Hi!

Yesterday I used my USB to print a document in an internet cafe. When I came back home I inserted the USB in my laptop and all my USB files turned into shorcuts.
Each time I erase the files and put new ones, they turn into shorcuts. I right-clicked one of the shortcuts, and looked at the target location, and it’s somewhere in System32, and the file in System32 that it highlights is cmd.exe
Basically, I have the same problem solved here:

http://forum.avast.com/index.php?topic=138715.0

but I guess each PC needs a special treatment in this matter. Thank you all for your answers

PS: I won’t insert any other USB until I’m sure it’s solved.

Peruse the thread here and attach the following logs –

[ol]- OTL.txt

• Extras.txt
• aswMBR Log
• MCShield[/ol]

A helper will be here to assist you.

I don’t get this

Maybe its not in their database yet.

Attach OTL and aswMBR logs here please.

because it is a filetype that Malwarebytes does not target?..

Done
the following are OTL logs

And these are aswMBR logs

i think all malware experts are in bed now so it will be some hours before they are online…

Did you tell mbam to scan the usb?
And get mcshield. ( http://www.mcshield.net/ )

the cleaning guys does this in a certain order Eddy … and Malwarebytes does not detect this if it is a VBS worm

I’m doing this before I go to sleep, that’s why I post so late

While I analyze your log, read my reply here and attach the MCShield log.

Hi Acnalb,

Did you knowingly make the following directory?

C:\Users\user\Desktop\fuck

[*]Step #1 Fix with OTL
[*]Re-run OTL by right clicking and choosing Run as administrator;
[*]Under the Custom Scans/Fixes Box copy and paste the following contents inside the code box.

:Commands
[createrestorepoint]

:OTL
O4 - HKU\S-1-5-21-157729090-2090861767-380975361-1000..\Run: [jSugLyCC] wscript.exe //B "C:\Users\user\AppData\Local\Temp\jSugLyCC.vbs" File not found
O13 - gopher Prefix: missing

:Commands
[emptytemp]

[*]Click on “Run Fix” and let the program run unhindered;
[]Your PC will reboot automatically and a log will be opened;
[]Please attach it in your next reply.
[/list]

[*]Step #2 Fix With Anti-VBS/VBE
Download and run the appropriate version from here. Let the scan finish and attach the log when done.

[*]Step #3 Scan with OTL

[*]Re-run OTL.exe
[*]Copy and Paste the following code inside the Custom Scans/Fixes box;

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
dir "%systemdrive%\*" /S /A:L /C
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

[list]
[*]Click the Quick Scan button;
[]After the scan two logs will be produced;
[]Attach the logs in your next reply

[*]Required Log(s):
[]OTL Log(s) –
[list][]OTL Fix Log;
[]OTL.txt
[]Anti-VBS Log
[/list]

Regards,
Valinorum

MCS log

Oh yes, I’m sorry! I was so angry about losing my files (all my university classes were there) so I created that directory and I put there the files I managed to save

Understood. I wanted to see if it was created under your consent or not. Proceed with my previous instructions.

yes, thank you! I’m in step 2. I was wondering what will happen with my USB driver, is there any way to save it too?

Well, step 3 is not finished yet. But while I was waiting, this appeared suddenly from nowhere and then disappeared (watch jpg file attached)

PS: I’m also attaching the logs from step 1 and 2

This is the log produced by step 3

That CMD window was a normal scenario of the OTL fix. How is your system running?