Suspected malware and Can't seems to remove

Jasozhou - Mar 31, 2011 at 11:53 PM
 Jasozhou - Apr 3, 2011 at 12:03 AM

I am having this problem with a particular malware which creates the following problem for me:

1) Creates and edit my icons on desktop, mainly deletes my firefox shortcut and replaces them with IE icons that starts up to even when I had google as my startup page.

2) Changes and delete my registry entry, particularly the SHOWALL segment. Removing the option for me to choose show all hidden files under my folder advance option.

I have tried many ways of solving it with lots of different anti-virus, malware fix programs but none seems to help. Looked up the internet and i found this that describes it.

Thank you very much in advance!

7 responses

Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,178
Apr 2, 2011 at 05:12 AM
Dear Jasozhou,

You system is seriously infected and I found 27 items.

The virus made its entry through your peer to peer bittorent.

You have a spyware called Baidu and I also strongly suspect a rootkit.

You system as it is at the moment and will be after the upcoming desinfection will remain very vulnerable to all kinds of malmare and possible intrusion.

You system restore is presently deactivated. I suggest that you reactivate after desinfection.

I shall prescribe to you a very powerfull antidote that is able to kill and send any virus to the glue factory. It is of very last resort and should not be abused of, as matter of a fact, once you have used it, I suggest you delete it from your system.

To keep your system safe, you must follow the instructions hereunder to the letter:

First step, boot your system in safe mode with networking

1. Download Combofix to your desktop.

2.Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

3. Double click on the ComboFix icon.

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.

4. Accept the disclaimer and the recovery

5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.

ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.

If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.

Once you are done, report to me on how your system is behaving.

Good luck

Blocked Profile
Apr 1, 2011 at 03:33 AM

download and install malwarebytes from

update it and run a full scan.

remove found infections.

restart your PC and go to

run this scan.

once this is done do the same with
Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,178
Apr 1, 2011 at 05:16 AM
Dear Jasozhou,

If Kieferschild's solution and advice do not remove the virus completely,

To help you, I must make a diagnostic and to do so, I require a log.

Open this link and download ZHPDiag :

Register the file on your Desktop.

Double click on ZHPDiag.exe and follow the instructions.

the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).

Double click on the short cut ZHPDiag on your Destktop.

Click on the Magnifying glass and run the analysys.

Wait for the tool to finished (maybe a long time)

Close ZHPDiag.

To transmit the report, click on this link :

Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).

Select the file ZHPDiag.txt.

Click on "upload »

Copy the url and post it here
Sorry for the delay in replying.

Thanks kieferschild for the solution offered but I have done all of that and the problem still persist.

Thanks Ambucias, I have done what you instructed me to do and here is the url.

Download Link:

Delete Password:

Million thanks to the both of you!

Didn't find the answer you are looking for?

Ask a question
Dear Ambucias,

Thanks a million!!

After following your prescription to the very last letter, my system is all well and good again!

Solved this and all other problems that have been troubling me for a long time. =)

Do you need a copy of the combofix.txt?

And by the way, you mentioned that my system is very vulnerable to future invasion, is there any recommendations that I can adopt to make my system more secure and ready to defend against invasion?

I got to thank you a million times over again or even more!

Cheers and kudos to you!

Jason Zhou
Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,178
Apr 2, 2011 at 04:27 PM
Hello Jason,

I will not require the Combofix log for I know what it did. However, I strongly recommend that you delete Combofix for it cannot be used lightly and any circumstances. Some people have and had to restore their system from scratch. It worked for you after I have analysed your log.

Please ensure your system restore is activated and create a new restore point that you can name Ambucias, this was you know it's a good place to go back to in case of a future infection.

Please be careful with your bittorent peer to peer downloads they are one of the most popular source to propagate viruses. Should you download anything, always scan it with your antivirus before opening or running.

When you McAfee license comes to term, I suggest you look into purchasing F-Secure or Kaspersky.

You are totally welcome, now lets start a chain, help someone else with anything, it can be something simple like helping an old lady to cross the street, donate blood ...or a kidney.

Best regards
Thanks again Ambucias!

I have deleted the combofix and created the restore point as well. I will bear your words in mind and I am honored to be part of this chain act of kindness =)

Jason Zhou