usb short cut virus.... location cmd ????

ive been to radio, and recorded my show, which I then drag and dropped onto usb stick… I got home to find that all my reorded sets on there (about 20) are now just shortcuts and the location is in cmd but I cant find them??? I then plugged in my roland Ro5 mp3 recorder which has a memory card in it, that too is now just full of shortcuts and no actual mp3’s… could someone plzzzz help, as ive also got a external hard drive that has lots of video’s and pic of my boy Mackenzie who passed away with cancer back in 2012… so I really don’t want to plug that in until this is fixed as I don’t know what I will do if I lose all of that too… can someone plzzz help : (

Hi first of we will stop all the shortcuts and then we will see if there is any malware on the main computer

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG

Plug in the drive(s) that are affected and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

iam doing that now the first log said my pc’s clean >>

MCShield AllScans.txt <<<


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.3.26 / DB: 2014.1.25.2 / Windows 7 <<<

1/25/2014 5:36:14 PM > Drive C: - scan started (OS ~119 GB, NTFS HDD )…

=> The drive is clean.

1/25/2014 5:36:15 PM > Drive D: - scan started (DATA ~154 GB, NTFS HDD )…

=> The drive is clean.

now ive plugged in my usb and its scanning… I cant actually see it scanning though, is this right??

this is the scan for the usb I deleted all threats>>>

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.3.26 / DB: 2014.1.25.2 / Windows 7 <<<

1/25/2014 5:40:45 PM > Drive H: - scan started (no label ~3817 MB, FAT32 flash drive )…

H:\autorun.inf > Legitimate file.

—> Executing generic S&D routine… Searching for files hidden by malware…

—> Items to process: 26

—> H:\autorun.inf > unhidden.

—> H:\RunClubSanDisk.exe > unhidden.

—> H:\RunSanDiskSecureAccess_Win.exe > unhidden.

—> H:\rec1204-193836.mp3 > unhidden.

—> H:\rec1211-191945.mp3 > unhidden.

—> H:\rec1218-191637.mp3 > unhidden.

—> H:\rec0101-191224.mp3 > unhidden.

—> H:\1.TTB33-MR.ALF-E-SHOCK WAVES-TEN TON BEATS.mp3 > unhidden.

—> H:\2.TTB33-MR.ALF.E-ESSEX MURDERS-TEN TON BEATS.mp3 > unhidden.

—> H:\PROPO026AA-Taxman-Sleeze.mp3 > unhidden.

—> H:\rec0108-191540.mp3 > unhidden.

—> H:\Jaycee b2b Uniques Christmas Day www.roughtempolive.com.mp3 > unhidden.

—> H:\VirtualDJ Local Database v6.xml > unhidden.

—> H:\syncguid.dat > unhidden.

—> H:\Caspa_Keith_Flint_-_War_Hazard_Remix.mp3 > unhidden.

—> H:\Dialogue-Smart-Ideas.mp3 > unhidden.

—> H:\lynx_midnight_funk.mp3 > unhidden.

—> H:\Macky_Gee_-_Grot_Bot.mp3 > unhidden.

—> H:\KONICHI_-_APPLAUDED.mp3 > unhidden.

—> H:\KONICHI_-_THRILLSEEKERS_V2_DUB.mp3 > unhidden.

—> H:\Konichi_CYN_relick_V2_-_S.mp3 > unhidden.

—> H:\konichi_wall_face.mp3 > unhidden.

—> H:\Ed_Solo_-_Sleeping_Giant_Annix_Profile_remix.mp3 > unhidden.

—> H:\Taxman_-_Mega_Death.mp3 > unhidden.

—> H:\The_Verdict_VIP_FREE_Heist_320.mp3 > unhidden.

—> H:\friday 13th september 2013, Starting Point by Jaycee.wav > unhidden.

—> H:\saxxon gigante roughtempolive.mp3 > unhidden.

H:\RunClubSanDisk.lnk - Malware > Deleted. (14.01.25. 17.52 RunClubSanDisk.lnk.716961; MD5: 7eb8f4d83d0ecff2c41c60aca740c890)

H:\RunSanDiskSecureAccess_Win.lnk - Malware > Deleted. (14.01.25. 17.52 RunSanDiskSecureAccess_Win.lnk.240013; MD5: 24dc14947212dc0ee8dfedd718e93ff4)

H:\rec1204-193836.lnk - Malware > Deleted. (14.01.25. 17.52 rec1204-193836.lnk.40258; MD5: 3e492ce10bca91d16b1917258583e43d)

H:\rec1211-191945.lnk - Malware > Deleted. (14.01.25. 17.52 rec1211-191945.lnk.522885; MD5: a9d2c4dd851917dd2360bac02f85aa52)

H:\rec1218-191637.lnk - Malware > Deleted. (14.01.25. 17.52 rec1218-191637.lnk.160758; MD5: f56900ad32fa986d90f2283dbb3702c0)

H:\rec0101-191224.lnk - Malware > Deleted. (14.01.25. 17.52 rec0101-191224.lnk.531958; MD5: c5645e2cca8c1980d463556180d254bb)

H:\1.lnk - Malware > Deleted. (14.01.25. 17.52 1.lnk.723292; MD5: f855f9979634b74d0c68bc021d331be4)

H:\2.lnk - Malware > Deleted. (14.01.25. 17.52 2.lnk.115002; MD5: 0214cd057173ce2d8a8d6f00913e0f86)

H:\PROPO026AA-Taxman-Sleeze.lnk - Malware > Deleted. (14.01.25. 17.52 PROPO026AA-Taxman-Sleeze.lnk.470633; MD5: 40cb504ef9a9ed153ac82ebf9f346d16)

H:\rec0108-191540.lnk - Malware > Deleted. (14.01.25. 17.52 rec0108-191540.lnk.811134; MD5: f8c2a3600722a56916ab2b3af0e0c4f1)

H:\Jaycee b2b Uniques Christmas Day www.lnk - Malware > Deleted. (14.01.25. 17.52 Jaycee b2b Uniques Christmas Day www.lnk.432041; MD5: 4dfb28d0447ca3d05b28e10e3829efcb)

H:\VirtualDJ Local Database v6.lnk - Malware > Deleted. (14.01.25. 17.52 VirtualDJ Local Database v6.lnk.63660; MD5: 09ff2f09c9046a4dc55533e37248f8a5)

H:\syncguid.lnk - Malware > Deleted. (14.01.25. 17.52 syncguid.lnk.562265; MD5: e0dd6ee9209a060a229a36d0b87735c0)

H:\Caspa_Keith_Flint_-War_Hazard_Remix.lnk - Malware > Deleted. (14.01.25. 17.52 Caspa_Keith_Flint-_War_Hazard_Remix.lnk.978728; MD5: 5da1d2a4965a2f69802ef8440b6a6661)

H:\Dialogue-Smart-Ideas.lnk - Malware > Deleted. (14.01.25. 17.52 Dialogue-Smart-Ideas.lnk.336198; MD5: 8861ebf448d0bacb73980e1fd715a211)

H:\lynx_midnight_funk.lnk - Malware > Deleted. (14.01.25. 17.52 lynx_midnight_funk.lnk.37087; MD5: 6072f488978d69094b9a5808dc1b4775)

H:\Macky_Gee_-Grot_Bot.lnk - Malware > Deleted. (14.01.25. 17.52 Macky_Gee-_Grot_Bot.lnk.275300; MD5: 3dbfded238c8366becb4684897115e3d)

H:\KONICHI_-APPLAUDED.lnk - Malware > Deleted. (14.01.25. 17.52 KONICHI-_APPLAUDED.lnk.571984; MD5: 74f0582c28f7ea318c41610a7cf2307e)

H:\KONICHI_-THRILLSEEKERS_V2_DUB.lnk - Malware > Deleted. (14.01.25. 17.52 KONICHI-_THRILLSEEKERS_V2_DUB.lnk.895647; MD5: 21f6b9fcbfc0afe3cc051ff4d9e83d7c)

H:\Konichi_CYN_relick_V2_-S.lnk - Malware > Deleted. (14.01.25. 17.52 Konichi_CYN_relick_V2-_S.lnk.155553; MD5: 3d0c23b9ae3ccb66a08b61304003cf9c)

H:\konichi_wall_face.lnk - Malware > Deleted. (14.01.25. 17.52 konichi_wall_face.lnk.656460; MD5: 7577ab631abd51d149b7be34ffcf755c)

H:\Ed_Solo_-Sleeping_Giant_Annix_Profile_remix.lnk - Malware > Deleted. (14.01.25. 17.53 Ed_Solo-_Sleeping_Giant_Annix_Profile_remix.lnk.687430; MD5: 4c7dbc6cf8cf0575a77f87351824a1f2)

