Issues creating new folders.exe

Question

Hello,
I have a problem with my files; each of them has a duplicate subfolder with the same name. At first, these subfolders appeared with the .exe extension (not anymore), and if I click on them, they redirect me to the general structure of my folders under my documents. For now, it doesn't seem to have any other consequences, but on one hand, there's no way to delete them; they keep coming back, and on the other hand, I can feel that there’s something processing in there; it doesn’t smell good...
I don’t know if I got this thing from P2P or with a USB stick, but what’s certain is that I have a stick that has the same problem.
I ran a HijackThis scan, but as soon as I can copy the report, my computer shuts down and restarts...
And finally, when my computer shuts down, I get a message saying that the services.exe or xxxx.exe program hasn’t finished.

Is there anyone who can help me?
Thanks in advance.
Vincent

Configuration: Windows XP / Internet Explorer 8.0

g3n-h@ckm@n · Answer

Hello  &#9654 Download here: USBFIX on your desktop  Connect all your USB devices without opening them  /!\ Temporarily disable only for the time you are using USBFIX, the real-time protection of your Antivirus and Antispyware, which may greatly interfere with the scanning and cleaning process of the tool.  If you have XP => double click If you have Vista or Windows 7 => right click "run as...."  on the Usbfix icon located on your Desktop. On the page, click on the button:  &#9654 select the Removal option  &#9654 UsbFix will scan your PC, let the tool work.  &#9654 Then post the UsbFix.txt report that will appear on your desktop.  &#9654 Note: The UsbFix.txt report is saved at the root of the disk. (C:\UsbFix.txt)  ( CTRL+A To select all, CTRL+C to copy and CTRL+V to paste )   -- ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_Development_¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_Scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Vincentdjoe · Answer

Hi,

Here is my scan but only with the "search" function and in safe mode, I couldn't manage with the "delete" option, it kept disconnecting.
############################## | UsbFix 7.036 | [Search]

User: Windows (Administrator) # PC-201009141448 [ ]
Updated on 20/12/10 by El Desaparecido / C_XX
Started at 10:12:57 | 27/11/2011
Website: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: AMD Turion(tm)X2 Dual Core Mobile RM-70
CPU 2: AMD Turion(tm)X2 Dual Core Mobile RM-70
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

RAM -> 1789 Mo
C:\ (%systemdrive%) -> Fixed disk # 241 Go (63 Go free - 26%) [] # NTFS
D:\ -> Fixed disk # 225 Go (122 Go free - 54%) [Local disk] # NTFS
E:\ -> CD-ROM
F:\ -> Removable disk # 471 Mo (29 Mo free - 6%) [UDISK 28X] # FAT
G:\ -> Removable disk # 2 Go (2 Go free - 88%) [] # FAT

################## | Infectious items |

Present! C:\Documents and Settings\Windows\Local Settings\Application Data\csrss.exe
Present! C:\Documents and Settings\Windows\Local Settings\Application Data\inetinfo.exe
Present! C:\Documents and Settings\Windows\Local Settings\Application Data\Kosong.Bron.Tok.txt
Present! C:\Documents and Settings\Windows\Local Settings\Application Data\ListHost15.txt
Present! C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok
Present! C:\Documents and Settings\Windows\Local Settings\Application Data\lsass.exe
Present! C:\Documents and Settings\Windows\Local Settings\Application Data\Ok-SendMail-Bron-tok
Present! C:\Documents and Settings\Windows\Local Settings\Application Data\services.exe
Present! C:\Documents and Settings\Windows\Local Settings\Application Data\smss.exe
Present! C:\Documents and Settings\Windows\Local Settings\Application Data\winlogon.exe
Present! C:\Documents and Settings\Windows\Start Menu\Programs\Startup\Empty.pif
Present! C:\WINDOWS\system32\Windows's Setting.scr
Present! C:\WINDOWS\system32\cmd-brontok.exe
Present! C:\Documents and Settings\Windows\Templates\Brengkolang.com
Present! C:\WINDOWS\ShellNew\rakyatkelaparan.exe
Present! G:\winamp_cache_0001.xml
Present! C:\Documents and Settings\Windows\My documents\items for sale or donation\items for sale or donation.exe
Present! C:\Documents and Settings\Windows\My documents\OneNote Notebooks\Personal\Personal.exe
Present! C:\Documents and Settings\Windows\My documents\Brahim\Brahim.exe
Present! C:\Documents and Settings\Windows\My documents\Budget\Budget.exe
Present! C:\Documents and Settings\Windows\My documents\Budget\RITMO\Conventions\Conventions.exe
Present! C:\Documents and Settings\Windows\My documents\Budget\RITMO\RITMO.exe

