FRIHOSTFORUMSSEARCHFAQTOSBLOGSCOMPETITIONS
You are invited to Log in or Register a free Frihost Account!


New Folder.exe





airh3ad
Help guys i got infected new folder.exe please help me how can i remove this virus . its already affect in my drive d:\i try scan in avg then it remove but in a couple of minutes the virus back again. i manually remove in regedit its okey but in my drive d: it could not remove please help.
HamsterMan
Google is the answer.

http://tec-updates.blogspot.com/2007/10/new-folderexe-virus-removal-tool.html
[FuN]goku
Hmm.... im not quite sure about this... I've not encountered this virus.. i recently however had a boot sector virus which was a bit annoying.. Mhh, although im not a fan of AVG.... you could try what HamsterMan suggested, or if that doesnt work, try finding a different virus scanner. Nod32 works great for me most of the time.
airh3ad
Avg dnt work with this virus ill try to scan other anti virus but im infected..tired..
jmlworld
Shocked New Folder.exe has faced me several times, it's being created by another virus program called setup.exe which is hiden in the drive's root e.g C:/, D:/, F:/, G:/, etc... You can figure out if the drive is currying "SETUP.EXE", just go to My Computer then right click on any Drive over there, in the right click menu if "Auto..." is the top of all, there is a hidden "SETUP.EXE" in that certain drive. If you click "Auto..." the virus installs itself into the machine and searches another drive in which she copies another New Folder.exe and Setup.exe. Even it can hide certain folders names and rename itself as the innocent folder e.g. myfile.exe, it uses a tichnique to hide the extension "EXE" so the only thing you can see is myfile with the icon of real folder. If you click it, the sky will fall on your head...

However, it seems that AVG didn't recognize it yet. I used Kaspersky Antivirus. http://www.kaspersky.com, and I think this is the best tool to remove it. I don't know if McAfee and Symentic (Norton) can do that job, too...
airh3ad
Oki thanks for the advise and its great that you help me out ..im still sick for this virus he disable my task manager the folder options the registry , cmd, damn virus, i think i have to format my pc..Sad
aningbo
before u format the system... try a system restore.

start\programs\accessories\system tools\system restore. restore to the point where u think the virus doesn't exist.
jmlworld
aningbo wrote:
before u format the system... try a system restore.

start\programs\accessories\system tools\system restore. restore to the point where u think the virus doesn't exist.


Nice advise, this saves time to reformat the Computer, however, I think many viruses create a restore point automatically.
sambhav
To prevent such virus, make a file named new folder.exe and make it readonly.
airh3ad
Im still infected with virus man.. i used kaspersky but he doesnt run with my operating system im using windows server 2003 man please help all my file is infected ..i dnt want to reformat co's we have important files to save for good..i got headache and sick very sick about this virus help frihost users..
FunDa
There are several viruses that use the name NewFolder.exe

Tell me the exact properties of your virus file (file size, icon), Or even better, send me a copy of the virus. I can analyze the virus and make an antidote for it. Just zip and upload to rapidshare or someplace and m me the link. I'll make an antidote for you Smile I'll detroy the virus to smithereens
Animal
Have you tried running the (free) McAfee Stinger? This is a virus removal utility that has a pretty good track record - it is probably a better idea than some "home-brew" removal batch files.
airh3ad
The virus identified as Autoit.Ck ..he created a new folder (man)(man.exe) please help me to get it the virus..thnks in advance ..im using windows server 2003
FunDa
airh3ad wrote:
The virus identified as Autoit.Ck ..he created a new folder (man)(man.exe) please help me to get it the virus..thnks in advance



There are several viruses that do the same thing.
I need to know the files size. (Right click and see properties)
One particular virus which does that is sscvihost.exe.
Others include brontok, ssvichosst.exe, explorer.exe, newfolder.exe, and many others.


Here is the cure for sscvihost.exe
Use at your own risk. I am not responsible if your computer hangs, crashes, or goes up in smoke. Like Animal(Adam) said, never trust home-brew batch files unless they are from me Wink

Cure for sscvihost.exe virus
Download sscvihost.exe removal tool
http://rapidshare.com/files/105588283/New-Antidote_for_SSCVIHOST-2.bat.html

I'm in the process of making cures for the other viruses too, but currently, I have a test coming up and am studying for it. Confused

I'll be back in a few days.
airh3ad
man thanks for the help o scan my pc its good now and clean i dn't know if that virus totally clean..thnks your site also amazing ill visit your blog lastnigth..keep going.
FunDa
airh3ad wrote:
man thanks for the help o scan my pc its good now and clean i dn't know if that virus totally clean..thnks your site also amazing ill visit your blog lastnigth..keep going.


Thanks Smile . I'm working on making my own antivirus software. But haven't got time for it yet. Maybe next weekend or something. Have lots of tests coming up this week Crying or Very sad

I'm making antidotes for more viruses one by one, especially for the viruses that NOD32 and Kaspersky are not detecting. If you find viruses like that, just send me the details and I'll see if I can make an antidote for it. Cool
beancocktail
FunDa wrote:


I'm making antidotes for more viruses one by one, especially for the viruses that NOD32 and Kaspersky are not detecting. If you find viruses like that, just send me the details and I'll see if I can make an antidote for it. Cool


I am just wondering if you could help me out with something. I have one on my usb flash drive, I think I got it from a friend's pc. It keeps creating folders and such, flashy.exe and vault.exe I am completely clueless on what to do I am hoping you could help me. File size is about 59kb and it is always a read-only file. I think my memory cards are infected as well. I tried reformatting my usb flash disk and memory cards but it's still there. Please help me. I would really appreciate it. Thanks thanks super thanks in advance. Smile

Oh and here's the link for the file:

http://rapidshare.com/files/138247311/Flashy.zip.html

http://rapidshare.com/files/138248117/Vault.zip.html
FunDa
beancocktail wrote:
File size is about 59kb and it is always a read-only file. I think my memory cards are infected as well. I tried reformatting my usb flash disk and memory cards but it's still there. Please help me. I would really appreciate it. Thanks thanks super thanks in advance. Smile



If it keeps coming back it means that your computer is infected.

Use Process Explorer to find the running file, kill the active process and delete the file.
The active process filename will be flashy.exe or vault.exe


I might not get time for making an antidote now, coz of exams and stuff. I'll have a lokk at the file anyway.

P.S. I'm using Linux, so I'll have to get to a Windows computer before I see what the virus actually does. Laughing
FunDa
I'm back.


Here is the antidote i made :

http://rapidshare.com/files/138478507/Flashy-virus-remover-fundazone-com.bat.html

Here is a link about the Flashy virus

http://vil.nai.com/vil/content/v_140308.htm



The virus Flashy.exe copies itself to

C:\Windows\system32\Flashy.exe

And to the Startup folder in
WINDOWS Start button > All Programs > Startup\systemID.pif

These are the registry settings it modifies
Quote:

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Flashy Bot" = %SystemDir%Flashy.exe
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Hidden" = 2
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"HideFileExt" = 1
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
"NoFolderOptions" = 1
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
"DisableTaskMgr" = 1
"DisableRegistryTools" = 1




Just run this batch file


http://rapidshare.com/files/138478507/Flashy-virus-remover-fundazone-com.bat.html

Then format your USB drive.
beancocktail
FunDa wrote:
I'm back.


Here is the antidote i made :

http://rapidshare.com/files/138478507/Flashy-virus-remover-fundazone-com.bat.html




Just run this batch file


http://rapidshare.com/files/138478507/Flashy-virus-remover-fundazone-com.bat.html

Then format your USB drive.



Oh that was so fast. Thank you so much. I almost cried seeing your post. Crying or Very sad I tried it already and it works perfectly. Thanks thanks thanks thanks thanks thanks thanks thanks thanks SUPER! I am sorry for troubling you during your examination period. Again thanks a lot for helping me out. I cant thank you enough.

Oh and one more thing I would just like to ask, how do I format my usb drive? Im scared that if I use my usb flash disk on my laptop it will infect it again. I'm sorry for troubling you once more.
Diablosblizz
If your flash drive is infected and you are sure of it DO NOT PLUG IT INTO YOUR COMPUTER. Instead, go to School and format it. Smile My school uses DeepFreeze, so they don't mind.

You can format it by plugging it in, going to My Computer right clicking it then pressing Format. For the next window just press Start.
beancocktail
Diablosblizz wrote:
If your flash drive is infected and you are sure of it DO NOT PLUG IT INTO YOUR COMPUTER. Instead, go to School and format it. Smile My school uses DeepFreeze, so they don't mind.

