Location: cmd ( C:\windows\system32) kind of shortcut virus on usb. PLEASE help.

i noticed some time ago that i cannot retrieve files from my usb. it says they are chortcut files. i cannot delete files, they reappear. tried formatting but there are always those two exe. files that wont dissapear from usb.

my copy paste option for documents is not functioning as well cant copy paste docs from desktop on usb, only drag and drop (maybe its related to the virus, dont know :s )

would someone be as kind to help me manage this problem please? i have my exams to prepare now, don’t know how to deal with this :-[

thank you in advance

Hi, your PC is infected and that is the reason why USB get’s infected all the times.

We will first clean your system, and then we’ll move on cleaning USB. Now I need you to take out USB and do not use it until I tell you so, this should stop reinfecting.

Step 1.

Please download Anti-VBSVBEx64.exe on your Desktop

[*]Double click to run the tool and wait until it finishes.
[*]It will make a log named Anti-VBSVBE.txt. Please attach it to your reply.

================================================================

Step 2.

Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Good morning :slight_smile: and thanks for your quick reply.

I followed all steps and attached the txt files you listed above. Hopefully to finish this with success.

Step 1.

Download attached fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Step 2.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.

Step 3.

Re-run FRST and attach fresh report…

TwinHeaded Eagle, i must tell you now i also read your previous instructions concerning other people usb and pc infected and did some actions i might better havent done. :s

i did the scan and clean with the Adwcleaner and today when i saw your reply with other apps i deleted that permanently.

what should i do ?

Follow my last instructions…

Do not search other threads, every person and every case is for itself…

ok than here is the fresh report from FRST i just got after finishing another scan and clean with AdxCleaner following the steps.

i added “fresh report” to the name so i can know which file is the new one :slight_smile:

Follow my instructions word by word. There are three steps and you need to attach three reports…

Got it. i attached the FRST fresh report and Fixlog.txt.
When it comes to AdwCleaner txt i didnt know which one (the one i got with the scan and clean from yesterday or the one i did this morning ) so i attached them both :confused:

is it ok now?

  1. Please download ComboFix by sUBs from here and save it to your Desktop.
    If you are unsure how ComboFix works please read this guide carefully.
    note: ComboFix must be downloaded to your Desktop.

  1. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.


  1. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.


  1. When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
    Attach log reports ( ComboFix.txt) back to topic.

Done. I only got one ComboFix log report. Should i now enable the antivirus programme?

Good, PC seems clean now…

Re-run FRST once more, press Scan and attach fresh report…

Attached it.

Good, now we will clean your USB

Check USB storage devices / removable drives

Download MCShield from one of the following links:

MyCity - Official download link
Softpedia - Mirror download link

[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.

When all scanning is done, you need to attach a logreport that MCShield has created.

Start → All Programs → MCShield → Logs

Attach here → AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

gotta go to classes :-[… will finish this tonight and reply

thanks a lot for you helping me

Hi again

Did the usb scan on one of my usb sticks and attached the scan log file. Should i do the same with the other 2 ?

And another question: Should i delete all the malware removal tools once the virus is successfully removed or should i leave them in my pc?

Yes, please scan all your USB devices and attach all scans report…

We’ll clean the tools later…

here are all four scan logs…

Ok, you’re clean now. How is the situation now?

i’ve just open usb drive to see the two files still there, the VBScrip Script File and the other executable file :s but then i tried to format usb and now it seems fine :slight_smile: i repeted the same action with other usb drives just to make sure there is nothing left. the copy paste option is working as well :slight_smile: i appreciate your help.

thanks to you everything is functioning normal now.

you are genius :-*

only if you could give me some further recommendations… :slight_smile: