Asyn
42
system
44
i hav same problem solv me pl Z eagle sir
Mad, start your own thread. I haven’t seen Twin in a while, so it may be someone else.
system
46
here I hav sended my logs sir ? tel me nxt step ?
Alright then. Sit tight.
Install MCShield (http://www.mcshield.net/download.html) as you will need it.
Now wait, a Remover is online. However, he is usually quite busy…
system
50
OK SIR BUT BE quick to solve my problem plz
I am not “capable” of solving it. I am just a “mod”.
I can guess your issue was targeted by FRST as it removed a VBS file, but I can also guess you have a few other infections judging by the random processes running from your desktop…
Have you run MCShield ? If so could you attach the log
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKU\S-1-5-21-3781095135-741699957-74562839-1002\...\Run: [ads] => wscript.exe //B "C:\ProgramData\ads.vbs"
HKU\S-1-5-21-3781095135-741699957-74562839-1002\...\Run: [Windows Update] => C:\Google\Windowsupdate.lnk [758 2014-10-14] ()
HKU\S-1-5-21-3781095135-741699957-74562839-1002\...\Run: [AdopeUpdate] => C:\Google\GoogleUpdate.lnk [633 2014-10-14] ()
HKU\S-1-5-21-3781095135-741699957-74562839-1002\...\Run: [AdopeFlash] => C:\Google\AutoIt3.exe [750320 2012-01-29] (AutoIt Team)
HKU\S-1-5-21-3781095135-741699957-74562839-1002\...\MountPoints2: {089a935c-7254-11e4-8273-ec0ec4175d74} - "H:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-3781095135-741699957-74562839-1002\...\MountPoints2: {52953862-6b4e-11e4-826e-28d244d31175} - "H:\Windows/AutoRun.exe"
HKU\S-1-5-21-3781095135-741699957-74562839-1002\...\MountPoints2: {8128abd2-5a96-11e4-825a-ec0ec4175d74} - "H:\.\StartModem.exe"
HKU\S-1-5-21-3781095135-741699957-74562839-1002\...\MountPoints2: {a3d8d34b-635e-11e4-8263-28d244d31175} - "H:\Startme.exe"
HKU\S-1-5-21-3781095135-741699957-74562839-1002\...\MountPoints2: {f2d111c2-6b1e-11e4-826e-28d244d31175} - "H:\Windows/AutoRun.exe"
HKU\S-1-5-21-3781095135-741699957-74562839-1002\...\MountPoints2: {f2d111d8-6b1e-11e4-826e-28d244d31175} - "H:\Windows/AutoRun.exe"
Startup: C:\Users\Madhava004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ads.vbs ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51168;https=127.0.0.1:51168
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3781095135-741699957-74562839-1002 -> {0858ACCC-5861-414B-B5F1-97999198371C} URL =
2014-12-15 18:45 - 2014-12-17 20:04 - 00000906 _____ () C:\ProgramData\ProgramData.lnk
2014-12-15 18:44 - 2014-12-15 18:44 - 00000000 _RSHD () C:\Skypee
2014-12-15 18:44 - 2014-12-15 18:44 - 00000000 _RSHD () C:\Google
2014-12-15 18:43 - 2014-05-18 04:05 - 00024964 ___SH () C:\ProgramData\ads.vbs
2014-12-13 12:29 - 2014-12-13 12:29 - 00000000 ____D () C:\Users\Madhava004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate ZIP Cracker Trial
2014-12-13 12:29 - 2014-12-13 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate ZIP Cracker Trial
2014-12-13 12:29 - 2014-12-13 12:29 - 00000000 ____D () C:\Program Files (x86)\UZC Trial
2014-11-18 17:57 - 2014-11-18 17:57 - 00000000 ____D () C:\Program Files (x86)\b6f2344f-1e6b-46e8-b225-b143b03d9c83
2014-11-18 17:07 - 2014-11-18 17:07 - 00003174 _____ () C:\windows\System32\Tasks\{1D35AC7E-B58F-4434-AEF4-F61618FE7774}
2014-12-17 20:04 - 2014-08-20 17:24 - 01058373 _____ () C:\windows\SysWOW64\rootpa.e2e
C:\Google
C:\ProgramData\ads.vbs
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
system
53
ok I hav ur 2 steps and next is wat ?
system
55
sir are u thr ? plz finish last setup ? plz
Mad, we do have jobs outside of this. This is a volunteer position.
Your USB’s are infected. Grab them all, and one by one, plug them into your computer. Ensure MCShield is on and let MCShield scan it first and removed any present infections.
Then repost the Allscans.txt file please.
system
57
Sir but i hav sended them already and i deleted the shortcuts and restartd systm and i didnt them once again i think the virus is gone in my computr and when i insert usb it scanned and inserted for 2nd time it shows malware not detected wat does it mean ? The virus is gone ??? Plz tel me
The log (AllScans.txt) was BEFORE you scanned the USB’s. We need to see it AFTER you scanned them all.
system
59
Ya i inserted then it shows scan finishd and malware not detected and i hav not found any vshortcut virus my laptop and in my pendrives !!!
system
60
But whn i insert Pendriv in laptop the mc show pendrive scaned and malware not detected when i open pendrive no single files are in pendrive which is think virus gone