Everything on my computer is renamed to Autoit

[SaraTheGreat]

hi, i am Sara please tell me how can i rename all my desktop icons back to default. my settings are changed.

My Computer = AutoIt\'s Computer

My Documents = AutoIt\'s Docs

Recycle Bin = AutoIt\'s Dust Bin

My Browser Title = AutoIt Script

and i have a file in my all drives with the name Love Secrets.avi

what is this?

[Community On Patrol]

Hi SaraTheGreat,

1st Welcome to the AutoIt Forums!

Some of the following tips may not apply to you, but it may make your life a bit easier here on the forum in the future.

CODE

• Did you know that we have an awesome search feature?

  You can find many answers to your current questions, just by typing in the right search patterns.

• A suggestion is to use the Advanced Search mode:

• Type your specific search term in quotes.
• Click the forum you want to search in (the one most likely to have your information would generally be the Example Script forum and or the General Help and Support Forum).
• Click on "Search titles only" radio button.
• Click perform search.

The above will help you narrow down your searches and prevent you from unneccesarily posting a new thread.

[*]Also, you should try to read the Sticky posts that are at the top of each of the AutoIt Forums you enter such as:

• FAQs (Frequently Asked Questions)

• Are my AutoIt EXEs really infected? (About false positives and what to do if you may encounter one)

[*]Keep in mind, the help file will be your best friend, however you may find some of the tutorials written by some of our elite forum members helpful.

• Valuaters Interactive AutoIt 1-2-3 tutorial

• LxPs Learning to script with AutoIt3

[*]Forum Etiquette:

• Making a new thread:
  • Use the Search feature first to see if your question has already been answered.
  • Look in the help file as well before even thinking of posting (When what you want could be obtained by simply reading the help file, you don't generally get a good response from your AutoIt community).
  • Titles are very important here. 1 word titles or titles like "help me", "write something for me", "I'm a noob" etc... aren't tolerated.
  • Make sure you are posting in the correct forum:
    • General Help and Support:
      • This forum is for AutoIt related support questions only. If you have a question related to another language, or nothing at all to do with AutoIt then you need to post in the chat forum, or in that languages perspective forum.
    • Example Script:
      • This forum is for AutoIt scripts/executables only.
      • Source code is preferred but not necessary, you do have the right to just post the binary of your project if you wish.
      • Please don't post questions in this forum unless it's directly related to a thread already existing.
  • Use common sense when creating a new thread.

    Ask yourself if the title is descriptive enough to even interest someone (preferably those that know what they are talking about) to even look at your thread, let alone reply in it.

  • Think about how it would show in the search feature if someone were to look for something just like you are looking for (think of the keywords you used yourself and obviously didn't find anything (because we know you used the search feature ) and use those types of keywords in your title as well).
• Thread content:
  • Be descriptive with your query. (Make sure we actually know what you want to do).
  • Show you've made an effort in coding what you want (provide the reproducer code (generally no more than 50 lines as people lose interest in debugging someones script for free)).
  • Don't talk in ebonics. A lot of the forum members are adults, and a lot of them know how to help you, but talk like a child, you'll be treated as such.
  • Don't ask for help making keyloggers, spam (even if it's to do as a prank), or anything that can be thought of as malicious. You'll more than likely have the thread locked by a moderator, and take a bashing from your fellow AutoIt community.
  • When posting code, use code boxes. This can be accomplished by using [code ]<content here>[/code ] (No spaces between the brackets []).

    Using code boxes will keep the indentation and make it easier to read for others to help you.

• Bumping your threads:
  • Use common courtesy here.

    Keep in mind every time you bump your thread to the top of the forum, you knock the other threads down a notch.

    Everyone posting for help has just as much right for their threads to get read as you do.

    Because of that, do not bump your post more than once in a 24 hour period.

    A Bump is simply posting in your thread with nothing that pertains to your query with the sole purpose of moving it up.

    Deleting previous bumps, and posting new ones is not tolerated, and the moderators can find those deletions, so do yourself a favor and don't cross that line >_< .

• Rude or obnoxious content:

  This falls pretty much under the common sense thing. If you use it (common sense) before posting, you won't have issues.

  • Don't use foul language, remember, a lot of the community is at work when they read these threads.
  • Don't provoke or instigate an argument with someone.
• Double Posting:
  • It's understood that sometimes there's a lag in the system, and sometimes people don't see their post go up right aways so they post again.

    If this happens to you, simply notify a moderator with the report feature in the post, and politely ask them to delete it.

  • If you're just creating another topic because your original topic is not being answered the way you want or at all, this is not tolerated. You could lose your posting privileges all together over it.
• Non-English languages
  • If English is not your primary language, please make an attempt to interpret (yourself or online) and post that interpretation.

    We have wonderful users from around the world, so after you've done your post in English, back it up with your question also in your native tongue (You may find your answer much quicker using both).

That's it for now, I hope you have a wonderful learning experience, and hope to see you contribute to the community as your knowledge grows.

[SaraTheGreat]

but i have not asked about this information.

[dbzfanatic]

That's a bot, ignore it. It seems like you've got a virus that some *expletive deleted* coded to mess with people. There was a thread not long ago about this, although I'm not sure it's the same one exactly. How did you come about having this? Autoit is NOT a virus, I can't stress that enough, but like any other language it can have malicious applications. Search these forums for "autoit virus" and you should come up with what you need. Look for one that's multi-paged and has Sm0ke_N posting, he posted an executable to remove that virus and it may work for you as well.

