I have the herss.exe virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Toyman

Thread Starter
Joined
Mar 24, 2001
Messages
225
I have just spent the last day and a half getting to the bottom of thios herss virus. Here is what I have

determined.


1. It ONLY activates when I click on a drive other than my C Drive. It did it on my E Drive which is an extension of

my C Drive it also Activated on my D Driove which is a drive in my computer case AND it activated on an EXTERNAL

drive..... what do I mean activated? I observed in my startup folder in msconfig that ONLY ..... and this is from

about 10 different installs of windows..... AFTER I clicked on my E Drive or my D Drive or my G Drive that herss.exe

shows up in the startup folder...... never when I click on my C Drive though.

Here's something interesting though..... when I right click on my D or E or G drives and click EXPLORE..... not sure

why.... but when I click on exlore drive it doesn't activate the herss.exe virus.

If I forget and click on a drive INSTEAD of exploring it and getting to my folders I have the virus AGAIN.

here's something else I noticed....notice in the screen shot it says "Run The Program using the program provided on

the device...... never used to see that.... SOMEHOW there MUST be a hidden .dll or program on my E or D or G drive

that is hiding this VIRUS and not sure why but it only activates upon clicking on the drive.....

how can I discover WHERE this program is..... the folders don't SAY there is anything hidden..... is it

I have FORMATTED my C drive my E Drive and my D Drive..... and STILL this thing is on there.....

is there a place in the registry that stores programs like this to acitvate at a certain time or a certain activity

that causes it to activate and I can delete it from there?

I have tried anti virus software....NO LUCK.....

SOMEHOW there is a program SOMWHERE that I need to delete .... how and where is the question...

for now I can work around this problem but one wrong click and I have herss.exe eatting up all my resources.... it

runs the CPU at 100% and causes most tasks to run slower and my keyboard to run slow....

If I am right in guessing.....if I can discover where they hid this program and delete it from there I will be good

to go...

I have win XP, SP2, have had the same copy of XP for like 7 years and never had this problem before.

please help..... and thanks in advance....



Is that "Run The Program" the culprit? and if so where is it so I can remove it..... I also wonder how it got in there and STAYS there even after I format..... hmmmmm
 

Toyman

Thread Starter
Joined
Mar 24, 2001
Messages
225
Not sure if it will show up here or not. It may be lying dormant waiting for me to click on a drive to activate or install it.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:16:55 PM, on 1/10/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/My%20Home%20page.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

--
End of file - 3345 bytes
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top