Hi, all the files and folders on my external hard drive are now shortcuts and/or exe files on my computer.
Any USB I now attached to my computer, is immediately affected by this virus.
I have followed the steps mentioned in this thread: https://forum.avast.com/index.php?topic=138715.0
And now I have attached the requested log files.

Please guide me through the further steps, thank you

Could you let me know how the computer is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\...\Run: [iso] => wscript.exe //B "C:\Users\Abubakr\AppData\Roaming\iso.vbs" HKLM-x32\...\Run: [Runonce] => C:\Windows\system32\runouce.exe HKLM-x32\...\Run: [iso] => wscript.exe //B "C:\Users\Abubakr\AppData\Roaming\iso.vbs" HKU\S-1-5-21-3110880424-3378728305-2093835628-1000\...\Run: [iso] => wscript.exe //B "C:\Users\Abubakr\AppData\Roaming\iso.vbs" Startup: C:\Users\Abubakr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VersionCheck.lnk ShortcutTarget: VersionCheck.lnk -> C:\Users\Abubakr\AppData\Roaming\FAH\VersionCheck.exe () BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File FF Extension: No Name - C:\Users\Abubakr\AppData\Roaming\Mozilla\Firefox\Profiles\105oremi.default\extensions\addon@Vonteera.com [Not Found] FF Extension: No Name - C:\Users\Abubakr\AppData\Roaming\Mozilla\Firefox\Profiles\105oremi.default\extensions\ocr@babylon.com.xpi [Not Found] FF Extension: No Name - C:\Users\Abubakr\AppData\Roaming\Mozilla\Firefox\Profiles\105oremi.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [Not Found] FF Extension: No Name - C:\Users\Abubakr\AppData\Roaming\Mozilla\Firefox\Profiles\105oremi.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [Not Found] FF Extension: No Name - C:\Program Files (x86)\LyricsSpeaker\122.xpi [Not Found] CHR StartupUrls: Default -> "hxxp://www.sweetpacks-search.com/?barid=&src=10&&st=23&did=10963&UPN2=92262073696752457" CHR DefaultSearchKeyword: Default -> sweetpacks-search.com CHR DefaultSearchURL: Default -> http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23&did=10963&UPN2=92262073696752457 CHR Extension: (Vonteera Safe ads) - C:\Users\Abubakr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfhbklndhffnahdploecdffbedhgjnce [2013-06-16] CHR HKLM-x32\...\Chrome\Extension: [figdphohhlffelolcabcjpikobidapnk] - C:\Users\Abubakr\AppData\Local\Temp\figdphohhlffelolcabcjpikobidapnk.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [kmgeophbbmfgkjghdgfgelpipdoclljo] - C:\Program Files (x86)\LyricsSpeaker\122.crx [Not Found] 2015-01-17 22:35 - 2015-01-17 22:35 - 00380416 _____ () C:\Users\Abubakr\Downloads\8ipsto98.exe 2014-12-19 18:04 - 2014-12-19 18:04 - 02577408 _____ () C:\Users\Abubakr\AppData\Roaming\aswafergwetrga.exe 2014-12-19 18:04 - 2014-12-19 18:04 - 00000000 ____D () C:\Users\Abubakr\AppData\Roaming\dvfiffgowucpu 2015-01-17 17:47 - 2014-12-16 18:49 - 00000000 ____D () C:\Users\Abubakr\AppData\Roaming\dvigowucpu C:\Users\Abubakr\AppData\Roaming\iso.vbs C:\ProgramData\hash.dat Hosts: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG

Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post that

Great!
So along with the external drive, a thumb drive and a smart phone were also infected with the same virus.
I also scanned them with MCSheild, and the the log for All the scans are attached, along with the fixlog.txt and the ADW Cleaner log.
When I opened the Hard Drive after the scan, the folders are still listed as “applications”.

Could I have a fresh FRST scan please

Also could you resave the MCShield log as ANSI

The fresh FRST file is attached.
MC Sheild isnt detecting the malware anymore, but the folders still exists as .exe files

@essexboy … MCShield log copy and paste with android

MCShield AllScans.txt <<<

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.1.10.1 / Windows 7 <<<

18/01/2015 09:35:16 PM > Drive C: - scan started (OS ~283 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.1.10.1 / Windows 7 <<<

18/01/2015 09:36:00 PM > Drive E: - scan started (Transcend ~466 GB, NTFS HDD )…

E:\autorun.inf > Suspicious > Renamed. (MD5: d41d8cd98f00b204e9800998ecf8427e)

=> Suspicious files : 1/1 renamed.

::::: Scan duration: 1sec ::::::::::::::::::

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.1.10.1 / Windows 7 <<<

18/01/2015 09:38:21 PM > Drive E: - scan started (TSB USB DRV ~14759 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.1.10.1 / Windows 7 <<<

18/01/2015 09:40:15 PM > Drive F: - scan started (no label ~3773 MB, FAT32 flash drive )…

F:\Android\data.exe - Malware > Deleted. (15.01.18. 21.40 data.exe.536267; MD5: cc8df9e564091ec9a92077714f8aa8af)

F:\DCIM.thumbnails.exe - Malware > Deleted. (15.01.18. 21.40 .thumbnails.exe.63194; MD5: cc8df9e564091ec9a92077714f8aa8af)

F:\mtklog\mobilelog.exe - Malware > Deleted. (15.01.18. 21.40 mobilelog.exe.170827; MD5: cc8df9e564091ec9a92077714f8aa8af)

F:\backup\Data.exe - Malware > Deleted. (15.01.18. 21.40 Data.exe.441403; MD5: cc8df9e564091ec9a92077714f8aa8af)

F:\¡Uno!\¡UNO!.exe - Malware > Deleted. (15.01.18. 21.40 ¡UNO!.exe.343193; MD5: cc8df9e564091ec9a92077714f8aa8af)

F:\Greenday American Idiot][Mp3][320kbs][Hectorbusinspector]\Tracks.exe - Malware > Deleted. (15.01.18. 21.40 Tracks.exe.509863; MD5: cc8df9e564091ec9a92077714f8aa8af)

F:\Night Visions\Imagine Dragons - Night Visions (Deluxe Edition) [2013-Album] CD-Rip Mp3 NimitMak SilverRG.exe - Malware > Deleted. (15.01.18. 21.40 Imagine Dragons - Night Visions (Deluxe Edition) [2013-Album] CD-Rip Mp3 NimitMak SilverRG.exe.386683; MD5: cc8df9e564091ec9a92077714f8aa8af)

=> Malicious files : 7/7 deleted.

::::: Scan duration: 27sec :::::::::::::::::

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

I am sorry, I forgot to be more specific: There is no longer an issue with the C: drive on my computer, but the problem persists on my External USB HDD. (“Transcend” Drive E:). All the files and folders still appear as .exe files.
Attached is the Combofix.txt file and also a Screenshot of the message that MC Shield displays whenever I connect my external HDD.

Ah OK I see the problem now. Run chkdsk on the external drive and that should clear the problem

Yes, but how do I do that? :o

1 • Double-click the “My Computer” icon located on your desktop to open its folder. You will see your “C” drive and an icon representing your external drive.

2 • Right-click the external drive and select “Properties.” The “Properties” window will open.

3 • Click “Tools” and click “Check Now.”

4 • Click “Continue” if you are using Vista and a “User Account Control” box appears. The “Check Disk” window will open and display options.

5 • Check the check box next to “Automatically fix file system errors” if you want Windows to perform that task.

6 • Check the check box next to “Scan for and attempt recover of bad sectors” if you want Windows to perform that task.

7 • Click “Start.” Windows will check the external hard drive for errors. When it finishes, Windows will display the status of the check in the “Check Disk” window. Click “Close” to close the window

Read more : http://www.ehow.com/how_6795432_run-chkdsk-external-hard-drive.html