Shortcut virus - location: cmd (C:\Windows\System32)

Hi. :slight_smile: I’m having trouble with my micro SD card and USB. I inserted my USB in internet cafe and it got infected with the shortcut virus. The location of my files inside the USB is on Windows System32. I insert my USB on my PC and it got infected. Then everytime I insert USB in the PC, the files are turning into shortcut. So I read a forum and followed the instructions I read here on how to fix it.

https://forum.avast.com/index.php?topic=138715.msg1013290#msg1013290

I followed TwinHeadedEagle’s advice.
Attached here are my logreports in AdwCleaner, Gmer, FRST, and Addition. Please help me. Thank you so much in advance! :slight_smile:

Hi :slight_smile:

I’d be glad to help you, but I cannot find the reports attached. Please do it once more :slight_smile:

Cheers,
Naat

Naat, you’ll find them here: [s]https://forum.avast.com/index.php?msg=1116830[/s]

PS: Let me know when you’re done, I’ll remove the other post then.

Edit: Removed.

OK, thanks Asyn.

Jenny Rose, from now on please stick with this topic only and do not follow any other advice. Each case is individual here, so scripts and tools need to be used specifically for your problem.

Attach your logs only in this thread. For my convenience I’ve attached the files here.

Now please wait patiently as I will go through your logs.

I’m sorry. I’m a newbie here. :slight_smile: Here’s my attachments.

Okay Naat. :slight_smile: Thank you!

OK, let’s start the fight.
And no worries, everybody was a newbie once! I’ll try to give clear instructions enough to follow :slight_smile:

https://sites.google.com/site/cannedfixes/antivbsvbe/Anti-VBSVBEx86.png
Fix with Anti-VBSVBE

Please download Anti-VBSVBE by dr_bora and save it to your desktop.

[*]Right-click on
https://sites.google.com/site/cannedfixes/antivbsvbe/Anti-VBSVBEx86.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]You will be prompted that this fix won’t take much time.
[
]Upon completion, a logfile will open in the notepad. It will be also saved on your desktop.

Please include the content of this logfile in your next post.

Now this step contains disinfection of the infected USB stick. Please plugin when instructed, after the installation.

https://sites.google.com/site/cannedfixes/mcshield/logoMcShield.png
Scan with McSield

Please download McShield by dr_bora and save it to your desktop.

[*]Install it on your machine.
[*]It will initially run a scan and show the result as a toaster by the system clock.
[*]Start the Control Centre by clicking on the
https://sites.google.com/site/cannedfixes/mcshield/logoMcShield.png
icon in your system tray.
[*]Go to the Scanner tab and tick unhide items on flash drives.
[*]Plug in the drive and McShield will start a scan.
[*]A logfile of this scan may be found in the Logs tab of the main screen.

Please include that log in your next reply.

Finally please provide me a new, fresh FRST logfile along with Addition :slight_smile:

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Make sure that Addition option is checked.
[*]Press Scan button and wait.
[*]The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

NP Naat, and congrats to your graduation. :slight_smile:

Oops! I think something’s wrong with McShield. I don’t know if it really started scanning. :frowning:

Could you please be more specific…?

What happened after the installation? Did it perform the initial scan?

Yes, the initial scan is done. Then I insert my phone where the infected SD card is inserted. Then something popped up in the lower right of the screen saying that it is scanning my SD card but I didn’t see the process. Then after that, another txt file is opened. There’s the list of my infected files in my SD card.

So it’s perfectly how it should be :slight_smile:

Please post the necessary logs (as mentioned earlier), they will show me what we’re dealing with here.

However, after careful inspection of your FRST logs, I think that you really should start thinking about a new hard drive. See here:

Error: (08/18/2014 05:56:36 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block.
That means, we're nearly on the edge. If we hit a bad block, the drive could render unbootable...

I’d suggest to start thinking about backing-up your personal data.

Here’s the attachments.

Okay Naat! I’ll try if my brother would give me permission to backup all the files here. :slight_smile:

OK, but this changes my track a little.

  1. McShield’s logfile is saved as Unicode and it’s unreadable. Post it once more, just change it to ANSI mode.

  2. Backing up your data is a priority now. Hitting a bad sector my end the life of your OS. Should be done before proceeding.
    If you wish so, I can provide instructions how to do it from external Linux environment.

File attached. :slight_smile:

By the way, what do you mean by this… “If you wish so, I can provide instructions how to do it from external Linux environment.”
I didn’t understand. I’m sorry. :slight_smile:

I was referring to backing-up your data.

Sometimes bad sectors on a hard drive render machines unbootable. This means you may not be able to back it up from Windows, as it just won’t start. In that case I’ve got instructions for backing up data using external Linux environment.

Please let me know about the backup, then we will continue with our cleanup :slight_smile:

Oh okay. :slight_smile: if I use external Linux environment for backing up data, do I need to have some kind of storage device like USB, or external? Thanks again!

Whichever option will be used - you need to transfer your personal files to some outer media. All the stuff you wish to save should be copied out of the failing drive.

So you mean I really need to have some storage devices whether I use external Linux environment or not? :frowning: I don’t have one. :frowning: I have too many files. I only have 2GB flashdrive. Is there any other way to save my files without using USB? :frowning:

Hmmm… A couple of DVD’s?