3 Replies Latest reply on Jun 13, 2012 6:28 AM by Peter M

    FolderName.exe

      Hello,

      I have a virus that hides my folders and creates another one with the same name but with extension .exe.

      I tried many solutions like: Updating the DAT file and perform a full scan in the safe mode, but McAfee can not detect this virus.

      This virus causes a lot of damage to the computers in our company, it disable system restore, disables MSConfig, hides the folder options from tools menu,... etc.

      Please I need a solution that solve this problem as soon as possible.

        • 1. Re: FolderName.exe
          Attila Polinger

          Hi,

           

          I would like to give just some hints, not a complete solution. This seems like an autorun worm as many hits in web search suggest. Therefore the first thing could be to globally disable Windows autorun and autoplay via goup policy so other computers do not contract it.

          Also some VirusScan Access Protection settings need be enforced (block/report) globally, some of them are:

          - Prevent remote creation of autorun files

          - Prevent registry editor and task manager from being disabled

          - Prevent programs registering to autorun.

          - Prevent McAfee services from being stopped

          - enable blocking of al McAfee file related Access Protection rule,too.

           

          I suggest that on the infected host (after enabling the above, too) first run an on-demand scan with the DATs up to date and Heuristic network check set to medium at least. For ODS scope you can first set only memory, rootkits and registry to be quick. Hopefully it will identify something.

           

          There is a chance that the worm injected itself under a running system process, and that prevent VirusScan from terminating it. In that case chances are that no other AV/AS software can immediately cure. Some software then marks the process file for deletion at next reboot.

           

          Attila

          • 2. Re: FolderName.exe

            hi,

            Greetings of the day.

            Newfolder.exe is a virus and spreads to folders in the system.

            This virus does not allow you to use Task Manager, does not hide/unhide folder, disables system restore.  This is a Ravmon virus and you can search for the same on Google for Ravmon virus removal too.

            Try the following.

            1.  Download Stinger.exe from vil.nai.com and/or Malware Antimalware bytes and/or SDFix from bleepingcomputer.com and/or Ravmon virus removal tool and update malware antimalware bytes

            2.  Remove the LAN cable.  set the system restore off.

            3.  Restart the system in safe mode and in administrator mode.

            4.  Run Ravmon virus removal tool.

            5.  Run Stinger, will detect and remove.

            6.  Else run Malware Antimalware bytes.

            7.  Else run SDFix.
            The autorun/newfolder.exe will be removed.  Restart your system and start to use and just before you shut down at the end of the day, enable system restore.

            thanks.

            • 3. Re: FolderName.exe
              Peter M

              This thread is 2 years old - locking as situations change dramatically in that time.  Any new posts on foldername.exe or other malware should go in the Malware Discussion section here:  https://community.mcafee.com/community/security/malware_discussion/corporate for Corporate (where I just moved this thread) and here: https://community.mcafee.com/community/security/malware_discussion/consumer for users of the home software.

               

               

               

               

               

               

               

               

               

              Message was edited by: Ex_Brit on 13/06/12 7:28:01 EDT AM