My computer (and external hard drives) are infected by Shortcut virus, need help

Viruses and worms
1

Hello community,

A few days ago my computer got infected by the “shortcut virus”. I first noticed when opening my USB pen drive. I would open it by double clicking on its icon and a shortcut would show. At the time I didn’t know it was a virus, so I clicked on the shortcut.
Also I connected 2 different external hard drives and a SD card that I suspect are infected too by now.

Yesterday I did some research about this problem and found out many other people had the same problem/virus. I have seen similar posts on this forum, could someone help me remove this virus from my computer/peripherals?

Thank you for your help!

Ronny.

2

Monitoring

3

follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs … 3 logs total

also scroll down to SPECIFIC INFECTIONS LOGS … picture Nr #5
run MCShield as instructed … this log you copy and paste

TwinHeadedEagle will assist you when done

4

aswMBR log:

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-05-30 00:30:50

00:30:50.718 OS Version: Windows x64 6.1.7601 Service Pack 1
00:30:50.718 Number of processors: 8 586 0x3A09
00:30:50.720 ComputerName: RONNY-PC UserName: Ronny
00:30:51.542 Initialze error C000010E - driver not loaded
00:30:54.547 AVAST engine defs: 15052901
00:30:59.503 Service scanning
00:31:24.607 Modules scanning
00:31:24.615 Disk 0 trace - called modules:
00:31:24.619
00:31:26.780 AVAST engine scan C:\Windows
00:31:30.503 AVAST engine scan C:\Windows\system32
00:34:03.317 AVAST engine scan C:\Windows\system32\drivers
00:34:20.956 AVAST engine scan C:\Users\Ronny
00:51:26.606 The log file has been saved successfully to “C:\Users\Ronny\Desktop\Cure from Shortcut Virus\aswMBR.txt”

→ 3 other logs in attachment

5

sorry the aswMBR log was not complete, here is the complete one:

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-05-30 00:30:50

00:30:50.718 OS Version: Windows x64 6.1.7601 Service Pack 1
00:30:50.718 Number of processors: 8 586 0x3A09
00:30:50.720 ComputerName: RONNY-PC UserName: Ronny
00:30:51.542 Initialze error C000010E - driver not loaded
00:30:54.547 AVAST engine defs: 15052901
00:30:59.503 Service scanning
00:31:24.607 Modules scanning
00:31:24.615 Disk 0 trace - called modules:
00:31:24.619
00:31:26.780 AVAST engine scan C:\Windows
00:31:30.503 AVAST engine scan C:\Windows\system32
00:34:03.317 AVAST engine scan C:\Windows\system32\drivers
00:34:20.956 AVAST engine scan C:\Users\Ronny
00:51:26.606 The log file has been saved successfully to “C:\Users\Ronny\Desktop\Cure from Shortcut Virus\aswMBR.txt”

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-05-30 00:30:50

00:30:50.718 OS Version: Windows x64 6.1.7601 Service Pack 1
00:30:50.718 Number of processors: 8 586 0x3A09
00:30:50.720 ComputerName: RONNY-PC UserName: Ronny
00:30:51.542 Initialze error C000010E - driver not loaded
00:30:54.547 AVAST engine defs: 15052901
00:30:59.503 Service scanning
00:31:24.607 Modules scanning
00:31:24.615 Disk 0 trace - called modules:
00:31:24.619
00:31:26.780 AVAST engine scan C:\Windows
00:31:30.503 AVAST engine scan C:\Windows\system32
00:34:03.317 AVAST engine scan C:\Windows\system32\drivers
00:34:20.956 AVAST engine scan C:\Users\Ronny
00:51:26.606 The log file has been saved successfully to “C:\Users\Ronny\Desktop\Cure from Shortcut Virus\aswMBR.txt”
01:06:31.495 AVAST engine scan C:\ProgramData
01:09:29.389 Scan finished successfully
01:10:51.085 The log file has been saved successfully to “C:\Users\Ronny\Desktop\Cure from Shortcut Virus\aswMBR.txt”

6

Please download MCShield from one of the following links:

MCShield -Official download link

[*]Double click on MCShield-Setup to install the application.
Next => I Agree => Next => Install … per installation click on Run! button.
[]Wait a few seconds to MCShield finish initial HDD scan…
[]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
[*]When all scanning is done, you need to post a logreport that MCShield has created.

Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.

=> Post here AllScanst.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

7

MCShield logs in attachment.

One question, can this virus infect a Macbook Pro?
My gf has a mac and we shared some usb HHD, should she be concerned about this virus?

Thanks

8

I don’t think this virus can work on MAC. How is your PC behaving now, you were infected with worm.

9

You appear to be running Avira, Avast! and remnants of McAfee. Chose either Avast! or Avira to keep an remove the other.

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe

If you have anything else, remove it. MBAM can be paired with any other Anti-Virus, same with MCShield.

10

TwinHeadedEagle, my computer seems to be running normal now.
I think all my USB peripherals are clean too.

Thank you so much for your help!

Michael, I uninstalled what was left of McAfee and Avira to keep Avast!.
Thanks.

11

MCShield log is not readable … that is why i said copy and paste

Opened with Android / Opera

>>> MCShield AllScans.txt <<<

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:37:36 > Drive C: - scan started (OS ~279 GB, NTFS HDD )…

=> The drive is clean.

30/05/2015 23:37:36 > Drive D: - scan started (VIDEO_1 ~394 GB, NTFS HDD )…

=> The drive is clean.

30/05/2015 23:37:36 > Drive E: - scan started (VIDEO_2 ~349 GB, NTFS HDD )…

=> The drive is clean.

30/05/2015 23:37:37 > Drive F: - scan started (SDATA2 ~349 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:39:54 > Drive K: - scan started (EOS_DIGITAL ~30627 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:40:34 > Drive K: - scan started (H2N_SD ~3815 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:41:12 > Drive K: - scan started (EOS_DIGITAL ~30627 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:42:05 > Drive J: - scan started (no label ~7711 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:42:48 > Drive I: - scan started (WD 1To Gris ~931 GB, exFAT HDD )…

I:$RECYCLE.BIN$IB15XCT.003 - Malware > Deleted. (15.05.30. 23.42 $IB15XCT.003.180325; MD5: b01a20f17790d24599336df4161591bf)

I:$RECYCLE.BIN$IBS4LR0.000 - Malware > Deleted. (15.05.30. 23.42 $IBS4LR0.000.238411; MD5: 56fe539aaf13222e7fe28844b854d796)

I:$RECYCLE.BIN$IU7ZA8T.001 - Malware > Deleted. (15.05.30. 23.42 $IU7ZA8T.001.1836; MD5: 97300ca85128765d0d3ee73f92d1fa96)

I:$RECYCLE.BIN$IVARS8O.002 - Malware > Deleted. (15.05.30. 23.42 $IVARS8O.002.865887; MD5: 6c387a5bd67abaf539bbd2087497f7d1)

=> Malicious files : 4/4 deleted.

::::: Scan duration: 1sec ::::::::::::::::::

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:45:44 > Drive L: - scan started (INTENSO ~931 GB, exFAT HDD )…

L:$RECYCLE.BIN$IQTTO65.jpg - Malware > Deleted. (15.05.30. 23.45 $IQTTO65.jpg.601605; MD5: 508abee20017276f1755d01e622e053b)

L:$RECYCLE.BIN$IOO6SQI.jpg - Malware > Deleted. (15.05.30. 23.45 $IOO6SQI.jpg.174537; MD5: 1367a7bea64804b8a5e13398bef4bf98)

L:$RECYCLE.BIN$IFLTWTB.jpg - Malware > Deleted. (15.05.30. 23.45 $IFLTWTB.jpg.360799; MD5: a514d730cb661acf228f311fe4d30594)

L:$RECYCLE.BIN$IUPDKFU.jpg - Malware > Deleted. (15.05.30. 23.45 $IUPDKFU.jpg.414730; MD5: 173b33c8049135a21fc87885328b1e64)

L:$RECYCLE.BIN$IOVRV62.jpg - Malware > Deleted. (15.05.30. 23.45 $IOVRV62.jpg.619316; MD5: c4d7c34d091d91c04eaf45a3faf756ba)

L:$RECYCLE.BIN$IFA4FVR.jpg - Malware > Deleted. (15.05.30. 23.45 $IFA4FVR.jpg.566412; MD5: 041fa3a783dfad2b9d3eec46a670146d)

L:$RECYCLE.BIN$I0ARP1U.jpg - Malware > Deleted. (15.05.30. 23.45 $I0ARP1U.jpg.754817; MD5: fd31a9e55c2975f5d0a791e6b0428819)

L:$RECYCLE.BIN$I4MQDX6.jpg - Malware > Deleted. (15.05.30. 23.45 $I4MQDX6.jpg.360241; MD5: ede2e52d519301e8b78c4004898a6937)

L:$RECYCLE.BIN$I91VQBO.jpg - Malware > Deleted. (15.05.30. 23.45 $I91VQBO.jpg.681983; MD5: 53ee5d83cf478f56215cff1e50782fbe)

L:$RECYCLE.BIN$ICCDTE9.jpg - Malware > Deleted. (15.05.30. 23.45 $ICCDTE9.jpg.596718; MD5: 10c0d7bd01453141a2ae3f4c9c5f3a70)

L:$RECYCLE.BIN$IJ8VXKY.jpg - Malware > Deleted. (15.05.30. 23.45 $IJ8VXKY.jpg.6840; MD5: b2c11a705c300480cc1ee5fea6f2ccfe)

L:$RECYCLE.BIN$I1LE6W9.jpg - Malware > Deleted. (15.05.30. 23.45 $I1LE6W9.jpg.681535; MD5: ae57f07187208f8d3f0f02422171dc19)

L:$RECYCLE.BIN$IMQC5FX.jpg - Malware > Deleted. (15.05.30. 23.45 $IMQC5FX.jpg.63974; MD5: 05f387ecb3108077b6184bbb1b9863b8)

L:$RECYCLE.BIN$IUEH6BP.jpg - Malware > Deleted. (15.05.30. 23.45 $IUEH6BP.jpg.152541; MD5: 73c429b2edd71e74fca8700ef046da40)

L:$RECYCLE.BIN$IOXBXAN.jpg - Malware > Deleted. (15.05.30. 23.45 $IOXBXAN.jpg.49958; MD5: 2ce614338b04ed3215a58640771e4128)

L:$RECYCLE.BIN$IMDQSS6.jpg - Malware > Deleted. (15.05.30. 23.45 $IMDQSS6.jpg.731606; MD5: 2f9ccf5cecd5e39664c6b8e05ddca0e2)

L:$RECYCLE.BIN$I4I2FJ5.jpg - Malware > Deleted. (15.05.30. 23.45 $I4I2FJ5.jpg.296449; MD5: 4d1da66e1be9233e92272307b95f81eb)

L:$RECYCLE.BIN$IEJ62Q2.jpg - Malware > Deleted. (15.05.30. 23.45 $IEJ62Q2.jpg.287408; MD5: 9ef16093f0c92abcfbb8b16990e17715)

L:$RECYCLE.BIN$I8D1EV7.jpg - Malware > Deleted. (15.05.30. 23.45 $I8D1EV7.jpg.680910; MD5: bacdfcecf03d6f6638161f5c4d50a236)

