infected usb

My flash drive has got infected, whenever i insert into my shop’s pc all its files and folders get transferred to a hidden folder who has no name.
i plug that flash drive again into my laptop and transfer all the files and folders from that no name folder to the root . but again as soon as i plug that flash drive again into my shop’s pc all the files are gone and a shortcut is created with label name of my pen drive.
please help me as soon as possible as the flash drive contains all my accounting files

Hi,

Please download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

* When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.

----- next -----

Check USB storage devices / removable drives

Download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.

When all scanning is done, you need to attach a logreport that has made MCShield.

Start → All Programs → MCShield → Logs

Attach here → AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

please find attached the three files u demanded

  1. allscans
  2. attach
  3. dds
    awaiting your prompt reply
    thank you

From Control Panel > Add or Remove programs, you need to uninstall the Ask Toolbar

THEN…

Please download zoek.zip (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

createsrpoint;
Ask Toolbar;u
{00000000-6E41-4FD3-8538-502F5495E5FC};c
c:\program files\ask.com;fs
{D4027C7F-154A-4066-A1AD-4243D8127440};c
StandardSearch;
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run];r
"58436"=-;r
emptytemp;
c:\docume~1\alluse~1\locals~1\temp\ccybtrycw.pif
installer-list;
installedprogs;
uninstall-list;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

----- next -----

Re-run DDS and attach here fresh DDS.txt logreport.

first of all i was not able to uninstall ask toolbar as it was not there in add remove list.
next i ran what you told and the reports are attached.

Please download TFC by OldTimer to your desktop

[*]Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

----- next -----

Re-run Zoek as you did before with this script;


emptyclsid;
Ask Toolbar;u
C:\DOCUME~1\abc\LOCALS~1\Temp\vfoyhqmvfoyhqmvfoyhdmvfoyhdmvfox.com;f
C:\Program Files\Ask.com;fs
{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E};c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run];r
"58436"=-;r
c:\docume~1\alluse~1\locals~1\temp\*.pif
FFdefaults;
chrdefaults;
shortcutfix;
resetIEproxy;
netsh int ip reset >> %temp%\log.txt;b
ipconfig /flushdns >> %temp%\log.txt;b
emptyalltemp;
autoclean;

Whait for zoek to finish and then post here fresh created zoek log.

----- next -----

Re-run DDS and attach here fresh created DDS log

i did as u said
the files u demanded are attached.
would like to bring to your notice
whenever i try to restart or shut down the system a dialog showing “WMS idle” not responding appears for which i have to press end now button for shutting down of p.c
and when i boot the pc it tells one of my drive needs to be checked for consistency and then it runs a scandisk on d:

let me know what should i do next
thank you

We need to use more powerfull tool for that fix:

  1. Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  1. Open notepad and copy/paste the text present inside the code box below.
    To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

REG: reg delete HKLM\software\microsoft\windows\Currentversion\policies\explorer\Run /v 58436 /f
c:\docume~1\alluse~1\locals~1\temp\ccybtrycw.pif
File: d:\dynamic\appsrv\apptranssrv.exe
  1. Save notepad as fixlist.txt
    NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  2. Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

[color=#008000]Note: If the tool warned you about the outdated version please download and run the updated version.

----- next -----

Re-run DDS and attach here fresh created DDS.txt logreport.

----- next -----

Re-run FRST and preform scanning…

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

whenever i try to restart or shut down the system a dialog showing "WMS idle" not responding appears for which i have to press end now button for shutting down of p.c and when i boot the pc it tells one of my drive needs to be checked for consistency and then it runs a scandisk on d:

Start > Run > cmd type:

chkdsk d:/r

please find 4(of 5) files attached as per your previous post

please find 5th(last) file attached here.
also meanwhile my chkdsk d:/r is on the run, if there are any issues in that will let you know

Please run this FRST Script (create fixlist.txt) as you didi before and post me fixlog.txt here:

UNLOCK: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
REG: reg delete HKLM\software\microsoft\windows\Currentversion\policies\explorer\Run /v 58436 /f
c:\docume~1\alluse~1\locals~1\temp\ccybtrycw.pif

please find attached fixlog.txt.

Good. Please attach fresh DDS.txt and FRST.txt logreports. :slight_smile:

please find attached files u demanded.
looks like things are on track
thanks :slight_smile:

:slight_smile:

  1. Open notepad and copy/paste the text present inside the code box below.
    To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

START
HKLM\...\Run: [ApnUpdater] - "C:\Program Files\Ask.com\Updater\Updater.exe" [x]
C:\Program Files\Ask.com
MountPoints2: {3af0f57a-ccef-11e2-a992-001cc0e58784} - H:\AutoRun.exe
MountPoints2: {3af0f57c-ccef-11e2-a992-001cc0e58784} - H:\AutoRun.exe
H:\AutoRun.exe
CMD: attrib /d /s -s -h H:\*
END
  1. Save notepad as fixlist.txt
    NOTE. It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  2. Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

[color=#008000]Note: If the tool warned you about the outdated version please download and run the updated version.

please find attached fixlog.txt

Looks good. Let’s re-check with the other point of view.

Please download zoek.zip (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

createsrpoint;
StandardSearch;
installer-list;
installedprogs;
uninstall-list;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

the file is attached
let me know if the issue has been resolved
thanks :slight_smile:

Can you re-run zoek just with this script and post me fresh zoek log?

StandardSearch;