I recently DID get a virus to my other l337 computer.
But as a pr0 I am, I disconnected my internet connection so the virus couldn't "re-generate" itself.
However, after that my virus scan killed the major viruses, 12 total.

Anyhow, now my C:\ is all messed up. Some "hidden" files and folders have been showing up and leaving my C:\ to look all messy. And even on WINDOWS I got alot of weird files.
Some of them were called:
sqmdata01 - sqmdata08
and some other "sqm..." related files.

Also I looked up the time when created and last modified. And found some very interesting stuff.
My "boot.INI" had been modified the day I got the virus (Oktober 1).

Now I'm afraid of rebooting my comp incase it will be damaged.

And a total reformating wouldn't be my first choise because I have over 10GB of really important programs and schoolwork, which I just can't delete.

First of all, is it safe to delete these hidden files? "sqmdata"?
And how can I replace the original boot.INI? and how can I edit it?

The C:\ also had weird EXE files which I deleted. I think they were a part of the original virus.


EDIT: For crying out loud, seems like the virus modified all files that end with an ".INI". My Winamp INI file have been modified, my game INI files have been modified, my desktop INI have been modified. Now it's basically safe to not doing anything at all, I'm even afraid of opening my winamp and listen to some music.

Anyways thanks in advanced.

Download and burn to disk these programs:

Ad-Aware SE 1.06 - Pro if you can
Symantec Antivirus or AVG

And to sort out your boot.ini click on start run... type in msconfig go to the boot.ini section, and sort it out if you can, this is what mine looks like:



If you can't fix it, then try a program called Spy Sweeper, that might be able to help.

Jay, NOD32 is the best antivirus program.

In anycase, it doesn't look like your system will be virus clear until you reinstall windows. My recommendation would be to get an external HD, backup your data on it, then reinstall windows.

---

when my c drive was messed up, i took it in and got the registry cleaned. It costed me about 35 dollars, and it took one day, t worked fine afterwards

---

Yup, Incia, you should reformat. That will make sure you don't have any viruses for sure.

Blackace, 90% of the time "cleaning the registry" just breaks applications. You paid $35 for someone to edit your msconfig.

---

If refomating is the only option here, how can I then save my schoolworks?
It's about 3,5 GB.
Oh, and I looked at the boot.ini it seems to be fine, no changes in the coding whatsoever.

BTW what is the "pagefile.sys"? it's 1,5 GB big :S

pagefile.sys is your virtual memory you big dummy. lol.

Back up your data on an external hard drive or on a dvd.

---

I sended my precious folders through MSN to my other computer. Now I can perhaps formate this computer.
But strangely enough... I have been able to be online for almost an hour without getting any error reports or virus attacks. Maybe I got rid of it?

EDIT: Nope, computer crashed.

EDIT: But now I have formated it and everything workes nice. But I recently noticed a file named .RND on my C:\, what the heck is this?

AVG Free Edition is what your after.

CrapCleaner is good, too.

I have almost always used AVG Free Edition. But strangly enough, if you already have a virus it won't detect it. Well it didn't detect it when I had the virus.
Anyways the computer is formated now and everytihng is okay.

But still wondering what the heck this .RND file is.

Incia, if it doesn't hurt, don't poke it. lol.

Looks to me like a randomly generated file. Could be safe to delete, but I'd leave it if theres nothing wrong.

---

Okay seriously, am I the only one of which the thought "Ronald McDonald" came to mind when seeing that?

I think yes Twii.

Okay, a new file. Ntuser... is it safe to delete this file? well I did...

Okay, recently my antivirus found a virus but it said it "healed succesfully". Nothing weird after that. But now every now and then a log file regenerates itself, what is it?

lxcf (text document)
When opened it says:
2006/11/22-03:33:02.654 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/22-03:33:10.483 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/22-23:41:01.812 ComClient LcsGetClientIdRunnable() exception=2147943453
2006/11/22-23:41:09.968 ComClient LcsGetClientIdRunnable() exception=2147943453

http://filext.com/detaillist.php?extdetail=RND 
It's some kind of rendering thingy for modelling software or something...

---