Hi everybody

Here is my problem : today I plugged my professional SD card to my computer and I could see that the files were not fine (like visually not usual). I freaked out and started an Avast check-up. Immediately, all the files were sent to the “infested area”. I never had that kind of problem before. Turns out my SD card had been infected by the WIN32:VB-EIK virus or malware. A friend told me that this virus is not so bad but obviously I must clean my computer as well as reformat my SD card. The very very very big problem is that I could loose all of my pictures…which are professional ones.

I REALLY NEED TO KNOW if there is any way to retrieve these pictures BEFORE deleting the infected files from my Avast infected area + cleaning my SD card + removing that fucking virus from my computer… Can someone help me please ?

instructions >>> https://forum.avast.com/index.php?topic=194892.0
attach the requested logs

also scroll down to SPECIFIC INFECTIONS LOGS
Follow MCShield instructions … this log you COPY PASTE here

when done a malware expert will be notified

Im sorry…Im a complete newbie here.
Are you sure these logs will allow me to find a solution in saving the pictures ?
I feel like it onlyl helps me to clean up my tools.

Im sorry...Im a complete newbie here.

Get the requested logs and a malware expert will assist you

Do I send the requested log to you ?

No you attach them here … how to do it is in the instructions

and MCShield log you copy paste here … not attach this one.
A forum issue makes it look like chinese if attached

WIN32:VB-EIK is a network worm, if you backup before cleaning then i guess backup will also be infected …

https://www.virustotal.com/nb/file/ec7c6ed4bf57cb7cc4c6d39b71296d71632abf2a1a41bb0f558cfc048e5d0682/analysis/

Find attached the three requested logs.

I also did the MCShield scan and my pictures went back in the SD card file !!! Does that mean the card is ok and I can safely use the pictures or what ?

Thanks so much for your help. I hope this virus will be easy to delete from my compu.

Here is the MCSHield copy past :

MCShield AllScans.txt <<<

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<

03/10/2018 11:15:08 > Drive C: - scan started (no label ~298 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<

03/10/2018 11:16:08 > Drive D: - scan started (no label ~30627 MB, FAT32 flash drive )…

D:\Thumbs .db - Malware > Deleted. (18.10.03. 11.19 Thumbs .db.224438; MD5: b8a5d1cc47ac43b99d995a7b796df8be)

=> Malicious files : 1/1 deleted.

::::: Scan duration: 3min 39sec ::::::::::::

Does that mean the card is ok and I can safely use the pictures or what ?

It may be hours before he is online

This was the one found by MCShield
https://www.virustotal.com/#/file/852c6adbe81a4d8e7c3488b606995f7f744c3acdf1b3922a8976816b80908793/detection

https://www.symantec.com/security-center/writeup/2007-041021-3856-99

• Open Notepad (click Start button → type notepad.exe → press Enter)
• Copy text from code block below and paste it into Notepad

Task: C:\Windows\Tasks\JasuvPPUHCDi0cfm2CP.job => C:\Users\Hlios\AppData\Roaming\JasuvPPUHCDi0cfm2CP.exe <==== ATTENTION
Task: C:\Windows\Tasks\sK7c40womQJLjwJ9ISZKYJzEEue.job => C:\Users\Hlios\AppData\Roaming\sK7c40womQJLjwJ9ISZKYJzEEue.exe <==== ATTENTION
VirusTotal: C:\Users\Hlios\AppData\Roaming\JasuvPPUHCDi0cfm2CP.exe;C:\Users\Hlios\AppData\Roaming\sK7c40womQJLjwJ9ISZKYJzEEue.exe
C:\Users\Hlios\AppData\Roaming\JasuvPPUHCDi0cfm2CP.exe
C:\Users\Hlios\AppData\Roaming\sK7c40womQJLjwJ9ISZKYJzEEue.exe
EmptyTemp:

• Go to File → Save As
• Make sure that UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Done.

Make sure that MCShield is running and then insert SD card.