You can format it by plugging it in, going to My Computer right clicking it then pressing Format. For the next window just press Start.


Haha. That was funny! Laughing reminds me of one student i know. Can I do that to memory cards as well? And I think my ipod might be infected too. I'm sorry I just want to make sure. Thanks!
Diablosblizz
Umm, I don't think you'll want to format your iPod. Although, if you can install iTunes on your schools computers then you can probably restore it. Reformating it will wipe everything, including the operating system.

If your school has memory card slots, then sure. And by school I mean anything but your computer. Razz
osuchin
try this. go to regedit then search for new folder.exe, then delete...
moorthyrweb
If the problem continued just format your drives.
bulek
Upload this executable file to virustotal.com and copy/paste results here so we can find solutions faster. Every antivirus company use different name for malware, so it's pretty hard to know which virus has infected you.
dmystic
i would prefer to just format the pc.... because you can never be 100% sure that 100% of the virus is gone... and its smart anyways to reinstall windows/linux/whatever sometimes (i do it mostly 1 time in a year) because its clean then.
froy357
Before doing a reformat try using the latest downloadable version of "Combofix" just google, download and run it. This is my virus killer since up to now.
yogspatel
FunDa wrote:


I'm making antidotes for more viruses one by one, especially for the viruses that NOD32 and Kaspersky are not detecting. If you find viruses like that, just send me the details and I'll see if I can make an antidote for it.






I have a problem on my PC and nod32 is not detecting the same. this virus / trojan, copies setup.exe hidden file to USB drives automatically as soon as it is plugged in. Kaspersky has reported trojan.w32.delf.ddr but i cannot find anything else on the system.
Can you pl. help me to remove the virus/trojan.
FunDa
What is the size of the file in kb ?

Try using Task Manager or better Process Explorer to see where the fie is located.

Then first try Googling, a fix might already be out there.
guissmo
I've found the solution to this when I was in my USB-using days. All the computers at school have this virus. Anyway, I found this other "exe" file that's made just to end its annoying-ness. It's not with me right now but if you need it badly, I guess I could try to find it again.

Or better yet, find an online storage service. So that you won't need to use USBs anymore.
guanzz
the avast is good,you can try it
trnt
In order to quickly and easily remove the virus "New Folder.exe" you must do the following:
-Get the file size by using the properties window (Alt + Enter);
-In the search files box (Win + F), enter the size of file of virus;
-The results are sort-size files;
-All-virus files will be in front of you is not a discontinuous list;
-Highlight the file, the virus;
-Press Shift + Del
FunDa
To check a USB drive for multiple folder viruses

1) Right click and search
2) Filename *.exe
3) If needed, put in this also Size at most 800kb
4) Search hidden files and folders also
5) Search
6) Arrange the files by size.
7) Delete the Clusters of exe files of equal size and the icon of a folder.
Cool Delete autorun.inf


Make sure that the option to see hidden files and folders is enabled and also thet the sytem files are visible
subzero24
hey mr, funda. im just a newbie here...im also having the same problem regarding with the new folder.exe but it seems i'd got the new version of new folder.exe..even i'd tried to delete it, still it remains on my PC...i'd seen it was accompanied by onbtr.exe...do u hav any idea about that? i guess the onbtr virus was already in my pc because evrytim i reformat my USB there was an autorun.inf remains inside, i read the detail written inside the autorun.inf and its truly link sill in onbtr.exe...all attributes were disabled, taskmana, and the funny thing over here were also the images of the shortcut icons were dramatically disappeared...my rapidshare account was already expired, can u borrow to me ur account for a while so that i can upload it...they say that it was the new version.. Crying or Very sad
FunDa
subzero24 wrote:
hey mr, funda. im just a newbie here...im also having the same problem regarding with the new folder.exe but it seems i'd got the new version of new folder.exe..even i'd tried to delete it, still it remains on my PC...i'd seen it was accompanied by onbtr.exe...do u hav any idea about that? i guess the onbtr virus was already in my pc because evrytim i reformat my USB there was an autorun.inf remains inside, i read the detail written inside the autorun.inf and its truly link sill in onbtr.exe...all attributes were disabled, taskmana, and the funny thing over here were also the images of the shortcut icons were dramatically disappeared...my rapidshare account was already expired, can u borrow to me ur account for a while so that i can upload it...they say that it was the new version.. Crying or Very sad



Rapidshare sharing has a free account option. I'm using that one - I don't even have an account (can't afford one)



I don't have any details about your virus.