L:$RECYCLE.BIN$IN6PET7.jpg - Malware > Deleted. (15.05.30. 23.45 $IN6PET7.jpg.166250; MD5: af4fb90d56cad2e03a23e683fa7d02f4)

L:$RECYCLE.BIN$IW01AVB.jpg - Malware > Deleted. (15.05.30. 23.45 $IW01AVB.jpg.788861; MD5: 53652061ab51b6158be25aa13d590505)

L:$RECYCLE.BIN$I16WCZY.jpg - Malware > Deleted. (15.05.30. 23.45 $I16WCZY.jpg.950721; MD5: 8cfc40f54b8da99b777b3232d71fb2c1)

L:$RECYCLE.BIN$IGKF5VV.jpg - Malware > Deleted. (15.05.30. 23.45 $IGKF5VV.jpg.557151; MD5: f99f6ca778ea414e2560f9d84ebac733)

L:$RECYCLE.BIN$IKJ8KNJ.jpg - Malware > Deleted. (15.05.30. 23.45 $IKJ8KNJ.jpg.363958; MD5: 6efbbdedcaececce7bd29851c37ae2bc)

L:$RECYCLE.BIN$I7JAOVP.jpg - Malware > Deleted. (15.05.30. 23.45 $I7JAOVP.jpg.654125; MD5: 4b5451f783633627c693b2592ffb5fb4)

L:$RECYCLE.BIN$IB9CZQY.jpg - Malware > Deleted. (15.05.30. 23.45 $IB9CZQY.jpg.518045; MD5: 8b56b0612e72809683b277b83b4a1f60)

L:$RECYCLE.BIN$ISA5LFK.jpg - Malware > Deleted. (15.05.30. 23.45 $ISA5LFK.jpg.362504; MD5: f9ec8ca5c49cb01c53173224fb91bece)

L:$RECYCLE.BIN$IWATO6S.jpg - Malware > Deleted. (15.05.30. 23.45 $IWATO6S.jpg.438913; MD5: b527b3a55fbb01ac6638b08dcd5ff05f)

L:$RECYCLE.BIN$IECQOIS.jpg - Malware > Deleted. (15.05.30. 23.45 $IECQOIS.jpg.832854; MD5: 965bd48b9637068809bf9b39b4bec723)

L:$RECYCLE.BIN$ID0CMSZ.jpg - Malware > Deleted. (15.05.30. 23.45 $ID0CMSZ.jpg.883987; MD5: 3743b1613a9e5955f90864f547a12b46)

L:$RECYCLE.BIN$I4RMA1L.jpg - Malware > Deleted. (15.05.30. 23.45 $I4RMA1L.jpg.462080; MD5: 3077d8a6643ef71c8226d0434a697fc6)

L:$RECYCLE.BIN$IP9RH84.jpg - Malware > Deleted. (15.05.30. 23.45 $IP9RH84.jpg.607759; MD5: 1c2e55aa472ed3275830da8713e6809c)

L:$RECYCLE.BIN$IG5E7H5.jpg - Malware > Deleted. (15.05.30. 23.45 $IG5E7H5.jpg.262732; MD5: 74b1b2accc5d930ca61df7e545630a6a)

L:$RECYCLE.BIN$IAM3ZZ1.jpg - Malware > Deleted. (15.05.30. 23.45 $IAM3ZZ1.jpg.202875; MD5: f846bfb2fd5fd8bec2f530704b289d4d)

L:$RECYCLE.BIN$IRDSJI7.jpg - Malware > Deleted. (15.05.30. 23.45 $IRDSJI7.jpg.21926; MD5: 961f2e36b0507f38ee09dd99b08b35d3)

L:$RECYCLE.BIN$IUM6UEJ.jpg - Malware > Deleted. (15.05.30. 23.45 $IUM6UEJ.jpg.177489; MD5: 41cbcef129ab2edc6c9cf1527670c8ff)

L:$RECYCLE.BIN$I11CLMC.jpg - Malware > Deleted. (15.05.30. 23.45 $I11CLMC.jpg.14863; MD5: a587bf7df9d87b683d947daef1d65a72)

L:$RECYCLE.BIN$IIQGY2S.jpg - Malware > Deleted. (15.05.30. 23.45 $IIQGY2S.jpg.860329; MD5: e102ba8df52fd5fb062f6df3aa5a354c)

L:$RECYCLE.BIN$IM83OGM.jpg - Malware > Deleted. (15.05.30. 23.45 $IM83OGM.jpg.415944; MD5: fcacfa4923fe08592ccc0b5ffe1c5443)

L:$RECYCLE.BIN$IKJKUHC.jpg - Malware > Deleted. (15.05.30. 23.45 $IKJKUHC.jpg.388579; MD5: 1ccc1b18621fe08fb74cdaf63423ebdf)

L:$RECYCLE.BIN$II314TG.jpg - Malware > Deleted. (15.05.30. 23.45 $II314TG.jpg.620408; MD5: b3fa94645adda2bbf0bf1c6574a65c31)

L:$RECYCLE.BIN$INP34VZ.jpg - Malware > Deleted. (15.05.30. 23.45 $INP34VZ.jpg.167933; MD5: 485076b3215b56929cd8558dbfd2fc81)

L:$RECYCLE.BIN$I4QCAPV.jpg - Malware > Deleted. (15.05.30. 23.45 $I4QCAPV.jpg.227156; MD5: 781cac69e0de69a4ebeca8f42b0502f7)

L:$RECYCLE.BIN$IVUF4ZO.jpg - Malware > Deleted. (15.05.30. 23.45 $IVUF4ZO.jpg.190432; MD5: bf44fc5131d51fb8189ad7c9fbaa5cfb)