I STOPPED THE SCAN HERE BECAUSE ALL MY FOLDERS SHOW UP WITH A SUBFOLDER OF THE SAME NAME.EXE, IT MADE A HUGE BUNDLE
Present! F:\Gardes Outre-mer\Gardes Outre-mer.exe
Present! F:\CA July 7 2011\CA July 7 2011.exe
Present! F:\Data HASSAN.exe
Present! F:\ATEN\ATEN.exe
Present! F:\.fseventsd\.fseventsd'.exe
Present! F:\.Spotlight-V100\Store-V1\Stores\1BF61FA8-2993-4A3E-9C7C-74E4EFD223BD\1BF61FA8-2993-4A3E-9C7C-74E4EFD223BD.exe
Present! F:\.Spotlight-V100\Store-V1\Store-V1.exe
Present! F:\Data WINDOWS.exe
Present! G:\.Spotlight-V100\Store-V1\Stores\0B6232BD-FAEA-4460-9A2F-98D23B42B319\0B6232BD-FAEA-4460-9A2F-98D23B42B319.exe
Present! G:\.Spotlight-V100\Store-V1\Store-V1.exe
Present! G:\aten\aten.exe
Present! G:\.fseventsd\.fseventsd'.exe
Present! G:\Data WINDOWS.exe
Present! G:\Regional Meetings\2010\2010.exe
Present! G:\Regional Meetings\2009\2009.exe
Present! G:\Regional Meetings\2008\PACA\PACA.exe
Present! G:\Regional Meetings\2008\Normandy\Normandy.exe
Present! G:\Regional Meetings\2008\North\North.exe

################## | Registry |

Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFolderOptions
Present! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Bron-Spizaetus
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|tok-cirrhatus-1959
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|tok-cirrhatus

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{61014a0d-84a3-11e0-8198-00210053b435}
Shell\AutoRun\Command = F:\Windows\CHECK\DriveNavigator.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{faea5f42-0823-11e0-bfe4-0022644bb0d2}
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL aHmed OmAr MAHAMouD.exE

HKCU\.\.\.\.\Explorer\MountPoints2\{fbb6ce0a-d20c-11df-bf37-00210053b435}
Shell\AutoRun\Command = F:\start.bat

################## | Vaccine |

(!) This computer is not vaccinated!

################## | E.O.F |

I hope this will help move things forward.

Thank you

Vincent

g3n-h@ckm@n · Answer

hi specify "it was disconnecting too much"   -- ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_Development_¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_Scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Vincentdjoe · Answer

Hi,

First, I had trouble downloading usbfix; the internet connection kept dropping and then the computer restarted. This happens every time I click on the links to this forum that I have in the emails I receive. I tested it with a dozen links to other sites, and there was no issue...?
Then the "delete" option scan crashed around halfway through the scan. Black screen and two blue rectangles on each side. I waited a long time, but nothing happened.

Vincent

g3n-h@ckm@n · Answer

&#9654 Download CleanX-II from sUBs (thanks mOe) here:  if you have XP => double click if you have Vista or Windows 7 => right click "run as...."  &#9654 Disconnect your internet access. Cut all physical connections (unplug the modem, ...). &#9654 Close all applications. &#9654 Disable and then re-enable your system restore. &#9654 Launch CleanX-II.exe to start the repair. &#9654 Click OK when you receive a warning message. &#9654 At the end of the scan (which can take several minutes, please be patient until it finishes), it will produce an error message (because the tool does not account for the copy for a French Windows). To bypass this error, do this: &#9654 Start, run and type: %temp%\report.txt. Notepad will open the report, copy/paste it into your new post.  &#9654 If this report shows that there are still infected files (at the end of the report after "POST RUN ANALYSIS"), run the tool again. &#9654 Open the report again using the method above and copy it into your response. If there are still infected files, there is no need to run the tool again. The report needs to be examined.  and -- ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_Development_¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_Scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Vincentdjoe · Answer

