usb files turn into shortcuts

hi, i have a problem with my usb pen, when it’s inserted all the files contained turn into shortcuts and if i click on them they run from another folder.
can somebody help me?

follow guide here http://forum.avast.com/index.php?topic=53253.0

attach (not copy and paste) Malwarebytes and OTL logs

malware experts are notified, and will have you run some additional programs. follow his instructions and he will fix this

Hi first I would like you to run MCShield prior to the other scans

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG

Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

here are all the mcshield scans

OK lets now get the rest

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[]Select LOP and Purity
[
]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir “%systemdrive%*” /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

the last scans with OTL

Have all files returned to normal now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2011/12/16 17:44:48 | 000,156,160 | ---- | M] (ServiceUpd) [Auto | Stopped] -- C:\Users\richi\AppData\Local\ServUpdater\ServiceUpd.exe -- (ServUpdater)
[2012/11/23 10:17:37 | 000,213,316 | ---- | M] () (No name found) -- C:\Users\richi\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2082323928-2309200667-2487065076-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2082323928-2309200667-2487065076-1000\..\Toolbar\WebBrowser: (no name) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - No CLSID value found.
O4 - HKU\S-1-5-21-2082323928-2309200667-2487065076-1000..\Run: [ulbloqmeed] wscript.exe //B "C:\Users\richi\AppData\Local\Temp\ulbloqmeed.vbs" File not found
@Alternate Data Stream - 1163 bytes -> C:\Users\richi\AppData\Local\3Jq53uif18ZPin:KOQnsOllW6Wy959s9odiY08
@Alternate Data Stream - 1118 bytes -> C:\Users\richi\AppData\Local\Temp:BktKPNKImOzSL3jkHqbQ
@Alternate Data Stream - 1076 bytes -> C:\Users\richi\AppData\Local\Temp:WqLPzYbO2HQEwL4yXHgrrLpC

:Files
C:\Users\richi\AppData\Local\ServUpdater

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

the files are still shortcuts even after the mcshield scans and it says the source of the files is “cmd (C:\Windows\system32)”

last otl scan

Lets give this new programme a whirl

Download Anti VBS/VBE to your desktop

[]download the appropriate version (32 bit or 64 bit) and double click the file to run it.
[
]After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
[*]Post that report

Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run

vbs log

Have the shortcuts reverted ? If not run MCShield on the USB again

yess now the problem seem to be solved, thanks a lot for your time!!! :slight_smile:

In that case methinks I will send you on your merry way :slight_smile:

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave: