Shortcut virus - location: cmd (C:\Windows\System32)!! Please Help Again

Shortcut virus - location: cmd (C:\Windows\System32) ???

Dear all and TwinHeadedEagle:

I read a topic related to the virus above and the solution that was offered included the following steps:

Download AdwCleaner by Xplode and save to your Desktop - Post logfile will also be saved in the C:\AdwCleaner folder.
download GMER, AntiRootkit tool from the link below and save it to your Desktop - Attach Gmer logreports.
download Farbar Recovery Scan Tool by Farbar and save it to your desktop - Please attach it to your reply log (FRST.txt) and log (Addition.txt).

then TwinHeadedEagle provided a code to past in the computer but the solution says it was based on that particular computer and topic and it should not be used by other.

I have the same virus and I followed the steps above and I was hoping that i can get the code that is suitable to my computer and case based on the attached logs

Thank you in advance for you time

Ambo ::slight_smile:

disconnect any USB drives…

malware experts are notified, it may take some hours before they are online

Please download Anti-VBSVBE and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double click to run the tool and wait until it finishes.
[*]It will make a log named Anti-VBSVBE.txt. Please attach it to your reply.

Please also attach the OTL log.

No need for OTL, FRST is enough…and Anti VBS/VBE will do the job…

Thanks a lot for your prompt reply

attached is the log

Ambo

I’ll be offline for couple of hours, I reply as soon as I get home.

Thanks… I will be waiting

Ambo ::slight_smile:

Download attached fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Thanks again…

Log is attached

Ambo

Ok, run FRST one more and attach fresh report for final check:

It says: No fixlist.txt found
The fixlist.txt should be in the same folder/directory the tool is located :-\

Should I download the same fixlist you sent earlier one more time to the desktop and then run the fix?

Ambo

you have already run the fix … run a normal scan :wink:

Ok… I got it… here you go

Thanks for the note

Ambo

Good, PC is clean, let’s disinfect your USB

Please download MCShield from one of the following links:

MCShield -Official download link
Softpedija -mirror download link

[*]Double click on MCShield-Setup to install the application.
Next => I Agree => Next => Install … per installation click on Run! button.
[]Wait a few seconds to MCShield finish initial HDD scan…
[
]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
[*]When all scanning is done, you need to post a logreport that MCShield has created.

Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.

=> Post here AllScanst.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

Thanks a lot :smiley:

Attached is the file…

Thank you for putting your time and effort into this. May you be rewarded with all goodness in return.

Ambo

Everything should be good now, do you agree?

Very much so :wink:

You are a star …

Ambo

Got it chief Pondus…

all tools used are removed now.

Thanx

Ambo