Hi, I had a hard time downloading cleanX-II again; I had to put it on a USB drive from another computer. But here are two scans to follow, the first one shows that I seem to have a lot of problems, while the second one looks clean, except that after about twenty minutes of using my computer, especially if I go online or open my email, it comes back. That said, my computer has regained some speed; it's not as bad, but I still have subfolders being created. Last piece of information, I just realized that I disabled system restore before the scans but forgot to reactivate it.  Thank you in advance  Vincent  #######################################################################   Brontok Worm Removal Tool - (Version - 06.09.17B)  by sUBs #######################################################################  Current date: 10/12/2011 Current time: 12:53:38,87 === PRE RUN ANALYSIS =================================== ...................................... C:\WINDOWS\SHELLNEW\RakyatKelaparan.exe C:\WINDOWS\system32\cmd-brontok.exe C:\Documents and Settings\Windows\Local Settings\Application Data\csrss.exe C:\Documents and Settings\Windows\Local Settings\Application Data\inetinfo.exe C:\Documents and Settings\Windows\Local Settings\Application Data\lsass.exe C:\Documents and Settings\Windows\Local Settings\Application Data\services.exe C:\Documents and Settings\Windows\Local Settings\Application Data\ListHost15.txt C:\Documents and Settings\Windows\Local Settings\Application Data\smss.exe C:\Documents and Settings\Windows\Local Settings\Application Data\winlogon.exe C:\Documents and Settings\Windows\Local Settings\Application Data\Bron.tok-15-10 ............... C:\Documents and Settings\Windows\Local Settings\Application Data\Bron.tok-15-10 C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\a.pickaver@eucc.net.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\abbadia@hendaye.com.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\abue@cg59.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\agora@agora.qc.ca.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\am.trevel@rivagesdefrance.org.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\axel.thierry@environnement.gouv.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\c.truffaut@rivagesdefrance.org.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\cdupont@mairie-saint-brevin.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\clubinfoandernos@gmail.com.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\contact@cress-fc.org.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\dation.dmf@culture.gouv.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\f.pitron@rivagesdefrance.org.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\g.moreau@rivagesdefrance.org.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\gressierjerome@neuf.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\h.michaud@rivagesdefrance.org.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\j.vandersalm@eucc.net.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\jc.bonnafe@conservatoire-du-littoral.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\jjordan@crib95.com.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\laure.collin@jeunesse-sports.gouv.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\legs@paris.msf.org.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\lucbrun@wanadoo.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\lwoock@eid-med.org.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\m.ferreira@eucc.net.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\marie.le.scanve@mairie-perros-guirec.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\marie.le.scanve@perros-guirec.com.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\michel.david@cg50.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok
ature@ville-lattes.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\p.bazin@conservatoire-du-littoral.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\pa.poli2b@orange.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tokdelauzanne@somme.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tokivages@rivagesdefrance.org.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\saintmaurice@wanadoo.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok	hierrybalesdent@baiedesomme.org.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\v.jolivet@rivagesdefrance.org.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\vjolivet972@hotmail.com.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Loc.Mail.Bron.Tok\walch.frederick@hotmail.fr.ini C:\Documents and Settings\Windows\Local Settings\Application Data\Ok-SendMail-Bron-tok  === POST RUN ANALYSIS ==================================  NOTE The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time. 12:55:06,85 ======================================================   HERE IS THE SECOND SCAN:  #######################################################################   Brontok Worm Removal Tool - (Version - 06.09.17B)  by sUBs #######################################################################  Current date: 10/12/2011 Current time: 12:55:41,59 === PRE RUN ANALYSIS ===================================  === POST RUN ANALYSIS ==================================  NOTE The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time. 12:55:48,87 ======================================================

g3n-h@ckm@n · Answer

uh.....

delete usbfix, redownload it and restart a deletion with
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_Development_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_Scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Issues creating new folders.exe

7 answers

What is your experience with android tablets abor

Disable office

Reinstallation of w11 impossible after pc crash...

I would like to know how to report a scam

Site unreachable

Nonexistent sent items folder

Transfer mp3 from pc to mobile

Increase the capacity of free's zimbra webmail to 10gb

Unrefreshed usb drive on android interface

Tencent impossible to remove