When I insert my USB into my laptop, Avast warns that a trojan is found and the system starts creating and multiplying hundreds of shortcuts beginning with ‘trz’ and some of them ending in .tmp.
I thought that my USB-stick was infected because I inserted it in my desktop computer, but I ran a scan over there and it indeed found infections in my usb stick, but I could remove most of them (going from 139 multiplied shortcuts to 25), but some of them are still present in the USB. But when I run a scan on my removable disk (the USB, everything is fine).
So I try the USB back on my laptop, and again: Avast starts warning for the trojan and again multiplied shortcuts trzXXX.tmp are increasing. So I really think the problem is on my laptop.
BUT When I run a scan on my laptop through Avast fast scan: nothing is found?? I found this weird and decided to also run Malwarebyte, and that program found 11 infected objects. I deleted them as required and restarted my pc.
What should I do now? Retry the USB? This is really not normal anymore.
I really hope you can help me because I really need my laptop since I’m writing my thesis
Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
:Commands
[CREATERESTOREPOINT]
:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2865317
IE - HKU\S-1-5-21-3361117193-384026249-2084028618-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2865317
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3361117193-384026249-2084028618-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - Startup: C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe ()
[2012-02-24 23:41:29 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\Babylon
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
[]download the appropriate version (32 bit or 64 bit) and double click the file to run it.
[]After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
[*]Post that report
Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run
At first sight, nothing seems to be wrong with my laptop. But that was the case too before all these tests. It’s when I insert the USB that my Avast keeps warning for a trojan horse and all these shortcuts are multiplied. Should I try the USB device again in my laptop, or first run OTL according to your latest instruction?
OK the vbe reg entry does not want to go… Time for the big boy
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
My pc is running normal, but that was the same before I noticed the infection on the USB.
So basically, if I hadn’t inserted my USB, I would never have noticed the virus in my computer since it didn’t do anything visible like really slowing my laptop or sth like that. What does the log say?