L:$RECYCLE.BIN$I22D9AH.jpg - Malware > Deleted. (15.05.30. 23.45 $I22D9AH.jpg.2399; MD5: 5eb1cc34ea2ec8d6b893684b02d5dde5)

L:$RECYCLE.BIN$IO33TQ2.jpg - Malware > Deleted. (15.05.30. 23.45 $IO33TQ2.jpg.458176; MD5: ef61ba06be294919dfaf37b3909f3749)

L:$RECYCLE.BIN$IZCD3E0.jpg - Malware > Deleted. (15.05.30. 23.45 $IZCD3E0.jpg.722804; MD5: d4d75e765f6f07cc841ec83b2c0a8b62)

L:$RECYCLE.BIN$IJG9QQL.jpg - Malware > Deleted. (15.05.30. 23.45 $IJG9QQL.jpg.302821; MD5: b2a3ec94eef6fd40c6ce4925e6bf0b3d)

L:$RECYCLE.BIN$IPR1KBX.jpg - Malware > Deleted. (15.05.30. 23.45 $IPR1KBX.jpg.500453; MD5: 7332695b38ee75f7edf9ba6ed1a0ace7)

L:$RECYCLE.BIN$I10VOJW - Malware > Deleted. (15.05.30. 23.45 $I10VOJW.124201; MD5: c6c8b158cf273c8e8f53888458643c45)

L:$RECYCLE.BIN$IHSUWEA - Malware > Deleted. (15.05.30. 23.45 $IHSUWEA.892437; MD5: 07e1152db5ad4645e56e80a234f13fa7)

L:$RECYCLE.BIN$IEQ0ZIL - Malware > Deleted. (15.05.30. 23.45 $IEQ0ZIL.256904; MD5: a5f9affd33b18f6ed8ef6d5802c4f660)

L:$RECYCLE.BIN$IGEPLPR - Malware > Deleted. (15.05.30. 23.45 $IGEPLPR.43463; MD5: da58e81182f0a3c75d45a24ce1dac787)

L:$RECYCLE.BIN$I0YAETW - Malware > Deleted. (15.05.30. 23.45 $I0YAETW.588845; MD5: 9f1e4e6957d27e843a3cd3e8017d8218)

L:$RECYCLE.BIN$IH6CYKL - Malware > Deleted. (15.05.30. 23.45 $IH6CYKL.359224; MD5: 8525bde7652d8301309745175ec96ff2)

L:$RECYCLE.BIN$IQOAW6R - Malware > Deleted. (15.05.30. 23.45 $IQOAW6R.733573; MD5: 1b5ca21019b3af7371083053afa2aa74)

L:$RECYCLE.BIN$I5G3FMO.JPG - Malware > Deleted. (15.05.30. 23.45 $I5G3FMO.JPG.377569; MD5: c9f1b1d677a350c8eabff57deaa69f5c)

L:$RECYCLE.BIN$IPYJUZW.JPG - Malware > Deleted. (15.05.30. 23.45 $IPYJUZW.JPG.828273; MD5: 713161ba75ac2207a60d777d97c4a686)

L:$RECYCLE.BIN$IDOY1D0.JPG - Malware > Deleted. (15.05.30. 23.45 $IDOY1D0.JPG.554789; MD5: 21fbd56c34f2c3046433e37e97173f69)

L:$RECYCLE.BIN$I92XZHA.JPG - Malware > Deleted. (15.05.30. 23.45 $I92XZHA.JPG.263988; MD5: 0ff62e4cd4174b05d780658880291fd4)

=> Malicious files : 60/60 deleted.

::::: Scan duration: 3sec ::::::::::::::::::

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:48:34 > Drive H: - scan started (Elements ~1863 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:51:15 > Drive K: - scan started (EOS_DIGITAL ~30016 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:52:27 > Drive K: - scan started (no label ~30179 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:55:18 > Drive K: - scan started (no label ~7572 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:56:16 > Drive K: - scan started (BLACKBERRY ~1882 MB, FAT flash drive )…

=> The drive is clean.

12

Sorry, I will paste the allscans log from MCshield here under.

One thing: one of my external hard drive is still behaving as it was infected. There is a folder called “System Volume Information” that was not there previously and that I can’t delete.
Also MCShield recognized a malware when I connected this HDD through USB today.
How can I make sure this disk is safe?

MC Shield log:

MCShield AllScans.txt <<<

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:37:36 > Drive C: - scan started (OS ~279 GB, NTFS HDD )…

=> The drive is clean.

30/05/2015 23:37:36 > Drive D: - scan started (VIDEO_1 ~394 GB, NTFS HDD )…

=> The drive is clean.

30/05/2015 23:37:36 > Drive E: - scan started (VIDEO_2 ~349 GB, NTFS HDD )…

=> The drive is clean.

30/05/2015 23:37:37 > Drive F: - scan started (SDATA2 ~349 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:39:54 > Drive K: - scan started (EOS_DIGITAL ~30627 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:40:34 > Drive K: - scan started (H2N_SD ~3815 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:41:12 > Drive K: - scan started (EOS_DIGITAL ~30627 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:42:05 > Drive J: - scan started (no label ~7711 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:42:48 > Drive I: - scan started (WD 1To Gris ~931 GB, exFAT HDD )…

I:$RECYCLE.BIN$IB15XCT.003 - Malware > Deleted. (15.05.30. 23.42 $IB15XCT.003.180325; MD5: b01a20f17790d24599336df4161591bf)

I:$RECYCLE.BIN$IBS4LR0.000 - Malware > Deleted. (15.05.30. 23.42 $IBS4LR0.000.238411; MD5: 56fe539aaf13222e7fe28844b854d796)

I:$RECYCLE.BIN$IU7ZA8T.001 - Malware > Deleted. (15.05.30. 23.42 $IU7ZA8T.001.1836; MD5: 97300ca85128765d0d3ee73f92d1fa96)

I:$RECYCLE.BIN$IVARS8O.002 - Malware > Deleted. (15.05.30. 23.42 $IVARS8O.002.865887; MD5: 6c387a5bd67abaf539bbd2087497f7d1)

=> Malicious files : 4/4 deleted.

::::: Scan duration: 1sec ::::::::::::::::::

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:45:44 > Drive L: - scan started (INTENSO ~931 GB, exFAT HDD )…

L:$RECYCLE.BIN$IQTTO65.jpg - Malware > Deleted. (15.05.30. 23.45 $IQTTO65.jpg.601605; MD5: 508abee20017276f1755d01e622e053b)

L:$RECYCLE.BIN$IOO6SQI.jpg - Malware > Deleted. (15.05.30. 23.45 $IOO6SQI.jpg.174537; MD5: 1367a7bea64804b8a5e13398bef4bf98)

L:$RECYCLE.BIN$IFLTWTB.jpg - Malware > Deleted. (15.05.30. 23.45 $IFLTWTB.jpg.360799; MD5: a514d730cb661acf228f311fe4d30594)

L:$RECYCLE.BIN$IUPDKFU.jpg - Malware > Deleted. (15.05.30. 23.45 $IUPDKFU.jpg.414730; MD5: 173b33c8049135a21fc87885328b1e64)

L:$RECYCLE.BIN$IOVRV62.jpg - Malware > Deleted. (15.05.30. 23.45 $IOVRV62.jpg.619316; MD5: c4d7c34d091d91c04eaf45a3faf756ba)

L:$RECYCLE.BIN$IFA4FVR.jpg - Malware > Deleted. (15.05.30. 23.45 $IFA4FVR.jpg.566412; MD5: 041fa3a783dfad2b9d3eec46a670146d)

L:$RECYCLE.BIN$I0ARP1U.jpg - Malware > Deleted. (15.05.30. 23.45 $I0ARP1U.jpg.754817; MD5: fd31a9e55c2975f5d0a791e6b0428819)

L:$RECYCLE.BIN$I4MQDX6.jpg - Malware > Deleted. (15.05.30. 23.45 $I4MQDX6.jpg.360241; MD5: ede2e52d519301e8b78c4004898a6937)

L:$RECYCLE.BIN$I91VQBO.jpg - Malware > Deleted. (15.05.30. 23.45 $I91VQBO.jpg.681983; MD5: 53ee5d83cf478f56215cff1e50782fbe)

L:$RECYCLE.BIN$ICCDTE9.jpg - Malware > Deleted. (15.05.30. 23.45 $ICCDTE9.jpg.596718; MD5: 10c0d7bd01453141a2ae3f4c9c5f3a70)

L:$RECYCLE.BIN$IJ8VXKY.jpg - Malware > Deleted. (15.05.30. 23.45 $IJ8VXKY.jpg.6840; MD5: b2c11a705c300480cc1ee5fea6f2ccfe)

L:$RECYCLE.BIN$I1LE6W9.jpg - Malware > Deleted. (15.05.30. 23.45 $I1LE6W9.jpg.681535; MD5: ae57f07187208f8d3f0f02422171dc19)

L:$RECYCLE.BIN$IMQC5FX.jpg - Malware > Deleted. (15.05.30. 23.45 $IMQC5FX.jpg.63974; MD5: 05f387ecb3108077b6184bbb1b9863b8)

L:$RECYCLE.BIN$IUEH6BP.jpg - Malware > Deleted. (15.05.30. 23.45 $IUEH6BP.jpg.152541; MD5: 73c429b2edd71e74fca8700ef046da40)

L:$RECYCLE.BIN$IOXBXAN.jpg - Malware > Deleted. (15.05.30. 23.45 $IOXBXAN.jpg.49958; MD5: 2ce614338b04ed3215a58640771e4128)

L:$RECYCLE.BIN$IMDQSS6.jpg - Malware > Deleted. (15.05.30. 23.45 $IMDQSS6.jpg.731606; MD5: 2f9ccf5cecd5e39664c6b8e05ddca0e2)

L:$RECYCLE.BIN$I4I2FJ5.jpg - Malware > Deleted. (15.05.30. 23.45 $I4I2FJ5.jpg.296449; MD5: 4d1da66e1be9233e92272307b95f81eb)

L:$RECYCLE.BIN$IEJ62Q2.jpg - Malware > Deleted. (15.05.30. 23.45 $IEJ62Q2.jpg.287408; MD5: 9ef16093f0c92abcfbb8b16990e17715)

L:$RECYCLE.BIN$I8D1EV7.jpg - Malware > Deleted. (15.05.30. 23.45 $I8D1EV7.jpg.680910; MD5: bacdfcecf03d6f6638161f5c4d50a236)

L:$RECYCLE.BIN$IN6PET7.jpg - Malware > Deleted. (15.05.30. 23.45 $IN6PET7.jpg.166250; MD5: af4fb90d56cad2e03a23e683fa7d02f4)

L:$RECYCLE.BIN$IW01AVB.jpg - Malware > Deleted. (15.05.30. 23.45 $IW01AVB.jpg.788861; MD5: 53652061ab51b6158be25aa13d590505)

L:$RECYCLE.BIN$I16WCZY.jpg - Malware > Deleted. (15.05.30. 23.45 $I16WCZY.jpg.950721; MD5: 8cfc40f54b8da99b777b3232d71fb2c1)

