hi all!
my USB drive picked up a virus from an Internet cafe, and now every time that I’ve inserted an USB in the laptop my files turned into shortcuts. I right-clicked one of the shortcuts, and looked at where its target location is, and it’s somewhere in System32. When I open its target location, it takes me to System32, and the file in System32 that it highlights is cmd.exe
plzz help me:(
i found some old topic, and maby you can help me here? i need code for fixlist.txt
see here https://forum.avast.com/index.php?topic=53253.0
scroll down to SPECIFIC INFECTIONS LOGS run MCShield as instructed, this log you copy and paste in next reply
essexboy will be online later today and help you
ok thanks, im waiting him,
here log file from MCShield, its show me program deleted virus but after some seconds its back:(
Please attach the log again, this time saved as plain text (UTF-8)
again problem with log,
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2015.2.15.1 / Windows 8.1 <<<
17.02.2015 13:56:00 > Drive F: - scan started (no label ~1912 MB, FAT flash drive )…
—> Executing generic S&D routine… Searching for files hidden by malware…
—> Items to process: 1
—> F:\Sexy.jpg > unhidden.
F:\Sexy.lnk - Malware > Deleted. (15.02.17. 13.56 Sexy.lnk.650097; MD5: fde45e6ed202ee88663341bfffa68f27)
F:\MerciJacquieMichel.vbe - Malware > Deleted. (15.02.17. 13.56 MerciJacquieMichel.vbe.139808; MD5: 08efa9b636991a80da1a6fd09fccce5e)
F:\System Volume Information.lnk - Malware > Deleted. (15.02.17. 13.56 System Volume Information.lnk.912023; MD5: 866f6d8cd08f0d5f7d6c2aaad05421c6)
Resetting attributes: F:\System Volume Information < Successful.
=> Malicious files : 3/3 deleted.
=> Hidden folders : 1/1 unhidden.
=> Hidden files : 1/1 unhidden.
::::: Scan duration: (Interactive mode) ::::
nobody cant help me? :-[
Be patient, it might take a while…
in task manager im kill process lssass and Microsoft ® Windows Based Script Host,
after disable thise programs in autorun,
flash usb shows me file sexy( size 50 mg) im deleted , after reconect usb and it was empty no virus! im enable autorun process again and after restarting pc shortcut of sexy file ‘‘virus’’ again in my flash usb:((((
p.s. sory for my bad english 
Run MCShield on completion of the FRST fix please
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: HKU\S-1-5-21-2651378886-156977901-1411103180-1001\...\Run: [MerciJacquieMichel] => wscript.exe //B "C:\Users\anzori\AppData\Local\Temp\MerciJacquieMichel.vbe" <===== ATTENTION HKU\S-1-5-21-2651378886-156977901-1411103180-1001\...\Run: [Microsoft] => C:\Users\anzori\AppData\Roaming\lssass.exe [52428800 2012-12-10] () HKU\S-1-5-21-2651378886-156977901-1411103180-1001\...\Run: [HKCU] => C:\Users\anzori\AppData\Roaming\windir\svchost.exe [52428800 2012-12-10] () Startup: C:\Users\anzori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MerciJacquieMichel.vbe () U3 pxldrpog; \??\C:\Users\anzori\AppData\Local\Temp\pxldrpog.sys [X] 2015-02-16 21:34 - 2012-12-10 15:48 - 52428800 ___SH () C:\Users\anzori\AppData\Roaming\lssass.exe C:\Users\anzori\AppData\Local\Temp\MerciJacquieMichel.vbe C:\Users\anzori\AppData\Roaming\lssass.exe C:\Users\anzori\AppData\Roaming\windir C:\Users\anzori\AppData\Local\Temp\pxldrpog.sys EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
i did it, i think its over! thank you very very!
how i can make thise fixlist.txt for my other pc?
how i can make thise fixlist.txt for my other pc?by attaching logs from that computer as you did with this one.... But dont start before essexboy say so, he is not finish with this one yet
i cant do it without ataching files here?
the fix made is based on the logs that comes from that specific computer … read the red txt in essexboys post
Is MCShield coming clean now ? Any other problems.
For another system I will need an FRST scan
yes i know it:) but maby i need some program for create fix file for another pc? i want to learn how create fix file ??? ???
yes its clean! thank you very very!!! im start fixing another pc tomoroww, today i dont have a time, thank you again!