I would just like to ask, how do I format my usb drive? Im scared that if I use my usb flash disk on my laptop it will infect it again. I'm sorry for troubling you once more.
If your flash drive is infected and you are sure of it DO NOT PLUG IT INTO YOUR COMPUTER. Instead, go to School and format it. My school uses DeepFreeze, so they don't mind.
You can format it by plugging it in, going to My Computer right clicking it then pressing Format. For the next window just press Start.
My school uses DeepFreeze, so they don't mind.
You can format it by plugging it in, going to My Computer right clicking it then pressing Format. For the next window just press Start.
| Diablosblizz wrote: |
| If your flash drive is infected and you are sure of it DO NOT PLUG IT INTO YOUR COMPUTER. Instead, go to School and format it. My school uses DeepFreeze, so they don't mind.
You can format it by plugging it in, going to My Computer right clicking it then pressing Format. For the next window just press Start. |
Haha. That was funny!
reminds me of one student i know. Can I do that to memory cards as well? And I think my ipod might be infected too. I'm sorry I just want to make sure. Thanks!Umm, I don't think you'll want to format your iPod. Although, if you can install iTunes on your schools computers then you can probably restore it. Reformating it will wipe everything, including the operating system.
If your school has memory card slots, then sure. And by school I mean anything but your computer.
If your school has memory card slots, then sure. And by school I mean anything but your computer.
try this. go to regedit then search for new folder.exe, then delete...
If the problem continued just format your drives.
Upload this executable file to virustotal.com and copy/paste results here so we can find solutions faster. Every antivirus company use different name for malware, so it's pretty hard to know which virus has infected you.
i would prefer to just format the pc.... because you can never be 100% sure that 100% of the virus is gone... and its smart anyways to reinstall windows/linux/whatever sometimes (i do it mostly 1 time in a year) because its clean then.
Before doing a reformat try using the latest downloadable version of "Combofix" just google, download and run it. This is my virus killer since up to now.
FunDa wrote:
I'm making antidotes for more viruses one by one, especially for the viruses that NOD32 and Kaspersky are not detecting. If you find viruses like that, just send me the details and I'll see if I can make an antidote for it.
I have a problem on my PC and nod32 is not detecting the same. this virus / trojan, copies setup.exe hidden file to USB drives automatically as soon as it is plugged in. Kaspersky has reported trojan.w32.delf.ddr but i cannot find anything else on the system.
Can you pl. help me to remove the virus/trojan.
I'm making antidotes for more viruses one by one, especially for the viruses that NOD32 and Kaspersky are not detecting. If you find viruses like that, just send me the details and I'll see if I can make an antidote for it.
I have a problem on my PC and nod32 is not detecting the same. this virus / trojan, copies setup.exe hidden file to USB drives automatically as soon as it is plugged in. Kaspersky has reported trojan.w32.delf.ddr but i cannot find anything else on the system.
Can you pl. help me to remove the virus/trojan.
What is the size of the file in kb ?
Try using Task Manager or better Process Explorer to see where the fie is located.
Then first try Googling, a fix might already be out there.
Try using Task Manager or better Process Explorer to see where the fie is located.
Then first try Googling, a fix might already be out there.
I've found the solution to this when I was in my USB-using days. All the computers at school have this virus. Anyway, I found this other "exe" file that's made just to end its annoying-ness. It's not with me right now but if you need it badly, I guess I could try to find it again.
Or better yet, find an online storage service. So that you won't need to use USBs anymore.
Or better yet, find an online storage service. So that you won't need to use USBs anymore.
the avast is good,you can try it
In order to quickly and easily remove the virus "New Folder.exe" you must do the following:
-Get the file size by using the properties window (Alt + Enter);
-In the search files box (Win + F), enter the size of file of virus;
-The results are sort-size files;
-All-virus files will be in front of you is not a discontinuous list;
-Highlight the file, the virus;
-Press Shift + Del
-Get the file size by using the properties window (Alt + Enter);
-In the search files box (Win + F), enter the size of file of virus;
-The results are sort-size files;
-All-virus files will be in front of you is not a discontinuous list;
-Highlight the file, the virus;
-Press Shift + Del
To check a USB drive for multiple folder viruses
1) Right click and search
2) Filename *.exe
3) If needed, put in this also Size at most 800kb
4) Search hidden files and folders also
5) Search
6) Arrange the files by size.
