Please help me remove this virus from my laptop. I got it from a friend and have not infected any of my peripherals.

I don’t know much about computerspeak, please make it simple.

Hello, I shall assist you with removal. First I need to see some logs.

Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How do I find the logs? sorry…

And why didn’t avast find and block this when the drive was inserted?

no security program have 100% detection …

as said by magna86

“It will make a log (FRST.txt) in the same directory the tool is run.”

here you go, sorry it took me so long I am pretty nervous about this process

Hi,

This script shall fix your problem:

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start CMD: taskkill /F /IM wscript.exe Hosts: HKU\S-1-5-21-1936823630-3645997129-2849748433-1001\...\Run: [camfrog serial pro] => wscript.exe //B "C:\Users\Malana Ganz\camfrog serial pro.vbe" AlternateDataStreams: C:\Windows:nlsPreferences HKU\S-1-5-21-1936823630-3645997129-2849748433-1001\...\MountPoints2: {537cb406-0219-11e4-bebc-606c669ecd60} - "F:\AutoRun.exe" Startup: C:\Users\Malana Ganz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\camfrog serial pro.vbe () SearchScopes: HKCU - DefaultScope {23933CF2-0FD2-4859-8459-71C13DFC15C2} URL = SearchScopes: HKCU - {23933CF2-0FD2-4859-8459-71C13DFC15C2} URL = Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Reboot: C:\Users\Malana Ganz\camfrog serial pro.vbe C:\Users\Malana Ganz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\camfrog serial pro.vbe C:\ProgramData\Lenovo-31587.vbs CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

.

Please download MCShield from one of the following links:

MCShield -Official download link

[*]Double click on MCShield-Setup to install the application.
Next => I Agree => Next => Install … per installation click on Run! button.
[]Wait a few seconds to MCShield finish initial HDD scan…
[]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
[*]When all scanning is done, you need to post a logreport that MCShield has created.

Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.

=> Post here AllScanst.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

I am so sorry. I saved the fixlist as noted, in notepad and on the desktop but when I ran the tool it said the fixlist is not in the same location. I will need more detailed information about saving “in the same location.” I am not computer illiterate but this is beyond me. Please be patient and very detailed in your information. Your help is greatly appreciated.

I saved the fixlist as noted, in notepad and on the [b]desktop[/b]

I tried having both documents open on the desktop, still “not found”
I tried copying the text from the fixlist into the frst doc, “not found”

Please explain IN DETAIL what you mean by “in the same location”

Alrighty…I realized I hadn’t saved the recovery tool to the desktop…my bad…found it in downloads and put the fixlist there and it worked.
I have downloaded McSheild. The only item that has been plugged in since infection is my USB printer, which I will scan and add the report.

thanks for your patience.

from McSheild

MCShield Summary.txt <<<

7/19/2014 3:09:08 PM => Drive C: (Windows8_OS, ~651 GB, NTFS) was scanned.

7/19/2014 3:09:09 PM => Drive D: (LENOVO, ~25 GB, NTFS) was scanned.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2014.7.16.1 / Windows 8.1 <<<

7/19/2014 3:09:08 PM > Drive C: - scan started (Windows8_OS ~651 GB, NTFS HDD )…

=> The drive is clean.

7/19/2014 3:09:08 PM > Drive D: - scan started (LENOVO ~25 GB, NTFS HDD )…

=> The drive is clean.

It doesn’t show that the printer was scanned. Is that a problem?
Also I got a message from Windows Script Host, cannot find script file C:\Program Data\Lenovo - 31587.vbs

Might want to let your friend know and pass on McShield.

It doesn't show that the printer was scanned. Is that a problem?

Do I need to be concerned about the printer? Or does it not have any memory to corrupt?

Make and model?

We can look that up for you.

It doesn't show that the printer was scanned. Is that a problem? Also I got a message from Windows Script Host, cannot find script file C:\Program Data\Lenovo - 31587.vbs

Printer is not memory device nor it can be infected. Open task manager and kill any ‘wscript.exe’ you find there. Then reboot the mashine and the aleart should be gone. If still occours, post me the fresh FRST logfile.

Dear friend,
You have been so helpful. And how do I find the task manager on 8.1? And how do I “kill” that script?

I am learning so much!

Thank you again.

…just post the fresh FRST logs. ;D

here you go, thanks,

appreciate the help

M