L:$RECYCLE.BIN$IGKF5VV.jpg - Malware > Deleted. (15.05.30. 23.45 $IGKF5VV.jpg.557151; MD5: f99f6ca778ea414e2560f9d84ebac733)

L:$RECYCLE.BIN$IKJ8KNJ.jpg - Malware > Deleted. (15.05.30. 23.45 $IKJ8KNJ.jpg.363958; MD5: 6efbbdedcaececce7bd29851c37ae2bc)

L:$RECYCLE.BIN$I7JAOVP.jpg - Malware > Deleted. (15.05.30. 23.45 $I7JAOVP.jpg.654125; MD5: 4b5451f783633627c693b2592ffb5fb4)

L:$RECYCLE.BIN$IB9CZQY.jpg - Malware > Deleted. (15.05.30. 23.45 $IB9CZQY.jpg.518045; MD5: 8b56b0612e72809683b277b83b4a1f60)

L:$RECYCLE.BIN$ISA5LFK.jpg - Malware > Deleted. (15.05.30. 23.45 $ISA5LFK.jpg.362504; MD5: f9ec8ca5c49cb01c53173224fb91bece)

L:$RECYCLE.BIN$IWATO6S.jpg - Malware > Deleted. (15.05.30. 23.45 $IWATO6S.jpg.438913; MD5: b527b3a55fbb01ac6638b08dcd5ff05f)

L:$RECYCLE.BIN$IECQOIS.jpg - Malware > Deleted. (15.05.30. 23.45 $IECQOIS.jpg.832854; MD5: 965bd48b9637068809bf9b39b4bec723)

L:$RECYCLE.BIN$ID0CMSZ.jpg - Malware > Deleted. (15.05.30. 23.45 $ID0CMSZ.jpg.883987; MD5: 3743b1613a9e5955f90864f547a12b46)

L:$RECYCLE.BIN$I4RMA1L.jpg - Malware > Deleted. (15.05.30. 23.45 $I4RMA1L.jpg.462080; MD5: 3077d8a6643ef71c8226d0434a697fc6)

L:$RECYCLE.BIN$IP9RH84.jpg - Malware > Deleted. (15.05.30. 23.45 $IP9RH84.jpg.607759; MD5: 1c2e55aa472ed3275830da8713e6809c)

L:$RECYCLE.BIN$IG5E7H5.jpg - Malware > Deleted. (15.05.30. 23.45 $IG5E7H5.jpg.262732; MD5: 74b1b2accc5d930ca61df7e545630a6a)

L:$RECYCLE.BIN$IAM3ZZ1.jpg - Malware > Deleted. (15.05.30. 23.45 $IAM3ZZ1.jpg.202875; MD5: f846bfb2fd5fd8bec2f530704b289d4d)

L:$RECYCLE.BIN$IRDSJI7.jpg - Malware > Deleted. (15.05.30. 23.45 $IRDSJI7.jpg.21926; MD5: 961f2e36b0507f38ee09dd99b08b35d3)

L:$RECYCLE.BIN$IUM6UEJ.jpg - Malware > Deleted. (15.05.30. 23.45 $IUM6UEJ.jpg.177489; MD5: 41cbcef129ab2edc6c9cf1527670c8ff)

L:$RECYCLE.BIN$I11CLMC.jpg - Malware > Deleted. (15.05.30. 23.45 $I11CLMC.jpg.14863; MD5: a587bf7df9d87b683d947daef1d65a72)

L:$RECYCLE.BIN$IIQGY2S.jpg - Malware > Deleted. (15.05.30. 23.45 $IIQGY2S.jpg.860329; MD5: e102ba8df52fd5fb062f6df3aa5a354c)

L:$RECYCLE.BIN$IM83OGM.jpg - Malware > Deleted. (15.05.30. 23.45 $IM83OGM.jpg.415944; MD5: fcacfa4923fe08592ccc0b5ffe1c5443)

L:$RECYCLE.BIN$IKJKUHC.jpg - Malware > Deleted. (15.05.30. 23.45 $IKJKUHC.jpg.388579; MD5: 1ccc1b18621fe08fb74cdaf63423ebdf)

L:$RECYCLE.BIN$II314TG.jpg - Malware > Deleted. (15.05.30. 23.45 $II314TG.jpg.620408; MD5: b3fa94645adda2bbf0bf1c6574a65c31)

L:$RECYCLE.BIN$INP34VZ.jpg - Malware > Deleted. (15.05.30. 23.45 $INP34VZ.jpg.167933; MD5: 485076b3215b56929cd8558dbfd2fc81)

L:$RECYCLE.BIN$I4QCAPV.jpg - Malware > Deleted. (15.05.30. 23.45 $I4QCAPV.jpg.227156; MD5: 781cac69e0de69a4ebeca8f42b0502f7)

L:$RECYCLE.BIN$IVUF4ZO.jpg - Malware > Deleted. (15.05.30. 23.45 $IVUF4ZO.jpg.190432; MD5: bf44fc5131d51fb8189ad7c9fbaa5cfb)

L:$RECYCLE.BIN$I22D9AH.jpg - Malware > Deleted. (15.05.30. 23.45 $I22D9AH.jpg.2399; MD5: 5eb1cc34ea2ec8d6b893684b02d5dde5)

L:$RECYCLE.BIN$IO33TQ2.jpg - Malware > Deleted. (15.05.30. 23.45 $IO33TQ2.jpg.458176; MD5: ef61ba06be294919dfaf37b3909f3749)

L:$RECYCLE.BIN$IZCD3E0.jpg - Malware > Deleted. (15.05.30. 23.45 $IZCD3E0.jpg.722804; MD5: d4d75e765f6f07cc841ec83b2c0a8b62)