7) Delete the Clusters of exe files of equal size and the icon of a folder.
Delete autorun.inf
Make sure that the option to see hidden files and folders is enabled and also thet the sytem files are visible
1) Right click and search
2) Filename *.exe
3) If needed, put in this also Size at most 800kb
4) Search hidden files and folders also
5) Search
6) Arrange the files by size.
7) Delete the Clusters of exe files of equal size and the icon of a folder.
Delete autorun.inf
Make sure that the option to see hidden files and folders is enabled and also thet the sytem files are visible
hey mr, funda. im just a newbie here...im also having the same problem regarding with the new folder.exe but it seems i'd got the new version of new folder.exe..even i'd tried to delete it, still it remains on my PC...i'd seen it was accompanied by onbtr.exe...do u hav any idea about that? i guess the onbtr virus was already in my pc because evrytim i reformat my USB there was an autorun.inf remains inside, i read the detail written inside the autorun.inf and its truly link sill in onbtr.exe...all attributes were disabled, taskmana, and the funny thing over here were also the images of the shortcut icons were dramatically disappeared...my rapidshare account was already expired, can u borrow to me ur account for a while so that i can upload it...they say that it was the new version..
| subzero24 wrote: |
| hey mr, funda. im just a newbie here...im also having the same problem regarding with the new folder.exe but it seems i'd got the new version of new folder.exe..even i'd tried to delete it, still it remains on my PC...i'd seen it was accompanied by onbtr.exe...do u hav any idea about that? i guess the onbtr virus was already in my pc because evrytim i reformat my USB there was an autorun.inf remains inside, i read the detail written inside the autorun.inf and its truly link sill in onbtr.exe...all attributes were disabled, taskmana, and the funny thing over here were also the images of the shortcut icons were dramatically disappeared...my rapidshare account was already expired, can u borrow to me ur account for a while so that i can upload it...they say that it was the new version.. |
Rapidshare sharing has a free account option. I'm using that one - I don't even have an account (can't afford one)
I don't have any details about your virus.
Is it btr.exe ?
W32/Bater-A is a mass-mailing worm.
When run the worm copies itself to the Windows system folder as btr.exe and creates the following registry entries so as to auto-start:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msimn.exe
Debugger
%SYSTEM%\btr.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Debugger
Worm.Beater_DiA/rrlf
Emails sent by the worm can take the following forms:
Subject line chosen from:
WOW!
Schau dir das an...
Super Bilder fnr dich
Nen versautes Geschenk fnr dich!
Picture Set
Message text chosen from (contains some non-printable characters):
"Hi!
bin neulich im internet rumgesurft und habe ne seite gefunden
da gabs ne menge kostenlose porno bilder. Leider hab ich den
namen vergessen... :/
Aber ich habe mir ein paar schon runtergeladen. Ich habs drangehSngt
als selbst-extrahierendes archiv
na dann, viel spass...
"
"Hey
schau was ich fnr nen saugeiles picture set gefunden habe!!!!"
"Hallo,
na, hat dich die Betreffzeile schon neugierig gemacht?
Wenn ja dann solltest du dir UNBEDINGT die kostenlosen
Bilder anschauen die als Attachment dieser Nachricht folgen.
(c)2005 by HardcoreBabez
________________________"
"Ich will dir nicht zu viel verraten ;D
Schau dir einfach die Bilder an und sag mir was du davon hSltst!"
"Man schau dir die Bilder Sammlung an...
So etwas wnrd ich auch gern mal erleben!
Sch÷ne Grn¯e, B."
Attachment name is either Hot Lebian Picture Set.exe or chosen by parsing a porn related webpage.
This virus is difficult to remove. I cant delete it. It copies itself to new drives such as thumb dirives
I tried to make a text file . renamed to newfolder.exe and replaced it with hidded virus file.
It worked!. But the root of the virus cant be foud out.
Can any one tell how it can be removed completely. with out the help of any antivirus programe?
I tried to make a text file . renamed to newfolder.exe and replaced it with hidded virus file.
