system
November 30, 2017, 7:28am
1
Hi all,
Newcomer here
I think my laptop has been infected by this .bat virus/Trojan.
It has affected by USB drives.
while I manage to save the USB drives, problem still persist the moment I inserted usb drives in my laptop.
installed avast free and subscribed to avast cleanup to no avail.
need assistance to get rid this virus from my laptop.
Asyn
November 30, 2017, 7:35am
2
Attach your basic diagnostic logs. (MBAM, FRST and MCShield)
Instructions: https://forum.avast.com/index.php?topic=194892
system
November 30, 2017, 9:16am
3
Hi,
Attached are files required. took a bit of time to respond.
Pondus
November 30, 2017, 9:28am
5
MCShield log must be copy an paste here og it wil look like chinese
It may take some hours before malware experts are online
system
November 30, 2017, 9:32am
6
Thanks Pondus.
here goes.
MCShield AllScans.txt <<<
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
30/11/2017 5:19:08 PM > Drive C: - scan started (Windows8_OS ~426 GB, NTFS HDD )…
=> The drive is clean.
30/11/2017 5:19:09 PM > Drive D: - scan started (LENOVO ~25 GB, NTFS HDD )…
=> The drive is clean.
30/11/2017 5:19:10 PM > Drive E: - scan started (no label ~3846 MB, FAT32 flash drive )…
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
30/11/2017 5:19:47 PM > Drive E: - scan started (no label ~3846 MB, FAT32 flash drive )…
=> The drive is clean.
Open Notepad (click Start button → type notepad.exe → press Enter )
Copy text from code block below and paste it into Notepad
IFEO\appvlp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\googleearth.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iumsvc.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lenovo.harmonypicks.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lenovo.harmonysetting.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msouc.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\netcamstudio.client.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\netcamstudiox.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenotem.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\setlang.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
VirusTotal: C:\Users\Sharul Sazman Samaan\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe
Startup: C:\Users\Sharul Sazman Samaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorers.lnk [2017-11-30]
ShortcutTarget: explorers.lnk -> C:\Users\Sharul Sazman Samaan\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe ()
C:\Users\Sharul Sazman Samaan\AppData\Roaming\Kaspersky Internet Security 2017
Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
What is current status of your system?
system
December 3, 2017, 10:51am
10
System working fine.
I tried 2 infected usb and format it. so far no trace of .bat symptom
Cool.
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
system
December 3, 2017, 12:33pm
12
To the team, thanks so much.
i was wondering, as i have another pc also showing the symptom, does it also has to go the same procedure?.
that PC is my secondary, only for gaming thus far so not so much pressing for fix. I just have to avoid using usb
Open the new topic and post MBAM and FRST logs from that PC.