Unknown Virus (Secured By Kaspersky Internet Security)

Hey there

I think my laptop was infected by some kind of viruses (same issue with wan ahmad). When I inserted a flash drive, all of my files are gone, there will be 2 files appeared which is REMOVABLE DISK 7GB(Secured By Kaspersky Internet Security 2017).bat and readme.txt. when i click on the file REMOVABLE DISK 7GB(Secured By Kaspersky Internet Security 2017).bat ,a folder will appeared, named System Volume Information and it contained all of my files. Then, i put another drive and the same thing happens. I had formatted my drive but the files still appeared. I had also tried to scan my laptop, but it does not detect anything. What should i do? I really need your help. Thank you.

Attach your basic diagnostic logs. (MBAM, FRST and MCShield)
Instructions: https://forum.avast.com/index.php?topic=194892

Here are the logs
But i still have another drive which may affected my laptop but it is not with me right now, i should have it on friday i guess. So, what should i do?

  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
VirusTotal: C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe;C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\spoolsvc.exe
Startup: C:\Users\Asus A555L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorers.lnk [2017-11-30]
ShortcutTarget: explorers.lnk -> C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe ()
Startup: C:\Users\Asus A555L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsvc.lnk [2017-11-30]
ShortcutTarget: spoolsvc.lnk -> C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\spoolsvc.exe ()
Startup: C:\Users\Asus A555L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svhost.lnk [2017-12-06]
ShortcutTarget: svhost.lnk -> C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\svhost.exe (No File)
CHR HKU\S-1-5-21-4193916560-1828382214-1993866547-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Bing) - C:\Users\Asus A555L\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-11-29]
C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017
EmptyTemp:
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Here it is

One more thing, how about my other thumb drive which is not with me right now, i may have it on friday perhaps. I guess that drive was the main reason how my laptop got affected. What should i do with it when i have it this friday?

Scan it with MCShield. :wink:

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

I had done ran it. Is there anything else i need to do?

Nope. :slight_smile:

Ok then, thank you so much ;D ;D

hey there,

i have the same issues with my USB flash drive. kindly help me get rid of the Unknown Virus (Secured by Kaspersky Internet security 2017).

Thank You.

Open new topic and attach FRST logs from your system.