H:\Taxman_-Mega_Death.lnk - Malware > Deleted. (14.01.25. 17.53 Taxman-_Mega_Death.lnk.963035; MD5: 771c108d0c039f718fdfce0e74e36303)

H:\The_Verdict_VIP_FREE_Heist_320.lnk - Malware > Deleted. (14.01.25. 17.53 The_Verdict_VIP_FREE_Heist_320.lnk.769842; MD5: 84eedba4f2d7c4f938c79b6b5d51ceeb)

H:\friday 13th september 2013, Starting Point by Jaycee.lnk - Malware > Deleted. (14.01.25. 17.53 friday 13th september 2013, Starting Point by Jaycee.lnk.343166; MD5: 83a921b5beaf345b382ed91dbfedce80)

H:\saxxon gigante roughtempolive.lnk - Malware > Deleted. (14.01.25. 17.53 saxxon gigante roughtempolive.lnk.389444; MD5: 3f6945fbcf4f4c95709d6094cdf83a1d)

H:\Complaint_CaseID6439.vbe - Malware > Deleted. (14.01.25. 17.53 Complaint_CaseID6439.vbe.726579; MD5: e202c6afe939622d7efc0b35f0439c58)

H:\club_application.lnk - Malware > Deleted. (14.01.25. 17.53 club_application.lnk.133066; MD5: 0c2023fdf4625e019007069afd7e9e57)

H:\SanDiskSecureAccess.lnk - Malware > Deleted. (14.01.25. 17.53 SanDiskSecureAccess.lnk.803039; MD5: 9b4e10ad0fd4652d2bc8a9a3a5d67ee6)

H:\PIONEER.lnk - Malware > Deleted. (14.01.25. 17.53 PIONEER.lnk.42388; MD5: c1219f25292ff7776b520f73320b80ae)

H:\MUSIC.lnk - Malware > Deleted. (14.01.25. 17.53 MUSIC.lnk.675276; MD5: 08e827ddbae27183791966725a306024)

H:\rt.lnk - Malware > Deleted. (14.01.25. 17.53 rt.lnk.549517; MD5: 2421991a300a7a8e9b7d617e4fcae50a)

H:\jay.lnk - Malware > Deleted. (14.01.25. 17.53 jay.lnk.612280; MD5: d55a40d730129673717c71d4ba78c880)

H:\1.lnk - Suspicious > Renamed. (MD5: 84f1842f470c376d86eaa7fe04298d88)

H:\2.lnk - Suspicious > Renamed. (MD5: 35223f3810ca0a03693c01f933be6355)

Resetting attributes: H:\club_application < Successful.

Resetting attributes: H:\SanDiskSecureAccess < Successful.

Resetting attributes: H:\PIONEER < Successful.

Resetting attributes: H:\MUSIC < Successful.

Resetting attributes: H:\rt < Successful.

Resetting attributes: H:\jay < Successful.

=> Malicious files : 33/33 deleted.
=> Suspicious files : 2/2 renamed.
=> Hidden folders : 6/6 unhidden.
=> Hidden files : 27/27 unhidden.


::::: Scan duration: (Interactive mode) ::::


I ran a anti malware last night called malwarebytes which found 400+ objects which I removed ive got the log on my laptop but its over 10000 letter so wont let me post

does this mean my laptop s now clean and the usb??

I just unplugged the usb and put it back in and its still just got shortcuts to my sets on there… and the mcshield is scanning it again saying it infected

OK lets look at the main system now

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[]Select LOP and Purity
[
]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir “%systemdrive%*” /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

its too big it says I can only attach 504mb and its 928mb

kb not mb lol

Can you upload the file at wikisend.com and post a link here?

thanks, its>>>

http://wikisend.com/download/992990/OTL.Txt

I cant see the extras.txt one???

Hmm that looks a mess, did you have word wrap selected on your note pad ?

Lets use a smaller programme initially

Did Mcshield manage to clean the USB properly this time ?

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please copy and paste log back here.
[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

word wrap was not selected… and the usb is still full of shortcuts…

frst>>>

addition>>

OK found it

Download the attached fixlist.txt to the same location as FRST
Run FRST and press FIX
On completion a log will open please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

wheres the attached fixlist??

found it