It worked!. But the root of the virus cant be foud out.
Can any one tell how it can be removed completely. with out the help of any antivirus programe?
what is this???!!!
| chatrack wrote: |
| This virus is difficult to remove. I cant delete it. It copies itself to new drives such as thumb dirives
I tried to make a text file . renamed to newfolder.exe and replaced it with hidded virus file. It worked!. But the root of the virus cant be foud out. Can any one tell how it can be removed completely. with out the help of any antivirus programe? |
Give me something to work with here.
The name and exact filesize of the virus. Fromthe Right click - Properties.
Is it btr.exe ?
Sample file if possible.
Read my previous instructions on manually removing virus without antivirus programmes ...
| sambhav wrote: |
| To prevent such virus, make a file named new folder.exe and make it readonly. |
interesting; would that work??
-somewhat confused linux user.
| tony wrote: | ||
interesting; would that work?? -somewhat confused linux user. |
Sure would. Many of these USB visuses also use the autorun.inf feature of Windows which can be prevented by just putting a folder in place of the file.
Some viruses can delete even read only files, but when there is a folder instead, they are just too dumb ....
These windows viruses are so stupid, if u rename them, u can delete even the protected files.
I always kill windows viruses with my bare hands and Process Explorer. I don't actually use the antivirus software coz I don't have easy access to the internet and thus the updates.
I find them and destroy them.
can anyone help me with the virus new folder.exe.. and please give the instructions of how to remove it,, this virus is very annoying...!!! mr. funda how can u do process explorer?? need help!!
| Romski wrote: |
| can anyone help me with the virus new folder.exe.. and please give the instructions of how to remove it,, this virus is very annoying...!!! mr. funda how can u do process explorer?? need help!! |
Process Explorer can be found here on microsoft's site http://download.sysinternals.com/Files/ProcessExplorer.zip
After downloading, installing, and opening it,
Scroll to the bottom and look for the NewFolder.exe file and its location.
Kill the process
Go to the file my using My Computer, and delte it.
Then, if you know how to, go to the registry and change back all entries which have the virus name on it.
Might be a litte hard to do the registry part, but Ending the process in Process Explorer is safe.
I've got same problem... when I used my officemate's USB Flash Drive infected with new folde.exe.. I accidentally clicked it but didnt open... after than incident my office computer ran so slow and i have notice that my 2 USB Flash Drives infected... it copy all the folders i have in my Flash Drives.
I cant delete it no matter wat i do... Im scared that this sticky virus eats all my files especially the databased system in my office computer which is very important for the company..
Please help me to clean and throw away this nasty virus... help................. before its too late
Heres the details
File name: New Folder.exe
File version : 3.2.0.1
File size : 617KB
PS.. its associated with unknown hidden file named cddtor.exe
HELPPPPPPPPPPPPPPPPPPPPPPP
I cant delete it no matter wat i do... Im scared that this sticky virus eats all my files especially the databased system in my office computer which is very important for the company..
Please help me to clean and throw away this nasty virus... help................. before its too late
Heres the details
File name: New Folder.exe
File version : 3.2.0.1
File size : 617KB
PS.. its associated with unknown hidden file named cddtor.exe
HELPPPPPPPPPPPPPPPPPPPPPPP
now i found out that i also have soyaxu.exe virus with file version of 91.75.4.78, file size of 944KB and modified date of 8/4/2004 3:57PM
help me to totally delete this freaky virus...
help me to totally delete this freaky virus...
I can help.
Download process explorer and PM (message) me your google chat or yahoo mesenger id. I'll guide u thru the process.
Process Explorer can be found here on microsoft's site http://download.sysinternals.com/Files/ProcessExplorer.zip
Download process explorer and PM (message) me your google chat or yahoo mesenger id. I'll guide u thru the process.
Process Explorer can be found here on microsoft's site http://download.sysinternals.com/Files/ProcessExplorer.zip
Just a side comment
-- frihost users are the best!
-- Where will you find a group of people like this were everyone is more than happy to help each other out!
-- everyone rocks!
-- frihost users are the best!
-- Where will you find a group of people like this were everyone is more than happy to help each other out!
-- everyone rocks!
Related topics
 |