please help me, looping worm in system32

hi :slight_smile:
last week my USB drive picked up a virus from an public cafe and my laptop was infected and now every time that I’ve inserted an USB in the laptop my files turned into shortcuts.
I right-clicked one of the shortcuts, and looked at where its target location is, and it’s somewhere in System32. When I scanned it with my anti virus its was checked and i already clean it, but after that i try to scan again, and that virus is still there
here is the picture, can someone help me?
[URL=http://splashurl.com/klrrbld

Unplug your usb storage devices …they will be cleaned later

Follow guide and attach logs http://forum.avast.com/index.php?topic=53253.0

We need Malwarebytes and OTL logs …

i already unplugged that usb device, yet when i scanned that virus show again
got it, i’ll download that program

Prior to running the required logs install and run this programme

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG

Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

here it is sir,then?

here it is sir, then?

Essexboy is the malware expert that will work your case, so follow his instructions :wink:

OK a bit more to do

Download Anti VBS/VBE to your desktop

[]download the appropriate version (32 bit or 64 bit) and double click the file to run it.
[
]After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
[*]Post that report

Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a35z0lsm)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1392246053&from=amt&uid=3219913727_67194_446C8918&q={searchTerms}
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-21-1963052789-2895225007-4193256896-1000..\Run: [app] wscript.exe //B "C:\ProgramData\app.vbe" File not found
O4 - Startup: C:\Users\All Users\A66554BEA6.sys ()
O4 - Startup: C:\Users\All Users\AVG [2013/04/11 13:47:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\AVG2012 [2014/02/12 13:15:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\AVG2013 [2012/12/23 22:51:49 | 000,000,000 | ---D | M]
[2014/02/15 00:00:07 | 000,000,000 | ---D | C] -- C:\Users\Ponk\AppData\Roaming\iWin
[2014/02/13 06:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie
[2014/02/13 06:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\SupTab
[2014/02/13 03:47:33 | 000,000,000 | ---D | C] -- C:\Users\Ponk\AppData\Local\genienext
[2014/02/13 03:47:32 | 000,000,000 | ---D | C] -- C:\Users\Ponk\Documents\Mobogenie
[2014/02/13 03:47:32 | 000,000,000 | ---D | C] -- C:\Users\Ponk\AppData\Local\Mobogenie
[2014/01/18 07:39:53 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2013/04/11 13:45:55 | 000,000,000 | ---D | M] -- C:\Users\Ponk\AppData\Roaming\AVG
[2013/03/28 16:36:06 | 000,000,000 | ---D | M] -- C:\Users\Ponk\AppData\Roaming\Awesomium
[2013/04/22 15:26:36 | 000,000,000 | ---D | M] -- C:\Users\Ponk\AppData\Roaming\Baidu Security

:Files
C:\Users\Ponk\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj
C:\Users\Ponk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjcphnhcddfjbkjnlkohdmadlpiapacn
C:\Users\Ponk\AppData\Local\Google\Chrome\User Data\Default\Extensions\onfjmocbcdglmhikonlckgkocinjoabj

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

FINALLY

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

thank you sir
here it the logs

How is the computer now, any remaining problems ?

yes when i scanned my system32 with my antivirus “Smadav” there still 35 virus, but when i plug usb device there is no shortcut anymore

I dont even know this Antivirus, i would head over to Avast Free, you have a software updater, better protection and
more users if you have a problem.
Also you will get a browsr cleanup to clean toolbars from browsers.

thanks for the suggestion, i’ll try use avast, still installing
and thanks so much for the help that really help me

Please wait for essexboy to give you an all clean, he will remove the used tools. :wink:

Out of curiosity what is smadav reporting ?