Help please! Shortcut virus

Viruses and worms
1

Hi, I have the shortcut virus on my laptop. I have the same problem as in this topic ( https://forum.avast.com/index.php?topic=138715.0 ) so I followed all the instructions starting with Adwcleaner then GMER then Farbar Recovery Scan Tool. But I’m now stuck with the fixlist as it’s specific for everyone.

Can anybody help me create this fixlist? I’ve attached everything.

Thanks in advance!

2

Removal experts are notified

3

Monitoring.

4

Step 1.

Please download Anti-VBSVBEx64.exe on your Desktop

[*]Double click to run the tool and wait until it finishes.
[*]It will make a log named Anti-VBSVBE.txt. Please attach it to your reply.

.

Step 2.

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Start
HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\Run: [Win-Update] => C:\Windows\win-update.exe
C:\Windows\win-update.exe
HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-28] (Google Inc.)
HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\MountPoints2: {9b8ce725-cef0-11e1-8f5e-441ea1da1c21} - G:\AutoRun.exe
HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\MountPoints2: {a8eca616-cedd-11e1-9604-3859f9eba1b4} - G:\AutoRun.exe
HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\MountPoints2: {a8eca627-cedd-11e1-9604-3859f9eba1b4} - G:\AutoRun.exe
HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\MountPoints2: {a8eca68c-cedd-11e1-9604-001e101f50a4} - G:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\Run: [zADs.exe] => C:\Users\user\AppData\Roaming\zADs.exe [56320 2014-04-23] ()
HKU\S-1-5-21-3465869317-3857268257-4292628261-1000\...\Run: [zAD.exe] => C:\Users\user\AppData\Roaming\zAD.exe [56832 2014-05-17] ()
C:\Users\user\AppData\Roaming\zADs.exe
C:\Users\user\AppData\Roaming\zAD.exe
HKLM-x32\...\Run: [Yahoo Messenger] => [X]
Task: {16D48B3A-3C0C-4254-A30B-EE20481749B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3465869317-3857268257-4292628261-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.)
Task: {513A382A-3F86-4540-9CFA-922E182F4E44} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3465869317-3857268257-4292628261-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3465869317-3857268257-4292628261-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3465869317-3857268257-4292628261-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (ExoSStriaCoupioan) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgnkpmjephlnglnlcpbkajnnabdeblk [2014-02-28]
S2 ef0abbff; c:\ProgramData\TurboNet\TurboNetSvc.dll [180560 2013-12-28] () [File not signed]
c:\ProgramData\TurboNet\TurboNetSvc.dll
U3 kwldapob; \??\C:\Users\user\AppData\Local\Temp\kwldapob.sys [X]
C:\Users\user\AppData\Local\Temp\KMP_3.9.0.124.exe
C:\Users\user\AppData\Local\Temp\KMP_3.9.0.125.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
.

Step 3.

Please download MCShield from one of the following links:

MCShield -Official download link

[*]Double click on MCShield-Setup to install the application.
Next => I Agree => Next => Install … per installation click on Run! button.
[]Wait a few seconds to MCShield finish initial HDD scan…
[]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
[*]When all scanning is done, you need to post a logreport that MCShield has created.

Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.

=> Post here AllScanst.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

5

Hi, I’m sorry but when I downloaded it (the first one) and attempted to run it, it said "This version of the program is not compatible with your operating system. Please, download and run the 64 bit version.

6

Download here http://www.mcshield.net/download/tools/Anti-VBSVBE/

7

Thank you so much for your help, I really appreciate it. The virus is removed. Thanks again!

I’ve attached everything, except for the fixlog I can’t attach it as I have accidently removed it. Sorry!

8
I've attached everything, except for the fixlog I can't attach it as I have accidently removed it. Sorry!
then run a new FRST scan and attach log ...as you did in first post, then argus can see if the fix worked
9

You must record log in ansi