Shortcut virus

Hi i print from a ciber from and usb and got a nasty virus when i use the usb back in my laptop, i have look it up and find similar virus and solutions in your forum. try to solve it using the steps from this thread “Shortcut virus - location: cmd (C:\Windows\System32) ???” but i cant run ADW i had installed alredy malwarebytes but it wouldnt load try gmer and farbar but they wouldnt lot either so i try to star a new thread but in the middle of it it gave me a BSOD then i was able to run on save mode but couldnt run ADW either so i ran malwarebyte and it gave me zero threads result got able to run FRST/FRST64 and i got the report

please help me out im on med school and dont got much spare time to be messing with windows 7 crap i miss xp so much :frowning:

Try MBAM in normal mode after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk ShortcutTarget: Windows Explorer.lnk -> C:\Users\kr3ith\AppData\Roaming\giiqm\tcpsys.exe (Microsoft Corporation) Startup: C:\Users\EMUVCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk ShortcutTarget: Windows Explorer.lnk -> C:\Users\kr3ith\AppData\Roaming\giiqm\tcpsys.exe (Microsoft Corporation) Startup: C:\Users\kr3ith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk ShortcutTarget: Windows Explorer.lnk -> C:\Users\kr3ith\AppData\Roaming\giiqm\tcpsys.exe (Microsoft Corporation) SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2014-10-13 23:58 - 2014-10-14 11:43 - 00000000 ___HD () C:\Users\kr3ith\AppData\Roaming\giiqm Task: {280D0E6A-76C9-4412-AE3F-D3B7FD69667B} - \94A46359-5537-4201-BEFD-1EC63DFD0943 No Task File <==== ATTENTION Task: {F9C10FC9-5C6B-4CD0-BF38-952B1FF3B09C} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1" EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

ok so i couldnt load it again so i went to safe mode and did what you ask me, i attach the file … on exrra note i notice i cant save stuff on paint anymore and upon my return to regular windows it deleted my browing history for chrome its that the virus?

Part of the FRST fix was to clear all temporary files.

Now that you are back in normal mode what problems are you experiencing ? Will MBAM now run

ok so i ran malwarebytes scan no threads, adwcleaner no threads, kapersky tdsskiller no threads and i guess its the one called fatbar or something like it the icon got rename to FRST64 run it and give me a log that i will attach

so i think that take care of the virus then, right?

can you direct me to the post where they give direcions to clear the usb i had the page save but now its gone i know is with MC shield but cant find the post

Any further problems after running MCShield ?

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG

Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post that

Well it seem this thing is hard to shake off
ok so i though i was ok i install mc shield and the usb didnt seem to have any sing of the shortcut virus thing i went on a couple of days didnt use the usb anyway at some point i put my cellphone memory card on my laptop and aparently it pick up the nasty virus as well it show the contents of the card but as shortcuts so i run the mc shield give me a log and deleted a file but then i check and the thing still there, so i was tired and i decided just use the XP laptop so i went and try putting some files on the usb (the spywere i use first on the windows 7 laptop to clean it) to use on my xp laptop … yep is there again … PLEASE HELP ME!!!
the only thing i could run on the XP lap was the SUPERAnti spywere free i dont remember if i use it on the windows 7 but i had it on the same folder of the ones i use ohh yeha and i was only able to install it on safe mode
again PLEASE HELP ME
I DONT WANT TO PUT THE MICRO SD ON THE PHONE IM AFRAID IT WILL FUCK IT UP TO

ill attach last log from mc shield

Could you run MCShield with the SD card in the system and show me the log please

Then run a fresh FRST scan

OK, Im not sure if how to do the mc shield scan it does it by itself i catn find the option to do it by command
hope it did show it on the results

OK could you download and run this programme please rafr.exe from http://support.kaspersky.co.uk/viruses/disinfection/6016#block1
Ensure that your sd cards and USB are scanned by this tool

done but i run it, and it initialized to 100% then gimme me a press any key option and nothing happends

ok i find the instruccions to do it manually i try following them but cant RESTORED the trashe folder, and all the rest of the folders still apear as shorcuts

Is that the recycle bin ?

yes i just realize that :stuck_out_tongue: :-\ anyhow i dont care about those file the folders i want to recover

Could you now tell me exactly what problems remain

well at this point i am back at square one, all my external memory are infected i dont know what to do

If I was you I would throw away the USB drives that are infected, bite the bullet and re-install windows

??? comon man i would, but im pretty much F’up all my school work is there and i got second partial coming on can you please help me out

god all mighty i have try everything autorunkiller auto run exterminator autorun eater
i even try de cmd but i cant deleted the goddemn thing i still get the .trash folder with the 782 folder and the dgpnq.js file and i cant deleted them please tell me theres is a way im tired

Right lets try a bigger hammer

Can you afford to lose the USB sticks ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now