Is it btr.exe ?



W32/Bater-A is a mass-mailing worm.

When run the worm copies itself to the Windows system folder as btr.exe and creates the following registry entries so as to auto-start:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msimn.exe
Debugger
%SYSTEM%\btr.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Debugger
Worm.Beater_DiA/rrlf

Emails sent by the worm can take the following forms:

Subject line chosen from:

WOW!
Schau dir das an...
Super Bilder fnr dich Wink
Nen versautes Geschenk fnr dich!
Picture Set

Message text chosen from (contains some non-printable characters):

"Hi!
bin neulich im internet rumgesurft und habe ne seite gefunden
da gabs ne menge kostenlose porno bilder. Leider hab ich den
namen vergessen... :/

Aber ich habe mir ein paar schon runtergeladen. Ich habs drangehSngt
als selbst-extrahierendes archiv Very Happy
na dann, viel spass... Wink"

"Hey
schau was ich fnr nen saugeiles picture set gefunden habe!!!!"

"Hallo,
na, hat dich die Betreffzeile schon neugierig gemacht?
Wenn ja dann solltest du dir UNBEDINGT die kostenlosen
Bilder anschauen die als Attachment dieser Nachricht folgen.

(c)2005 by HardcoreBabez
________________________"

"Ich will dir nicht zu viel verraten ;D
Schau dir einfach die Bilder an und sag mir was du davon hSltst!"

"Man schau dir die Bilder Sammlung an...
So etwas wnrd ich auch gern mal erleben!
Sch÷ne Grn¯e, B."

Attachment name is either Hot Lebian Picture Set.exe or chosen by parsing a porn related webpage.
chatrack
This virus is difficult to remove. I cant delete it. It copies itself to new drives such as thumb dirives

I tried to make a text file . renamed to newfolder.exe and replaced it with hidded virus file.

It worked!. But the root of the virus cant be foud out.

Can any one tell how it can be removed completely. with out the help of any antivirus programe?
idoisl
what is this???!!!
FunDa
chatrack wrote:
This virus is difficult to remove. I cant delete it. It copies itself to new drives such as thumb dirives

I tried to make a text file . renamed to newfolder.exe and replaced it with hidded virus file.

It worked!. But the root of the virus cant be foud out.

Can any one tell how it can be removed completely. with out the help of any antivirus programe?



Give me something to work with here.

The name and exact filesize of the virus. Fromthe Right click - Properties.
Is it btr.exe ?
Sample file if possible.

Read my previous instructions on manually removing virus without antivirus programmes ...
tony
sambhav wrote:
To prevent such virus, make a file named new folder.exe and make it readonly.


interesting; would that work??

-somewhat confused linux user.
FunDa
tony wrote:
sambhav wrote:
To prevent such virus, make a file named new folder.exe and make it readonly.


interesting; would that work??

-somewhat confused linux user.



Sure would. Many of these USB visuses also use the autorun.inf feature of Windows which can be prevented by just putting a folder in place of the file.

Some viruses can delete even read only files, but when there is a folder instead, they are just too dumb ....

These windows viruses are so stupid, if u rename them, u can delete even the protected files.

I always kill windows viruses with my bare hands and Process Explorer. I don't actually use the antivirus software coz I don't have easy access to the internet and thus the updates.


I find them and destroy them.
Romski
can anyone help me with the virus new folder.exe.. and please give the instructions of how to remove it,, this virus is very annoying...!!! mr. funda how can u do process explorer?? need help!!
FunDa
Romski wrote:
can anyone help me with the virus new folder.exe.. and please give the instructions of how to remove it,, this virus is very annoying...!!! mr. funda how can u do process explorer?? need help!!



Process Explorer can be found here on microsoft's site http://download.sysinternals.com/Files/ProcessExplorer.zip

After downloading, installing, and opening it,


Scroll to the bottom and look for the NewFolder.exe file and its location.


Kill the process

Go to the file my using My Computer, and delte it.


Then, if you know how to, go to the registry and change back all entries which have the virus name on it.