Edit: here's the link to the post I mentioned. SmOke_N's virus remover

Edited September 22, 2008 by dbzfanatic

[ChromeFan]

please check the properties of "Love Secrets.avi" file and go to it's version Tab, now tell us what is written there.

[AdmiralAlkex]

To continue on dbzfanatic speech, if you get any problems removing it please upload (for example to http://rapidshare.com) the suspected file (Love Secrets.avi) so we can take a look, if it is created with an older version of AutoIt it could be possible to decompile it and see exactly what it does.

[SaraTheGreat]

please check the properties of \"Love Secrets.avi\" file and go to it\'s version Tab, now tell us what is written there.

in the Properties of file this was written.

File Version: 3.2.12.1

Description:

Copyright:

CompiledScript: AutoIt v3 Script : 3, 2, 12, 1

File Version: 3.2.12.1

Language: English (United Kingdom)

[dbzfanatic]

The version seems too new to decompile so that's out. Sara, did you try using SmOke_N's script that I linked to? If you read through that thread from page one to the end you'll learn a lot and you'll learn how to remove this thing.

[SmOke_N]

The version seems too new to decompile so that's out. Sara, did you try using SmOke_N's script that I linked to? If you read through that thread from page one to the end you'll learn a lot and you'll learn how to remove this thing.

That virus 1 has a different name, 2 doesn't do the same thing.

Personal Message me with the virus executable and I'll have a look to see if maybe I can mod the Angela one for you.

[dbzfanatic]

The other one seemed to copy itself to every drive as well and if you recall it was mentioned that there were at least 11 other variations of it so this could very well be the same virus in a new incarnation. I wasn't sure if your file was dependent on the name but the thread overall is a good way to learn to remove it manually.

Edited September 22, 2008 by dbzfanatic

[LarryDalooza]

If you have "hidden file extensions" ... then this file may be "Love Secrets.avi.exe" . When it was downloaded, you probably had gotten a warning... "Do you really want to run "Love Secrets.avi" and you answered yes. So... turn hidden extensions off... never run anything straight from the web... save it locally and scrutinize it first.

You will undoubtedly have to go through some generic virus removal techniques to solve your problem. This virus is an EXE just like any other, that should not be carelessly executed from a web page.

Lar.

[SaraTheGreat]

i have uploaded the virus file to rapidshare.com for you (smoke_n)

http://rapidshare.com/files/147470813/Love_Secrets.avi.zip

[rbhkamal]

http://www.blueridgenetworks.com/forms/es_register.php

Use this app to prevent future problems like this one.... Just add explorer.exe and firefox.exe to the list of restricted apps so if you ever run something harmful from Internet Explorer directly, it won't be able to do serious damage.

I have it running on my laptop with pretty much everything added to the restricted app list.

Hope this helps

RK

[trancexx]

To be a tiny bit offtopic...

I find formatting drive and making new installation sometimes better solution than molesting your self with running different tools (that can help only if are created especially for the targeted malware). AVs are generally sh*t and would not consider them (they are good only for on-access protection for known malwares, and still sometimes make more dammage than good).

What people should do is have two (min) partitions on HD. One for OS and other for personal stuff (important dosuments and similar).

Malwares are usually focused on @HomeDrive and when things like this happens yo just get your self a coup of coffe, light up a cigarette, sit comfortably, load installation cd follow the instructions and in 1 hour top(?) you will have brand new installation of your favorit os with all drivers and stuff. And will learn something in the process.

Full AV sweep usually takes longer and again you cannot be sure if cleans everything.

Smoking can cause cancer. (this is related to the cigarette part)

[LarryDalooza]

If I had it to do over, I would...

- Load a clean OS

- Load a Virtual Machine software

- Load a clean OS on the Virtual Machine

- Only browse the internet on the Virtual Machine

If a virus gets on my browsing virtual machine, I would just revert to a snapshot.

Lar.

[SmOke_N]

Sorry, I had to step away for a bit.

This guy who created this, codes so poorly, it's amazing he hasn't ruined his own PC (probably he has) by now.

Try running this then restart your PC.

Edit:

Also, anyone that has emailed this guy and received a return email, where they have all the IP info, please send it (All the IP info) to me via PM.

Edited September 22, 2008 by SmOke_N

[NightxStalker]

you would think the person making these viruses in autoit would be smart enough to remove autoit from the file properties.....

[ChromeFan]

Sorry, I had to step away for a bit.

This guy who created this, codes so poorly, it's amazing he hasn't ruined his own PC (probably he has) by now.

Try running this then restart your PC.

Edit:

Also, anyone that has emailed this guy and received a return email, where they have all the IP info, please send it (All the IP info) to me via PM.

what is his e-mail address?

you would think the person making these viruses in autoit would be smart enough to remove autoit from the file properties.....

are you also infected by this virus?

[AdmiralAlkex]

what is his e-mail address?

Why would you want a virus-creators email? That sounds fishy....

[SmOke_N]

what is his e-mail address?

It's the same that you and Fred??? had. I know he emailed the person.

Why would you want a virus-creators email? That sounds fishy....

I'm going to assume you are talking to ChromeFan.