Good evening, people. I’m watching Pinoy Big Brother at the moment, but I’m just waiting for the ranking so I’ll blog. This has a sad ending tho.
Today’s Symptoms:
- Your files and folders became executable (.exe) files
- Other .exe files and shortcuts appear
You are clueless how some files you don’t own suddenly appeared
I plugged my USB drive into my old Toshiba laptop since I have to copy some anime episodes from it. Autoplay! WHAT THE—
Applications (.exe files) that use a folder icon with the names Love You, Money, Nude, Sex, System Volume Informaton, and weejoeh are inside my USB drive! There are other shortcuts too. Where did those stuff freakin’ come from, anyway? I’m supposed to have only one folder here. Yup, the BLAH BLAH folder is here. WAIT WAIT—why does this have a .exe extension?! NOOOOOOOOOOOOOO!
Okay, Avast, check if there are viruses.
WHAT?! “EVERYTHING IS GOOD” YOU SAY?!
So Avast did not recognize it.
If the same thing happened to you (even if weejoeh is not the name but the situation is somewhat the same), read on to know what to do!
Should I reformat my USB drive?
NUUUUUUU! Absolutely NOT! YOU SHOULD NOT REFORMAT IT. I repeat, reformatting does not help at all because of the following reasons:
- The files with unknown source WILL JUST COME BACK even if you delete them over and over.
- Your files (yup, the files that you own…and in my case I own a folder named “BLAH BLAH”) will be gone forever!
Should I open the files to know what’s going on?
ANOTHER BIG NO. The malware will copy itself to your PC. I opened BLAH BLAH.exe and the malware did copy itself to my laptop with the following location: C:\Users\Jolene\heojeew and it was hard for me to delete it since it was running (note that this file is an application) and every time I attempted to stop the process with Windows Task Manager, the task manager would crash. I always end up not being able to stop the process.
Well, if you didn’t do what I did, try to end the application with the task manager. Press CTRL + ALT + DELETE and then select TASK MANAGER from the menu (Vista and above). For Windows XP, the Task Manager will show immediately instead of a menu. Select weejoeh.exe from the list and click END TASK. Look for all files named weejoeh.exe in My Computer and delete them all. Delete all the other suspicious files as well if you can.
TOO LATE! I opened one of the files! (Or I cannot delete the files!)
Aw! Okay, allow viewing of files and folders
- While on Windows Explorer, click the VIEW tab (which is beside SHARE or COMPUTER)
- Click on the “HIDDEN ITEMS” and “FILE NAME EXTENSIONS” checkbox over SHOW/HIDE to allow viewing of hidden folders.
Here’s another method:
- Go to CONTROL PANEL
- Click APPEARANCE AND CUSTOMIZATION
- Click FOLDER OPTIONS and click the VIEW TAB
- Under ADVANCED SETTINGS, click SHOW HIDDEN FILES AND FOLDERS and uncheck HIDE EXTENSIONS FOR KNOWN FILE TYPES.
Most likely your real files have appeared by now. And more other hidden files have appeared with it, too.
If you have a malware scanner/remover (see THIS LIST or THIS ONE), scan your hard drives and removable disks. They’ll probably detect them as suspicious stuff. However, if you are like me and you only have an antivirus software, you can ask help on forums first like what I did. Do not download immediately and wait for your thread to have a reply.
Look for the forum that corresponds to your antivirus software. I checked the Avast forum since I use Avast. Just google it this way: [your antivirus software] Forum
Experts on forums usually ask for logs, but I won’t tell you how to take them since the experts will be the ones to tell you which program should you use. I was recommended to install MCShield (which is free so, yeah). It worked. This is not an advertisement *facepalm* so please don’t flood this post about other ‘better’ programs. Besides this I had to clean my laptop with other software that was on the directions. Just read the thread. What’s important is the malware is gone and I’m happy about that.
My message for today: don’t keep on clicking on stuff (ads, files, EVERYTHING) Also always show all file name extensions* so that you’ll know if the file that you have is something YOU DO OWN or not. Most important of all, freakin’ disable AUTORUN** please! Yay~
Other questions related to this post that I can answer…please comment. I am not a computer expert, I’m just a high school student who is interested in computers. Hopefully I’ll be able to answer those hardcore computer questions after 4 years. Hahaha.
~Kairu
P.S:
Tell me if there is something wrong with the links please.
Two-faced life 