L:$RECYCLE.BIN$IJG9QQL.jpg - Malware > Deleted. (15.05.30. 23.45 $IJG9QQL.jpg.302821; MD5: b2a3ec94eef6fd40c6ce4925e6bf0b3d)

L:$RECYCLE.BIN$IPR1KBX.jpg - Malware > Deleted. (15.05.30. 23.45 $IPR1KBX.jpg.500453; MD5: 7332695b38ee75f7edf9ba6ed1a0ace7)

L:$RECYCLE.BIN$I10VOJW - Malware > Deleted. (15.05.30. 23.45 $I10VOJW.124201; MD5: c6c8b158cf273c8e8f53888458643c45)

L:$RECYCLE.BIN$IHSUWEA - Malware > Deleted. (15.05.30. 23.45 $IHSUWEA.892437; MD5: 07e1152db5ad4645e56e80a234f13fa7)

L:$RECYCLE.BIN$IEQ0ZIL - Malware > Deleted. (15.05.30. 23.45 $IEQ0ZIL.256904; MD5: a5f9affd33b18f6ed8ef6d5802c4f660)

L:$RECYCLE.BIN$IGEPLPR - Malware > Deleted. (15.05.30. 23.45 $IGEPLPR.43463; MD5: da58e81182f0a3c75d45a24ce1dac787)

L:$RECYCLE.BIN$I0YAETW - Malware > Deleted. (15.05.30. 23.45 $I0YAETW.588845; MD5: 9f1e4e6957d27e843a3cd3e8017d8218)

L:$RECYCLE.BIN$IH6CYKL - Malware > Deleted. (15.05.30. 23.45 $IH6CYKL.359224; MD5: 8525bde7652d8301309745175ec96ff2)

L:$RECYCLE.BIN$IQOAW6R - Malware > Deleted. (15.05.30. 23.45 $IQOAW6R.733573; MD5: 1b5ca21019b3af7371083053afa2aa74)

L:$RECYCLE.BIN$I5G3FMO.JPG - Malware > Deleted. (15.05.30. 23.45 $I5G3FMO.JPG.377569; MD5: c9f1b1d677a350c8eabff57deaa69f5c)

L:$RECYCLE.BIN$IPYJUZW.JPG - Malware > Deleted. (15.05.30. 23.45 $IPYJUZW.JPG.828273; MD5: 713161ba75ac2207a60d777d97c4a686)

L:$RECYCLE.BIN$IDOY1D0.JPG - Malware > Deleted. (15.05.30. 23.45 $IDOY1D0.JPG.554789; MD5: 21fbd56c34f2c3046433e37e97173f69)

L:$RECYCLE.BIN$I92XZHA.JPG - Malware > Deleted. (15.05.30. 23.45 $I92XZHA.JPG.263988; MD5: 0ff62e4cd4174b05d780658880291fd4)

=> Malicious files : 60/60 deleted.

::::: Scan duration: 3sec ::::::::::::::::::

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:48:34 > Drive H: - scan started (Elements ~1863 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:51:15 > Drive K: - scan started (EOS_DIGITAL ~30016 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:52:27 > Drive K: - scan started (no label ~30179 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:55:18 > Drive K: - scan started (no label ~7572 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

30/05/2015 23:56:16 > Drive K: - scan started (BLACKBERRY ~1882 MB, FAT flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

31/05/2015 12:41:17 > Drive H: - scan started (no label ~3817 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

31/05/2015 16:54:24 > Drive L: - scan started (INTENSO ~931 GB, exFAT HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

1/06/2015 13:18:24 > Drive H: - scan started (no label ~3817 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

1/06/2015 18:10:44 > Drive L: - scan started (INTENSO ~931 GB, exFAT HDD )…

L:$RECYCLE.BIN$IUYFOAY.Trashes - Malware > Deleted. (15.06.01. 18.10 $IUYFOAY.Trashes.626354; MD5: d2a4bd62ca20ab1d459431e94dedd035)

L:$RECYCLE.BIN$I7UC8XH.Spotlight-V100 - Malware > Deleted. (15.06.01. 18.10 $I7UC8XH.Spotlight-V100.231910; MD5: 4d66d0e220a44bf4cc0ffe9e74a6853e)

L:$RECYCLE.BIN$IJQKAIF.TemporaryItems - Malware > Deleted. (15.06.01. 18.10 $IJQKAIF.TemporaryItems.27959; MD5: dbf92faea6a8936081da3c2c9e3c8376)

L:$RECYCLE.BIN$IZ8H93S.TemporaryItems - Malware > Deleted. (15.06.01. 18.10 $IZ8H93S.TemporaryItems.236218; MD5: 9710c04c4670aacc6f55731609e384ce)

L:$RECYCLE.BIN$RZ8H93S.TemporaryItems - Malware > Deleted. (15.06.01. 18.10 $RZ8H93S.TemporaryItems.332481; MD5: f9e90e04b2ae7c188a55c0eb0655f8eb)

L:$RECYCLE.BIN$ICY11HJ.Trashes - Malware > Deleted. (15.06.01. 18.10 $ICY11HJ.Trashes.714132; MD5: 5d5a8b50ee90182d82f46fb75a8c8848)

L:$RECYCLE.BIN$RCY11HJ.Trashes - Malware > Deleted. (15.06.01. 18.10 $RCY11HJ.Trashes.794215; MD5: f9e90e04b2ae7c188a55c0eb0655f8eb)

L:$RECYCLE.BIN$IYETF4R - Malware > Deleted. (15.06.01. 18.10 $IYETF4R.275006; MD5: 7ee748860fee39fec13c74fb0a6f1bb7)

L:$RECYCLE.BIN$I5WKNMH - Malware > Deleted. (15.06.01. 18.10 $I5WKNMH.429038; MD5: a0b75b015e8aa73318ee20d16f4720c7)

L:$RECYCLE.BIN$I6Q1DK3 - Malware > Deleted. (15.06.01. 18.10 $I6Q1DK3.969872; MD5: 795b6dfc9544c205056a1f0a823803c9)

L:$RECYCLE.BIN$IUMS1F1 - Malware > Deleted. (15.06.01. 18.10 $IUMS1F1.537250; MD5: 5aaab7fcb29901ba3f279b88fef64d6c)

=> Malicious files : 11/11 deleted.

