You see, my USB drive had been infected by shortcut virus so I was trying to remove it with the Command Prompt so I typed this command:
attrib -r -h -s /d /s .
and then: @echo off
cls
del /f /s /q /a *.lnk
but I by mistake forgot to replace the root directory (C: drive) with the USB flash drive letter, now my computer it’s all a mess
Years ago the analysts in this forum helped me a lot ;D. I was wondering if I can use the Farbar Recovery Scan Tool to solve this
Okay thank you very much, just give me a moment
AllScans log, that’s right?
…
Well, something went wrong, USB Drive not showing up in AllScans.txt tab neither LastScan.txt tab, but in “My computer” the USB drive were there, and again all files were in shortcut having destination folder as cmd (C:\Windows\System32), that’s why I opened the Command Prompt
Here it is my MCShield LastScan log
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
22/03/2018 09:41:27 a. m. > Unidad C: - análisis comenzó (OS ~917 GB, NTFS HDD )...
=> El disco está limpio.
Latest Allscans log (AllScans list is too long) and all of them from february
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
11/02/2018 11:13:27 a. m. > Unidad C: - análisis comenzó (OS ~917 GB, NTFS HDD )...
=> El disco está limpio.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
11/02/2018 06:45:42 p. m. > Unidad C: - análisis comenzó (OS ~917 GB, NTFS HDD )...
=> El disco está limpio.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
12/02/2018 10:03:41 a. m. > Unidad C: - análisis comenzó (OS ~917 GB, NTFS HDD )...
=> El disco está limpio.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
12/02/2018 02:19:19 p. m. > Unidad C: - análisis comenzó (OS ~917 GB, NTFS HDD )...
=> El disco está limpio.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
14/02/2018 09:00:54 a. m. > Unidad C: - análisis comenzó (OS ~917 GB, NTFS HDD )...
=> El disco está limpio.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
16/02/2018 07:21:53 a. m. > Unidad C: - análisis comenzó (OS ~917 GB, NTFS HDD )...
=> El disco está limpio.
Please don’t go messing about with FRST commands without instructions. You may end up doing more damage then good - especially when it comes to your Registry.
Edit: Is Windows pirated?
KMS-R@1n is commonly associated with pirated copies of Windows.
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Thank you very much, just one last question. I’d like to know, could you please explain it to me?. FRST log report include the following: LastRegBack: 2018-03-22 03:50 (prior to that date I hadn’t done anything yet)
At first I thought this will work, but it’s not really the case.
FRST looks into the system and lists the last registry backup made by the system. [b][u]The registry backup contains a backup of all the hives.[/u][/b] It is different from the LKGC (Last Known Good Configuration) backup of the ControlSet.
There are a number of reasons why you might want to use this backup as a solution to a problem but a common one is where loss or corruption has occurred.
For example, when a program is installed, a new subkey containing settings like a program's location, its version, and how to start the program, are all added to the Windows Registry.
Programs Location is exactly what the shortcut is pointing to. The registry itself wouldn’t store a reference to a reference to a program.