When I open a USB on my computer it automatically makes shortcuts from the folder. I noticed some people had the same issue and the fix was by running some programs but then the logs were needed to generate a custom fix.
I already ran al the scans and the logs can be downloaded here:
http://www51.zippyshare.com/v/85951105/file.html
(Don’t know how to add files to a post sorry)
If anyone could help that would be great!
Thanks!
Monitoring…
Download attached fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
You guys are really fast. Really appreciate it!
I did exactly as you said and I have the fixlog but I do have to mention that I had a windows blue screen at startup. Pc rebooted again and everything seemed to be fine and fixlog was created.
It’s in attachement this time 
Re-run FRST and attach fresh report now…
Here you go
It is still there…
I need another check:
Download TDSSKiller and save it to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Confirm “End user Licence Agreement” and “KSN Statement” dialog box by clicking on Accept button.
[*]Under Additional options check the boxes next to:
- Verify Driver Digital Signature;
- Detect TDLFS file system
- Use KSN to scan objects
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
Done
Ok, let’s move on
Download attached fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Moving on
Good, now let’s clean USB
Check USB storage devices / removable drives
Download MCShield from one of the following links:
MyCity - Official download link
Softpedia - Mirror download link
[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that MCShield has created.
Start → All Programs → MCShield → Logs
Attach here → AllScans.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
Here you go
I also scanned the sd card of my phone where whiwh was also infected and now all my pictures, music and everything seems to be gone… any dea why or how I can get them back? :S
It says 11 GB is used. however, when is select all the files i see he says only 900Mb is selected… " show hidden folders" is on…
It is probably hidden by malware…
Open MCShield Control Center, and click on Scanner tab. Check Always unhide items on flash drives, and click OK.
Now rescan your USB drives again.
That fixed it. Thanks!
All right, only thing left is to remove used tools.
Keep using MCShield, it will protect you in the future against such viruses.
Please download DelFix by “Xplode” to your Desktop.
Run the tool and check the following boxes below;
[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
I don’t need DelFix log report.
Ok, so yesterday I did everything as you said and the virus seemed to be gone. I could insert any usb and there wouldn’t be any shortcuts. Today, after restarting my computer, I insert an empty memory card. MCShield scans it and doesn’t find an infection. I create a new folder and 2 seconds later a shortcut of this folder appears. Avast software starts to give a message that a thread has been found and blocked. The thing is that it keeps giving this message over and over again, like the files it blocks keep being recreated after they are blocked… I reinsert the memory stick and now MCShield also finds that the card is infected.
It now even creates shortcuts to random folders on my computer… For instance the target of one shortcut folder is
" C:\Windows\system32\cmd.exe /c start iTunesHelper.vbe&start explorer New" “folder” "(2)&exit "
It also keeps creating these trzxxx.INK files. The ones that avast keeps blocking I guess…
What do I do now?
(added an image of what the avast message keeps saying ( for action it says " moved to vault " ) for different files and the scanlog of MCShield)
Do not use USB until we check your PC.
Please download Anti-VBSVBE and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double click to run the tool and wait until it finishes.
[*]It will make a log named Anti-VBSVBE.txt. Please attach it to your reply.
=================================================
Re-run FRST and attach fresh report…
Here are the logs
PC is clean, no malware here…
Have you used another PC?