::::: Scan duration: 1sec ::::::::::::::::::

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

1/06/2015 20:07:32 > Drive K: - scan started (EOS_DIGITAL ~30627 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

1/06/2015 20:22:03 > Drive K: - scan started (H2N_SD ~3815 MB, FAT32 flash drive )…

=> The drive is clean.

13
Also MCShield recognized a malware when I connected this HDD through USB today. How can I make sure this disk is safe?
what does MCShield say if you reconect?

do you have more then one computer?..recomended to install MCShield on all computers you have

One thing: one of my external hard drive is still behaving as it was infected. There is a folder called[b] "System Volume Information"[/b] that was not there previously and that I can't delete.
restorepoint folder .... but why it is on a external drive i do not know?
14

I just tried to reconnect and a malware was found, here is the log:

Yes I have a second computer, but it’s a Mac, that’s why I was asking if Macs could be infected by this Virus, according to somone else on this thread it’s unlikely.

Log:

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<

1/06/2015 22:13:01 > Drive L: - scan started (INTENSO ~931 GB, exFAT HDD )…

L:$RECYCLE.BIN$I9W9U3Y.jpg - Malware > Deleted. (15.06.01. 22.13 $I9W9U3Y.jpg.114956; MD5: 1a8307ee3470e5549a7cf640bf28f899)

L:$RECYCLE.BIN$IUFHBAL.jpg - Malware > Deleted. (15.06.01. 22.13 $IUFHBAL.jpg.110725; MD5: 5e6cc45e4c2bad8023379b7342a4f0f4)

L:$RECYCLE.BIN$RUFHBAL.jpg - Malware > Deleted. (15.06.01. 22.13 $RUFHBAL.jpg.115896; MD5: 9d6740a7749cc8b195196583589503ab)

L:$RECYCLE.BIN$IDYPSEU.jpg - Malware > Deleted. (15.06.01. 22.13 $IDYPSEU.jpg.760372; MD5: 307f40570a113480eba88620d858956a)

L:$RECYCLE.BIN$I4XHPBQ.jpg - Malware > Deleted. (15.06.01. 22.13 $I4XHPBQ.jpg.778007; MD5: 9bb90fa2d583ff6d9e2dd538d71a6438)

L:$RECYCLE.BIN$I3KJAM4.jpg - Malware > Deleted. (15.06.01. 22.13 $I3KJAM4.jpg.944677; MD5: cc54f5d5eb38285167e623632f6d7a03)

L:$RECYCLE.BIN$IKG8AGZ.JPG - Malware > Deleted. (15.06.01. 22.13 $IKG8AGZ.JPG.897196; MD5: 87838282bea5cc123af8022502403c95)

L:$RECYCLE.BIN$RKG8AGZ.JPG - Malware > Deleted. (15.06.01. 22.13 $RKG8AGZ.JPG.268719; MD5: 15e955ebffcf854c938294cc7c3448ee)

L:$RECYCLE.BIN$I0ZLQFJ.JPG - Malware > Deleted. (15.06.01. 22.13 $I0ZLQFJ.JPG.330741; MD5: 1a536a5d2dee5a6e3dac4f29a19190c8)

L:$RECYCLE.BIN$R0ZLQFJ.JPG - Malware > Deleted. (15.06.01. 22.13 $R0ZLQFJ.JPG.942680; MD5: 24f68cbaa6f5b25cf7f7e7f9b83d1bf7)

L:$RECYCLE.BIN$I0FPF0J.JPG - Malware > Deleted. (15.06.01. 22.13 $I0FPF0J.JPG.217716; MD5: 46badf2cf4b7a218cb6220191088ebd2)

L:$RECYCLE.BIN$IEHCYU4.JPG - Malware > Deleted. (15.06.01. 22.13 $IEHCYU4.JPG.358323; MD5: 2ccc6b959546b372d6f0824b117bd7a1)

L:$RECYCLE.BIN$IQ137N6 - Malware > Deleted. (15.06.01. 22.13 $IQ137N6.84970; MD5: 2f6dbc24bbd563727206c230bd3f8ac9)

=> Malicious files : 13/13 deleted.

::::: Scan duration: 10sec :::::::::::::::::

15

you have a recycle bin on your external drive?

16

No I don’t have a recyle bin on the external drive.
But when the virus first infected this drive it created a few weird folers, one had the name of this recycle bin that we see on the MCshiel logs.

Also another folder was created by the virus on my external drive, but this one I could not delete. When I try to delete it, it remains. See picture on attachment.

Do you think the virus can dammage the files that are on this external drive? Those are pretty important to me (work).

What can I do to clean this drive?

17

Unplug all drives and do not plug them back until I tell you.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

18

OK, I noticed that 2 of my external hard drives are still infected. I will not plug them back until you tell me.

Here are the two logs in attachment.

19

PC seems clean. Just plug your external drives and MCShield will scan them and remove the infection.

20

I did, they seem clean indeed.

Could we wait 1 or 2 days before closing this thread? I want to make sure virus is effectively gone.

Anything else I should do?

Thank you.