Might be a litte hard to do the registry part, but Ending the process in Process Explorer is safe.
khaminzkhi
I've got same problem... when I used my officemate's USB Flash Drive infected with new folde.exe.. I accidentally clicked it but didnt open... after than incident my office computer ran so slow and i have notice that my 2 USB Flash Drives infected... it copy all the folders i have in my Flash Drives.

I cant delete it no matter wat i do... Im scared that this sticky virus eats all my files especially the databased system in my office computer which is very important for the company..

Please help me to clean and throw away this nasty virus... help................. before its too late

Heres the details

File name: New Folder.exe
File version : 3.2.0.1
File size : 617KB

PS.. its associated with unknown hidden file named cddtor.exe


HELPPPPPPPPPPPPPPPPPPPPPPP
khaminzkhi
now i found out that i also have soyaxu.exe virus with file version of 91.75.4.78, file size of 944KB and modified date of 8/4/2004 3:57PM


help me to totally delete this freaky virus... Crying or Very sad
FunDa
I can help.

Download process explorer and PM (message) me your google chat or yahoo mesenger id. I'll guide u thru the process.



Process Explorer can be found here on microsoft's site http://download.sysinternals.com/Files/ProcessExplorer.zip
jdelfire
Just a side comment

-- frihost users are the best!
-- Where will you find a group of people like this were everyone is more than happy to help each other out!
-- everyone rocks!
himy
FunDa wrote:
airh3ad wrote:
The virus identified as Autoit.Ck ..he created a new folder (man)(man.exe) please help me to get it the virus..thnks in advance



There are several viruses that do the same thing.
I need to know the files size. (Right click and see properties)
One particular virus which does that is sscvihost.exe.
Others include brontok, ssvichosst.exe, explorer.exe, newfolder.exe, and many others.


Here is the cure for sscvihost.exe
Use at your own risk. I am not responsible if your computer hangs, crashes, or goes up in smoke. Like Animal(Adam) said, never trust home-brew batch files unless they are from me Wink

Cure for sscvihost.exe virus
Download sscvihost.exe removal tool
http://rapidshare.com/files/105588283/New-Antidote_for_SSCVIHOST-2.bat.html

I'm in the process of making cures for the other viruses too, but currently, I have a test coming up and am studying for it. Confused

I'll be back in a few days.


hi all
I am new here. Please help. I have the same problem, I found these files in my USB flash drive:
New Folder.exe (648 kb)
scvhost.exe (648 kb) not sscvihost.exe
autorun.inf (8 kb)
and there are many .exe files.

I want to keep my files and get rid of the virus, can anyone help me? Thanks a lot! Sad
Helios
I had a similar virus, I just ran two scan simultaneously in safe-mod.. AVG and COMODO antiviruses.
For now I don't see any signs of the virus.
Mine could be a lighter variation of the virus though, and I've got windows 7...
albuferque
Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.

The Realtime Protection Module uses advanced heuristic scanning technology which monitors your system to keep it safe and secure. In addition, they have implemented a threats center which will allow you to keep up to date with the latest malware threats.

Malwarebytes' Anti-Malware can detect and remove malware that even the most well-known Anti-Virus and Anti-Malware applications on the market today cannot.

http://www.malwarebytes.org/
Fire Boar
albuferque wrote:
Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.

The Realtime Protection Module uses advanced heuristic scanning technology which monitors your system to keep it safe and secure. In addition, they have implemented a threats center which will allow you to keep up to date with the latest malware threats.

Malwarebytes' Anti-Malware can detect and remove malware that even the most well-known Anti-Virus and Anti-Malware applications on the market today cannot.

http://www.malwarebytes.org/


Wow, don't you think that's a bit off-topic?
Related topics
751 Useful Windows XP Files
pls suggest software to generate thumbnails etc...
Ill deal with your HijackThis logs for you.
[Official] Security: Anti-Spyware/Virus, & Firewall
New Folder from nowhere
Creating An Invisible Folder
class not registerd in explorer.exe, a pain in the back
Can't Delete Folder
Beware!! protect your system from virus. here is a tip!!
orkut virus?
Clean ur flash drive from common virus....
Getting 2 man Viruses from ur USB??? Click here..& Be co
Technique to prevent virus infection in win32
Scratch
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.