need help with Shortcut virus - location: cmd (C:\Windows\System32)

Viruses and worms
1

[s]here my log , i have limited time using internet services , check in again after 24hour

thx :D[/s] Edited - fixed , thx a lot :slight_smile: :slight_smile: :slight_smile: :slight_smile: :slight_smile: :slight_smile:

2

also see this https://forum.avast.com/index.php?topic=53253.0
scroll down to SPECIFIC INFECTIONS LOGS and follow MCShield instructions

this log must be copy and paste here, or we cant read it (a forum bug)

malware experts will be online later today

3

Infected with : VBS:Downloader-KO [Trj]

4

Did you get this from a USB stick ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\...\Run: [dygeanlxqx] => wscript.exe //B "C:\Users\ASUS\AppData\Roaming\dygeanlxqx..vbs" <===== ATTENTION HKU\S-1-5-21-1955019496-675886152-1796098013-1000\...\Run: [dygeanlxqx] => wscript.exe //B "C:\Users\ASUS\AppData\Roaming\dygeanlxqx..vbs" <===== ATTENTION Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dygeanlxqx..vbs [2013-07-27] () Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hyperion.vbs [2015-05-07] () U3 kxldrpoc; \??\C:\Users\ASUS\AppData\Local\Temp\kxldrpoc.sys [X] 2015-09-19 22:14 - 2013-07-27 07:41 - 0020883 ___SH () C:\Users\ASUS\AppData\Roaming\dygeanlxqx..vbs Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download Anti VBS/VBE to your desktop

[]download the appropriate version (32 bit or 64 bit) and double click the file to run it.
[]After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
[*]Post that report

Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run

FINALLY

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG

Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post that

5

Hello Avastnian, good day! i had this fixed with anti virus , i’am no longer need assistant , thx a BUNCH for starter , for Pondus , Eddy , essexboy ! keep up the good work! god bless you.

6

Please run the scans (Farbar and Malwarebytes at least) again and attach the new logs to your post.
Let us check if really everything is fine now.