I was using Panda antivirus and my computer became infected. I worked this out because each time I attached a USB memory stick it became full of shortcuts, Panda came alive warning about Trojans, and the files on the stick disappeared. To make sure it was the computer rather than the memory stick, I put in a virgin stick, and the same thing happened. I scanned my computer rigorously, but found nothing (with Panda nor with malewarebytes). I therefore downloaded Avast, and I received the message:
This program is blocked by group policy. For more information, contact your system administrator
I see that I am not the first person to receive this message, and I am therefore starting a new thread as recommended in one of the threads I’ve read.
Here are the first three reports: I’m just waiting for the virus definitions to load for aswMBR.exe before getting it to scan. I’ll send that one as soon as it’s done.
I’m attaching you the aswMBR.exe log before I try using your fix, TwinHeadedEagle, for which, thanks. I think this program also made a file - MBR.dat - which I’m not attaching this time.
My computer crashed while aswMBR.exe was going its first scan - blue screen with a message saying that Windows was terminating as my computer was in danger. This is the first time I can remember reading such a message on this computer.
The log you see attached is therefore the result of the second scan that aswMBR.exe did. Windows said that it made a crash log, but I don’t know where to find this - I haven’t searched.
I did as you instructed TwinHeadedEagle: FRST64.exe, FRST.txt and fixlist.txt are all in the same place - on my Desktop.
However, no fixlog.txt file was created on my computer. Instead however, FRST64.exe was re-saved (new time stamp) - and a new folder was created, FRST-OlderVersion with the original FRST64.exe file from this morning as its only content. I’ve tried to post the new file, but it’s too large for your system.
This time it worked, and attached, you should find the fixlog.txt file.
I was going to get aswMBR.exe to scan again, as I think it froze the last time: it continued scanning after I’d sent you a log.
I’ll await your instructions, in any case.
Yes, TwinHeadedEagle, I have been able to install Avast - and have done so and switched off Panda.
However, I still have a problem with my external hard drive, which shortly after being attached (via USB) becomes inaccessible. Initially it appears as normal and I usually open Windows Explorer to find a file in it - all fine, until a moment when the drive suddenly becomes inaccessible. It’s still there (although it’s now just called ‘Local Drive’) but when I click on it, a window appears saying that it is inaccessible.
I tried scanning it with Avast as soon as it appeared in Windows Explorer, which certainly delayed the moment of inaccessibility, but did not prevent it happening a little later. Avast found nothing; nor has it found anything on my computer.
[*]Double click on MCShield-Setup to install the application. Next => I Agree => Next => Install … per installation click on Run! button.
[]Wait a few seconds to MCShield finish initial HDD scan…
[]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
[*]When all scanning is done, you need to post a logreport that MCShield has created.
Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.
=> Post here AllScanst.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
Dear Pondus and TwinHeadedEagle,
Many thanks for copying and pasting my MCShield log, Pondus.
Unfortunately, while my external hard drive worked fine for a bit, it then stopped and started exhibiting its previous behaviour – becoming inaccessible and losing its name.
Am I correct in deducing that the Trojan (if that is what has infected my computer) is still present, but is being disabled by MCShield – at least, for some of the time?
I’ve looked at the log file (MCShield-AllScans.txt) but there is no change from the one I sent you yesterday.
Dear TwinHeadedEagle,
Thanks for Friday’s suggestion.
Up to then, I had not connected my external hard drive to another computer. After your suggestion that the external hard drive had ‘malfunctioned’ (I guess you meant hardware-wise – it’s definitely been malfunctioning software-wise), yesterday, I tried connecting it to another computer.
This computer was I believed, well protected; furthermore, I only copied files from a memory card (from a camera) to my external hard drive, in an attempt to reduce the scope for infection.
My external hard drive did not exhibit the same behaviour that it does with my computer. It remained active and accessible throughout the time it was connected (more than an hour). I did however, notice a dreaded shortcut appearing in a newly created folder on the external hard drive, so I guess that it too, is infected with this malware.
It seems clear that Avast and MCShield are not effectively blocking the action of the malware on my computer and external hard drive. Please let me know if you have any ideas on what I should do next.