I Got LNK:Jenxcus-P [Trj] from my Flash Drive and it Won't go Away

Hello.

I have another (near) impossible to remove virus. You guys really saved me once before, it would be great if it could happen again. I got a very large number of viruses on my flash drive when I went to print out some important documents. It became immediately obvious that there were a huge number of viruses on the flash drive. After coming home I scanned it with MCShield, Avast, and Malwarebytes, all to no avail. I still constantly get spammed by Avast with 30 -40 notifications every time I open windows saying that it stopped the LNK:Jenxcus-P [Trj] from doing any thing. I ended up trying NPE.exe and Sophos Virus Removal Tool. This also did nothing.

This was about 2 weeks ago, and I desperately need help. I attached the necessary scans but without the MCShield scan as it was above the limit (also, the most recent scan shows nothing). Thanks a million in advance.

Omar

Did MCShield detect anything on your flash drive? … MCShield log must be copy and paste for us to read (some forum issue)

Wow…That was a fast reply.

Anyway, yes at one point, but not the most recent. I attached the file with all scans, you can find the scans that found something during the ones over the past two or three weeks.

Thanks

Could you resave MCShield as ANSI please :slight_smile:

Looking at the logs now

OK this should remove it, you may need to re-run MCShield

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-3626853727-3242187249-3999995082-1002\...\Run: [Google Chrome] => C:\GoogleChrome\WindowsUpdate.lnk [808 2015-07-31] () HKU\S-1-5-21-3626853727-3242187249-3999995082-1002\...\Run: [AdopeUpdate] => C:\GoogleChrome\GoogleUpdate.lnk HKU\S-1-5-21-3626853727-3242187249-3999995082-1002\...\Run: [AdopeFlash] => C:\GoogleChrome\GoogleChrome.exe [750320 2014-05-22] (AutoIt Team) HKLM-x32\...\Run: [] => [X] ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File 2015-07-09 09:40 - 2015-08-01 18:14 - 00000000 _RSHD C:\MozillaFirefox 2015-07-09 09:40 - 2015-08-01 18:14 - 00000000 _RSHD C:\GoogleChrome C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey CustomCLSID: HKU\S-1-5-21-3626853727-3242187249-3999995082-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Omar Eldahan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3626853727-3242187249-3999995082-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Omar Eldahan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3626853727-3242187249-3999995082-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Omar Eldahan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3626853727-3242187249-3999995082-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Omar Eldahan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File Task: {608B30FE-E47C-4805-B068-0CCE8B901E2D} - System32\Tasks\Baidu PC Faster Update => $szInstallingDir\Updater.exe RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Sure, it is attached.

Thanks you should be clean after running the FRST fix

Thanks a million! It made me restart the computer and when it came back, Avast didn’t pop up like it always does. One last thing, what do I do now about my flash drive?

Omar

If MCShield finds nothing it should be clean, or just reformat it

Any further problems

No. You guys be awesome ;D.

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme :wink:

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave: