Hello, I have a USB key infected with Jenxcus virus, Avast cannot repair my important files. How to fix my important files and clean my laptop and USB keys´
Hopping to get some help…
Hello, I have a USB key infected with Jenxcus virus, Avast cannot repair my important files. How to fix my important files and clean my laptop and USB keys´
Hopping to get some help…
follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan tool logs … 3 logs total
Then scroll down to SPECIFIC INFECTIONS LOGS … picture 5
follow MCShield instructions … this log you copy and paste here
MCShield log:
MCShield AllScans.txt <<<
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<
2015-06-16 09:02:50 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<
2015-06-16 09:40:47 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<
2015-06-16 15:34:11 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<
2015-06-16 16:09:38 > Drive G: - scan started (TravelDrive ~477 MB, FAT flash drive )…
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<
2015-06-16 16:09:51 > Drive H: - scan started (TIMMONS ~119 MB, FAT32 flash drive )…
=> The drive is clean.
I also attached Mbam and FRST logs thanks
Could you let me know what problems there are after this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\Run: [tmpEDED] => wscript.exe //B "C:\Users\Acer\AppData\Local\Temp\tmpEDED.tmp.vbe" <===== ATTENTION HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\Run: [125d3f6ae0a53efa91122391603b15de] => .. [0 2015-01-07] () HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: E - E:\LaunchU3.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: F - F:\laucher.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {22c52741-2ebd-11e4-aa44-9ff07268ff8e} - E:\Startme.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {3f318391-0f4f-11e4-bd66-df6986ed03fd} - E:\AutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {43ba7662-cf85-11e3-bd1f-02704e2b0701} - E:\AutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {4af1a086-26db-11e4-8b28-844bf559dca5} - F:\LaunchU3.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {4f79a77d-1e05-11e4-ba42-844bf559dca5} - E:\LGAutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {965e2d8c-11e9-11e4-8a8f-a3edd4bfdbd4} - E:\AutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {a187ad0d-d1c6-11e3-b50b-02509a230701} - E:\AutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {a187ad48-d1c6-11e3-b50b-02509a230701} - E:\AutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {a73d73ec-cee2-11e3-a29b-02704e280701} - E:\AutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {a73d7452-cee2-11e3-a29b-02704e280701} - E:\AutoRun.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {aa4d8658-9faa-11e2-be7e-ecbf90268189} - D:\SETUP.EXE HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {bd25373c-fc9c-11e4-a846-806e6f6e6963} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {c34be88c-db4e-11e2-8a2c-ecb73ccba681} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {cfc03ff5-0f40-11e4-ab5f-ad70573821fd} - F:\laucher.exe HKU\S-1-5-21-1201811183-624649827-1094862506-1000\...\MountPoints2: {e3b115e7-6316-11e2-8653-c28af77e69fe} - E:\unlock.exe autoplay=true ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File Toolbar: HKU\S-1-5-21-1201811183-624649827-1094862506-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File CHR Extension: (WhiteSmoke New) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2014-07-19] Task: {ADD9F329-4C77-49D3-95C0-E09D88D323A8} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe <==== ATTENTION C:\Users\Acer\AppData\Local\Temp\nsg2974.tmp C:\Users\Acer\AppData\Local\Temp\tmpEDED.tmp.vbe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Download Anti VBS/VBE to your desktop
[]download the appropriate version (32 bit or 64 bit) and double click the file to run it.
[]After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
[*]Post that report
Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run
fixlist content:
CreateRestorePoint:
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\Run: [tmpEDED] => wscript.exe //B “C:\Users\Acer\AppData\Local\Temp\tmpEDED.tmp.vbe” <===== ATTENTION
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\Run: [125d3f6ae0a53efa91122391603b15de] => … [0 2015-01-07] ()
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: E - E:\LaunchU3.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: F - F:\laucher.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {22c52741-2ebd-11e4-aa44-9ff07268ff8e} - E:\Startme.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {3f318391-0f4f-11e4-bd66-df6986ed03fd} - E:\AutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {43ba7662-cf85-11e3-bd1f-02704e2b0701} - E:\AutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {4af1a086-26db-11e4-8b28-844bf559dca5} - F:\LaunchU3.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {4f79a77d-1e05-11e4-ba42-844bf559dca5} - E:\LGAutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {965e2d8c-11e9-11e4-8a8f-a3edd4bfdbd4} - E:\AutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {a187ad0d-d1c6-11e3-b50b-02509a230701} - E:\AutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {a187ad48-d1c6-11e3-b50b-02509a230701} - E:\AutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {a73d73ec-cee2-11e3-a29b-02704e280701} - E:\AutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {a73d7452-cee2-11e3-a29b-02704e280701} - E:\AutoRun.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {aa4d8658-9faa-11e2-be7e-ecbf90268189} - D:\SETUP.EXE
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {bd25373c-fc9c-11e4-a846-806e6f6e6963} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {c34be88c-db4e-11e2-8a2c-ecb73ccba681} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {cfc03ff5-0f40-11e4-ab5f-ad70573821fd} - F:\laucher.exe
HKU\S-1-5-21-1201811183-624649827-1094862506-1000.…\MountPoints2: {e3b115e7-6316-11e2-8653-c28af77e69fe} - E:\unlock.exe autoplay=true
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
BHO: McAfee Phishing Filter → {27B4851A-3207-45A2-B947-BE8AFE6163AB} → c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO-x32: McAfee Phishing Filter → {27B4851A-3207-45A2-B947-BE8AFE6163AB} → c:\progra~1\mcafee\msk\mskapbho.dll No File
Toolbar: HKU\S-1-5-21-1201811183-624649827-1094862506-1000 → No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR Extension: (WhiteSmoke New) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2014-07-19]
Task: {ADD9F329-4C77-49D3-95C0-E09D88D323A8} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe <==== ATTENTION
C:\Users\Acer\AppData\Local\Temp\nsg2974.tmp
C:\Users\Acer\AppData\Local\Temp\tmpEDED.tmp.vbe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Restore point was successfully created.
HKU\S-1-5-21-1201811183-624649827-1094862506-1000\Software\Microsoft\Windows\CurrentVersion\Run\tmpEDED => value removed successfully
HKU\S-1-5-21-1201811183-624649827-1094862506-1000\Software\Microsoft\Windows\CurrentVersion\Run\125d3f6ae0a53efa91122391603b15de => value removed successfully
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E” => key removed successfully
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F” => key removed successfully
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{22c52741-2ebd-11e4-aa44-9ff07268ff8e}” => key removed successfully
HKCR\CLSID{22c52741-2ebd-11e4-aa44-9ff07268ff8e} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{3f318391-0f4f-11e4-bd66-df6986ed03fd}” => key removed successfully
HKCR\CLSID{3f318391-0f4f-11e4-bd66-df6986ed03fd} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{43ba7662-cf85-11e3-bd1f-02704e2b0701}” => key removed successfully
HKCR\CLSID{43ba7662-cf85-11e3-bd1f-02704e2b0701} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{4af1a086-26db-11e4-8b28-844bf559dca5}” => key removed successfully
HKCR\CLSID{4af1a086-26db-11e4-8b28-844bf559dca5} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{4f79a77d-1e05-11e4-ba42-844bf559dca5}” => key removed successfully
HKCR\CLSID{4f79a77d-1e05-11e4-ba42-844bf559dca5} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{965e2d8c-11e9-11e4-8a8f-a3edd4bfdbd4}” => key removed successfully
HKCR\CLSID{965e2d8c-11e9-11e4-8a8f-a3edd4bfdbd4} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{a187ad0d-d1c6-11e3-b50b-02509a230701}” => key removed successfully
HKCR\CLSID{a187ad0d-d1c6-11e3-b50b-02509a230701} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{a187ad48-d1c6-11e3-b50b-02509a230701}” => key removed successfully
HKCR\CLSID{a187ad48-d1c6-11e3-b50b-02509a230701} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{a73d73ec-cee2-11e3-a29b-02704e280701}” => key removed successfully
HKCR\CLSID{a73d73ec-cee2-11e3-a29b-02704e280701} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{a73d7452-cee2-11e3-a29b-02704e280701}” => key removed successfully
HKCR\CLSID{a73d7452-cee2-11e3-a29b-02704e280701} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{aa4d8658-9faa-11e2-be7e-ecbf90268189}” => key removed successfully
HKCR\CLSID{aa4d8658-9faa-11e2-be7e-ecbf90268189} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{bd25373c-fc9c-11e4-a846-806e6f6e6963}” => key removed successfully
HKCR\CLSID{bd25373c-fc9c-11e4-a846-806e6f6e6963} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{c34be88c-db4e-11e2-8a2c-ecb73ccba681}” => key removed successfully
HKCR\CLSID{c34be88c-db4e-11e2-8a2c-ecb73ccba681} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{cfc03ff5-0f40-11e4-ab5f-ad70573821fd}” => key removed successfully
HKCR\CLSID{cfc03ff5-0f40-11e4-ab5f-ad70573821fd} => key not found.
“HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{e3b115e7-6316-11e2-8653-c28af77e69fe}” => key removed successfully
HKCR\CLSID{e3b115e7-6316-11e2-8653-c28af77e69fe} => key not found.
“HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay” => key removed successfully
HKCR\CLSID{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{27B4851A-3207-45A2-B947-BE8AFE6163AB}” => key removed successfully
“HKCR\CLSID{27B4851A-3207-45A2-B947-BE8AFE6163AB}” => key removed successfully
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{27B4851A-3207-45A2-B947-BE8AFE6163AB}” => key removed successfully
“HKCR\Wow6432Node\CLSID{27B4851A-3207-45A2-B947-BE8AFE6163AB}” => key removed successfully
HKU\S-1-5-21-1201811183-624649827-1094862506-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi => moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{ADD9F329-4C77-49D3-95C0-E09D88D323A8}” => key removed successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{ADD9F329-4C77-49D3-95C0-E09D88D323A8}” => key removed successfully
C:\Windows\System32\Tasks\DefaultCheck => moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultCheck” => key removed successfully
C:\Users\Acer\AppData\Local\Temp\nsg2974.tmp => moved successfully.
“C:\Users\Acer\AppData\Local\Temp\tmpEDED.tmp.vbe” => File/Folder not found.
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
L’op‚ration a r‚ussi.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
L’op‚ration a r‚ussi.
========= End of Reg: =========
========= RemoveProxy: =========
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1201811183-624649827-1094862506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to cancel {FAC4B15F-77BF-47D4-955F-F12B3F219CC7}.
Unable to cancel {0C429932-92D4-4AAB-942C-EC312C72D70A}.
Unable to cancel {1A142CFE-06E3-4D81-9906-FB048493A3C9}.
Unable to cancel {B2430C9B-F2F3-43A2-B9D9-A6B2B96CC8AC}.
Unable to cancel {40291676-8CD2-4A46-8C45-49CFD145426B}.
Unable to cancel {B7263E93-100C-47EC-9BF4-E1A7AEC897EE}.
Unable to cancel {6933CBE8-1C8F-4CEC-B0DA-3F3201038148}.
Unable to cancel {E7760FE2-13E2-40C1-B9E4-51FF2093F9F3}.
Unable to cancel {D2F8EA5F-8BE2-4C6B-B497-9B55A7D88F9F}.
Unable to cancel {50A7F1F0-DDDA-4A08-BA94-7D7A4FEE776D}.
Unable to cancel {679BF0AC-4AD9-4082-818A-084279471966}.
Unable to cancel {C743721B-44A7-43E4-9B16-3FE721A6F63E}.
Unable to cancel {314D103B-C5D5-4005-9A3E-BD7D8282F68B}.
Unable to cancel {04A08A5B-68B5-4A7C-B824-87797B1F5845}.
Unable to cancel {E9FC448B-FF35-45D6-BF0C-63BCAA478624}.
Unable to cancel {625AF100-ABCC-4EB1-8153-69D32C3B2BD2}.
Unable to cancel {49D5B285-277C-4DD8-B3F1-2CF6FE52B78B}.
Unable to cancel {D06FA3A5-A777-4D28-A2FD-A35493A646B7}.
Unable to cancel {439B6847-939C-46A1-9DC4-34DF894BFE92}.
Unable to cancel {B6B75B8C-B8A5-4676-BFC9-671CB17C1668}.
{CEB6FD5C-2DB6-431E-A10A-571D31F206BB} canceled.
{024D42FC-75A1-48E7-A155-8AB321B8DCC0} canceled.
{20F9BFB9-B37B-4BAB-B646-E8939E84163D} canceled.
{CB635E9A-1B92-4991-A115-35A0C4C1B0EC} canceled.
{5ACF5DE3-BC3C-4750-B87D-CC9136015194} canceled.
{EB71AB5B-303A-41D1-9A65-E9FAE685A019} canceled.
{7639889E-408A-4797-B145-4EAA5B022D0D} canceled.
7 out of 27 jobs canceled.
========= End of CMD: =========
EmptyTemp: => 21.9 GB temporary data Removed.
The system needed a reboot…
==== End of Fixlog 19:20:04 ====
Running fix at 2015-06-16 19:37:29
Fix finished at 2015-06-16 19:37:34
Anti-VBS/VBE, build 11
http://www.mcshield.net/download/tools/Anti-VBSVBE/
Could you now run a fresh FRST scan please and let me know what problems you are having
Avast still detects the virus on my USB key, i want to get rid of it without loosing my files.
Does MCShield not detect this ?
MCShield is not detecting it here are the logs…
MCShield AllScans.txt <<<
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<
2015-06-16 09:02:50 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<
2015-06-16 09:40:47 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<
2015-06-16 15:34:11 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<
2015-06-16 16:09:38 > Drive G: - scan started (TravelDrive ~477 MB, FAT flash drive )…
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2014.4.12.1 / Windows 7 <<<
2015-06-16 16:09:51 > Drive H: - scan started (TIMMONS ~119 MB, FAT32 flash drive )…
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2015.6.7.1 / Windows 7 <<<
2015-06-16 19:22:39 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…
=> The drive is clean.
2015-06-16 19:22:39 > Drive G: - scan started (TravelDrive ~477 MB, FAT flash drive )…
=> The drive is clean.
2015-06-16 19:22:41 > Drive H: - scan started (TIMMONS ~119 MB, FAT32 flash drive )…
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2015.6.7.1 / Windows 7 <<<
2015-06-16 19:56:43 > Drive H: - scan started (TIMMONS ~119 MB, FAT32 flash drive )…
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2015.6.7.1 / Windows 7 <<<
2015-06-16 22:48:18 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…
=> The drive is clean.
2015-06-16 22:48:18 > Drive G: - scan started (TravelDrive ~477 MB, FAT flash drive )…
=> The drive is clean.
2015-06-16 22:48:22 > Drive H: - scan started (TIMMONS ~119 MB, FAT32 flash drive )…
=> The drive is clean.
What is the file name on the flash drive ?
Also do you have MCShield set to show hidden files
I have MCShield set to unhide items on flash drive but it does detect it. Avast detects in drive G:
LNK:Jenxcus-M[Trj] G:\Guité\Guité.Ink, trashes.Ink, C.Ink, $RECYCLEBIN.Ink
LNK:Jenxcus-L[Trj] G:\Skypee\Google.nk
VBS:Runner-IW[Trj] G:$RECYCLEBIN\VIc.rar|>[embedded:MSEncoded]
Other:Malware-gen[Trj] G:\Skypee\googleupdate.a3x
In drive H:
Other:Malware-gen[Trj] H:\Skypee\googleupdate.a3x
MCShield should delete those
Then in the control centre select scanner and tick unhide items on flash drives
Hello essexboy, i already did that and posted logs above,MCShield does not detect them. Will run it again and post logs below.
I also want to fix those files and not delete them. Thanks for your help.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2015.6.7.1 / Windows 7 <<<
2015-06-18 00:11:43 > Drive C: - scan started (ACER ~596 GB, NTFS HDD )…
=> The drive is clean.
2015-06-18 00:11:46 > Drive G: - scan started (TravelDrive ~477 MB, FAT flash drive )…
=> The drive is clean.
2015-06-18 00:11:53 > Drive H: - scan started (TIMMONS ~119 MB, FAT32 flash drive )…
=> The drive is clean.
I rebooted computer, did another scan. This time Avast logs shows me only; Googleupdate.a3x and $Recyclebin on drive G: and H:
So i put those in quarantaine since no file i needed seems to be infected anymore. Also Jenxcus does not show up on scan. Problem seems to be fixed. I will do a reboot scan with avast to see if it detects anything.
Let me know please as deletion of those folders should clear the problem
Did a reboot scan, and it shows no virus. I opened the travel drives and those files are still there but not infected according to avast.
I will delete them because they are not needed…
Thanks…
Yes delete them as they contain additional files for the malware