Shortcut virus - location: cmd (C:\Windows\System32)

Viruses and worms
1

My brother used his USB (Pendrive) on his friends computer and when he came back home and inserted the USB in the USB jack, all his files had turned into shortcut links. When trying to open the file it would prompt with a warning and then open. When i checked in the properties for the link target i found the following
“C:\Windows\system32\cmd.exe /c ren cfsdaacdfawd*.vbss *.vbs &start \cfsdaacdfawd\aiasfacoiaksf.vbs&start 99AGP22.docx&exit”. I am sure the USB and now my drive has been infected with some malware. Hence I researched on the net to see what can be done to fix it and bumped in to you site. I have followed the following link “https://forum.avast.com/index.php?topic=138715.0” and was able to download the GMER and run the scan, but then got a bluescreen (screen of death) and my computer rebooted.

Request you to please assist me in cleaning my Computer.

Thanks in anticipation

2

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Note: Unplug your USB first…!!

3
My brother used his USB (Pendrive) on his[b] friends computer[/b]
that also means his friends computer is infected and need cleaning.....
4

Hi All,

PFA the logs of the scan that were run by me. My aologies as I failed to save the log file of MBAM, if its important and required please do let me know and i will rescan my computer for the same.

5

PFA the scan logs for MCShield.

6

Preserve MCShield in ansi

7

alternative since it is short … copy and paste it

8

MCSHIELD log

MCShield AllScans.txt <<<

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/1/2014 2:56:24 AM > Drive C: - scan started (no label ~98 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 2:56:24 AM > Drive D: - scan started (Arman ~195 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 2:56:24 AM > Drive E: - scan started (Phiroz ~173 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/1/2014 2:58:31 AM > Drive H: - scan started (PHIROZ KHAN ~15344 MB, FAT32 flash drive )…

H:\Tally\spnsrvnt.exe - Malware > Deleted. (14.09.01. 03.00 spnsrvnt.exe.60345; MD5: 8062f8199606cba7875137a5065a6568)

H:\RECYCLER
H:\RECYCLER\dEsKtOp.InI (MD5: 295e2c458447ad6c7315fb993804a7de)
H:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665

H:\Recycler - Malware (folder) > Deleted. (14.09.01. 03.00 Recycler.195243)

=> Malicious files : 2/2 deleted.
=> Malicious folders : 2/2 deleted.

::::: Scan duration: (Interactive mode) ::::

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/1/2014 8:04:06 AM > Drive C: - scan started (no label ~98 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 8:04:07 AM > Drive D: - scan started (Arman ~195 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 8:04:07 AM > Drive E: - scan started (Phiroz ~173 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/1/2014 8:05:04 AM > Drive H: - scan started (PHIROZ KHAN ~15344 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/1/2014 8:13:24 AM > Drive H: - scan started (PHIROZ KHAN ~15344 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/1/2014 8:51:35 AM > Drive C: - scan started (no label ~98 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 8:51:35 AM > Drive D: - scan started (Arman ~195 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 8:51:35 AM > Drive E: - scan started (Phiroz ~173 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/1/2014 1:51:38 PM > Drive C: - scan started (no label ~98 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 1:51:39 PM > Drive D: - scan started (Arman ~195 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 1:51:40 PM > Drive E: - scan started (Phiroz ~173 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/1/2014 1:57:53 PM > Drive C: - scan started (no label ~98 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 1:57:53 PM > Drive D: - scan started (Arman ~195 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 1:57:53 PM > Drive E: - scan started (Phiroz ~173 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/1/2014 4:47:21 PM > Drive C: - scan started (no label ~98 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 4:47:23 PM > Drive D: - scan started (Arman ~195 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 4:47:23 PM > Drive E: - scan started (Phiroz ~173 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/1/2014 7:36:48 PM > Drive C: - scan started (no label ~98 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 7:36:48 PM > Drive D: - scan started (Arman ~195 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 7:36:48 PM > Drive E: - scan started (Phiroz ~173 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/1/2014 7:42:47 PM > Drive C: - scan started (no label ~98 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 7:42:47 PM > Drive D: - scan started (Arman ~195 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 7:42:48 PM > Drive E: - scan started (Phiroz ~173 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/1/2014 7:50:48 PM > Drive C: - scan started (no label ~98 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 7:50:48 PM > Drive D: - scan started (Arman ~195 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 7:50:48 PM > Drive E: - scan started (Phiroz ~173 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/1/2014 9:13:27 PM > Drive C: - scan started (no label ~98 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 9:13:27 PM > Drive D: - scan started (Arman ~195 GB, NTFS HDD )…

=> The drive is clean.

9/1/2014 9:13:28 PM > Drive E: - scan started (Phiroz ~173 GB, NTFS HDD )…

=> The drive is clean.

9

Hello Team,

Help needed please let me know the further course of action.

Thank you,
Regards,
Jaffer Khan

10

Thanks you for your valuable INCOMPLETE support extended to me while I needed it the most.

I have managed to fix my computer myself without formatting it.

Thanks again