. bat secured by kapersky internet security 2017 virus

Hi all,

Newcomer here

I think my laptop has been infected by this .bat virus/Trojan.

It has affected by USB drives.
while I manage to save the USB drives, problem still persist the moment I inserted usb drives in my laptop.

installed avast free and subscribed to avast cleanup to no avail.

need assistance to get rid this virus from my laptop.

Attach your basic diagnostic logs. (MBAM, FRST and MCShield)
Instructions: https://forum.avast.com/index.php?topic=194892

Hi,

Attached are files required. took a bit of time to respond.

MCS Shield

MCShield log must be copy an paste here og it wil look like chinese

It may take some hours before malware experts are online

Thanks Pondus.

here goes.

MCShield AllScans.txt <<<


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<

30/11/2017 5:19:08 PM > Drive C: - scan started (Windows8_OS ~426 GB, NTFS HDD )…

=> The drive is clean.

30/11/2017 5:19:09 PM > Drive D: - scan started (LENOVO ~25 GB, NTFS HDD )…

=> The drive is clean.

30/11/2017 5:19:10 PM > Drive E: - scan started (no label ~3846 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<

30/11/2017 5:19:47 PM > Drive E: - scan started (no label ~3846 MB, FAT32 flash drive )…

=> The drive is clean.

  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
IFEO\appvlp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\googleearth.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iumsvc.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lenovo.harmonypicks.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lenovo.harmonysetting.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msouc.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\netcamstudio.client.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\netcamstudiox.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenotem.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\setlang.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
VirusTotal: C:\Users\Sharul Sazman Samaan\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe
Startup: C:\Users\Sharul Sazman Samaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorers.lnk [2017-11-30]
ShortcutTarget: explorers.lnk -> C:\Users\Sharul Sazman Samaan\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe ()
C:\Users\Sharul Sazman Samaan\AppData\Roaming\Kaspersky Internet Security 2017
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Sass Drake, here goes.

verdict?

What is current status of your system?

System working fine.

I tried 2 infected usb and format it. so far no trace of .bat symptom

Cool.

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

To the team, thanks so much.

i was wondering, as i have another pc also showing the symptom, does it also has to go the same procedure?.

that PC is my secondary, only for gaming thus far so not so much pressing for fix. I just have to avoid using usb

Open the new topic and post MBAM and FRST logs from that PC.