Something is changing my .exe files to 0-byte files

[LoctOut]

and adding this $$$ebpebpebpebp$$$ to the extentions. ( read.exe becomes read.exe$$$ebpebpebpebp$$$)

This only happens when I try to install Kaspersky AV version 5. But I know it is a good, clean version. Something is being triggered by the installation of kaspersky. I have Symantec's v 9 corporate instaled and if finds nothing.

I've checked for hidden data streams (supposedly a vulnerability of NTFS partitions) and found a few which I deleted, but still have the problem.

I've been messing with this for 2 days now and am at a total loss. It quickly will change .exe, some .rar, and some desktop.ini files. Once written, they can't be deleted. It also adds entries to the registry of .rar$$$ebpebpebpebp$$$ and .exe$$$ebpebpebpebp$$$ as new file types.

 

[Tittles]

Download Ad-ware and search for spyware and all that crap. U positive that its clean? Has it always done this or did u just get it?

 

[LoctOut]

I've already scanned with the latest versions of ad-aware, spybot, spysweeper, hijack this and others. Yes I know it to be a clean version because it installs on other systems just fine. Also scanned with a couple tools for alternate data streams (ADS) which most AV scanners won't detect. Should add I'm using Win XP Pro with SP2

 

[Tittles]

Maybe is a software confict or somethin. Sorry i cant help much pretty sure someone will respond soon tho.

 

[Xie]

Sounds like a virus .. similiar to this one here. Perhaps try and scan your system with housecall (its free online AV) and see if it finds anything.

 

[LoctOut]

Xie... nope, not creative. Housecall comes up negative too...... thanks though

 

[Tittles]

Man...kinda of a stumber when its not ad-ware or a virus. Its gotta be a virus cause what else would be doin that? I dont think i will be sane again untill i find out whats goin on.

 

[Electronic Punk]

Could you post your hijackthis log, just to be sure.

 

[GoNz0]

search the registry for $$$ebpebpebpebp$$$

find anyhting ?

 

[LoctOut]

It also adds entries to the registry of .rar$$$ebpebpebpebp$$$ and .exe$$$ebpebpebpebp$$$ as new file types.

 

[Maveric169]

What about your system processes list? Anything JDLR there? Might try and kill all processes except the system critical ones and see if it still happens. That would at least eleiminate other software so if it still happens you know it is something in windows.

 

[dave holbon]

Somewhere I remember this type of file extension alteration being part of the execution or activation process of various types of virus in an attempt at buffer overflow. This virus has some bugs inherent in its design as it’s failed to patch the executable correctly and write out the code back to the copy which results in zero file sizes with the strange extensions. This could even be a new virus or a corrupted old one either way I doubt if most AVC’s will detect, Kaspersky should though, that is if you can start it. Try running directly from the CD but again can’t remember if you can do this with Kaspersky.

 

[vision]

$$$ebpebpebpebp$$$

i am getting the exact same error/problem.
if anyone has found a solution please post, or email me at daemon7@hushmail.com

 

[dave holbon]

If you’re using Windows XP SR2 firewall, download from the Kasperskey site their 30 day trail of Kasperskey firewall and disable the XP version just before the re-boot.

Download the latest version of Kasperskey 30 day trail of AVP, un-install the version of Kasperskey (whatever it is) and install the new download version. Re-boot the machine, go to Kasperskey site and update the AVP engine. Re-boot again.

Do not go on-line. Perform a complete system scan with AVP as this can access all your restore points and other areas of the system you cannot access as it runs in ring one, as a system process, and will catch just about everything possible.

If no problems are found then I suspect that the files now at zero bytes were themselves viruses or whatever but I know that this is probably not the case, my view is that a virus within a virus, or bug in a virus has caused this. Set Kasperskey to scan at its highest level by selecting, “settings” on the tab and set “configure real time protection” and “on demand scan” to their highest levels, re-boot then perform another full system scan.

As before hidden partitions on your drive are sometimes prevalent and some sophisticated viruses can produce their own password protected partitions using what is in effect a hand written (miniature operating system itself) partition that no version of windows or Linux are aware of. If this does not work only one path is left, this being to download from the hard drive manufacture the utility that performs a low level format of the drive and has the ability to destroy all partition on it, totally. No operating system can do this, it must be the utility from the hard drive manufacture.

 

[LeeJend]

If all that doesn't work reformat, because you are badly infected.