help plis!

[canon515j]

hi alls

first sorry by me bad english, i speack spanish and use translator of google.

Second and most importantly, I have a trojan that my home avast not even acknowledged to date, installed on my drives removable an executable file called ntde1ect.com and their respective autorun.inf appears to be an editor regisatro and something more, blockade "View hidden files and folders" and "learn the system"

I am using XP home and discovered everything when using ubuntu that shows the files on disk window.

If anyone can help me with this trojan thanks

[DavidR]

You should send a sample of ntde1ect.com to avast.

Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

Autorun.inf shouldn't be in regular Hard Drives it is normally only found on removable media (like USB flash drive) and that is probably how your system got infected. If you have a USB flash drive you should check for the presence of ntde1ect.com and delete it, also check for autorun.inf. If found open it with Notepad and check if there are any run commands for other files and post the contents of the autorun.inf file here.

See, http://www.prevx.com/filenames/X2769565878543970189-0/NTDE1ECT.COM.html

[canon515j]

Attached and DD formatted ..... The file prevents see hidden files and system through folder options, besides installed in the window partition security system and preventing restore reinstall from the same =\

Thanks for the information, sorry bad english.... powered by google xD

[DavidR]

I don't know how happy you are working in the registry but this modification should restore the ability to use the unhide files and folders, etc. Before working in the registry you should back-up at least the key you are working on, when you find the key in the quote below, right click on it and select export, choose a meaningful name and location (so you can find it again).

1. Click “Start” -> “Run…” (or press Windows key + R)

2. Type “regedit” and click “Ok”.

3. Find the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

4. Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t, delete the key.

5. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1.

6. The “Show hidden files & folders” check box should now work normally. Enjoy!

This comes from this link, http://www.neowin.net/forum/index.php?s=6e407ec1e219ee972eb58488f7464f37&showtopic=587995&pid=588872075&st=0&#entry588872075 and there is some other useful things there.

[essexboy]

As a alternative you could run Combofix and post the log

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
  
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
  

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[DavidR]

Does combofix also correct registry entries ?

[essexboy]

It will re-enable safe mode, regedit and show exactly how the registry value has been modified

[DavidR]

Thanks for the update.