I collected some documents from my friend’s computer and my flash got corrupted with a virus. It turns the flash to a shortcut and shows 8gb available. It is connected to Kaspersky internet security or something. I have downloaded FRST and followed all the guidelines. would attach the fixlog now.
Attach your basic diagnostic logs.
Instructions: https://forum.avast.com/index.php?topic=194892
Thank you. Here are the diagnostic logs.
Since you have a fixlog somone must have made a fix for you, who did that, or did you just run a random fix found online?
I did not. I saw some instructions on a previous post and I followed it.
Bad idea, see excerpt from the instructions below.
The fixes are specific to your problem and should only be used for this issue on this machine.
Ohh wow. What can I do now?
You’ve to wait for one of the malware experts…
Fix is made by the malware expert, and based on the FRST logs comming from your machine, so a fix is made for your machine only, using fix you find online can destroy your machine
@Sass Drake will give you instructions when online, it may take hours
I assume that the FRST logs you have attached is from after you run the fix?
No, before
Then you need to attach fresh FRST logs so that @Sass Drake can see current staus when he arrive
- Open Notepad (click Start button → type notepad.exe → press Enter)
- Copy text from code block below and paste it into Notepad
VirusTotal: C:\Users\AJE TAIWO\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe;C:\Users\AJE TAIWO\AppData\Roaming\Kaspersky Internet Security 2017\spoolsvc.exe;C:\Users\AJE TAIWO\AppData\Roaming\dhelper.exe
HKU\S-1-5-21-1554402273-3413048909-868042803-1001\...\Winlogon: [Shell] explorer.exe, C:\Users\AJE TAIWO\AppData\Roaming\dhelper.exe <==== ATTENTION
Startup: C:\Users\AJE TAIWO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk [2018-09-23]
Startup: C:\Users\AJE TAIWO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorers.lnk [2019-01-29]
ShortcutTarget: explorers.lnk -> C:\Users\AJE TAIWO\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe ()
Startup: C:\Users\AJE TAIWO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsvc.lnk [2019-01-29]
ShortcutTarget: spoolsvc.lnk -> C:\Users\AJE TAIWO\AppData\Roaming\Kaspersky Internet Security 2017\spoolsvc.exe ()
Startup: C:\Users\AJE TAIWO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-07-16]
ShortcutTarget: Start.lnk -> C:\Users\AJE TAIWO\AppData\Roaming\blbpso\mmrjbdbqy64.exe (Microsoft Corporation)
Startup: C:\Users\AJE TAIWO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svhost.lnk [2019-01-29]
ShortcutTarget: svhost.lnk -> C:\Users\AJE TAIWO\AppData\Roaming\Kaspersky Internet Security 2017\svhost.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2017-09-13]
S2 0097231447339092mcinstcleanup; C:\Users\AJETAI~1\AppData\Local\Temp\009723~1.EXE -cleanup -nolog [X] <==== ATTENTION
C:\Users\AJE TAIWO\AppData\Roaming\Kaspersky Internet Security 2017
C:\Users\AJE TAIWO\AppData\Roaming\dhelper.exe
C:\Users\AJE TAIWO\AppData\Roaming\blbpso
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
- Go to File → Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
Thank you very much. I’ve attached the fixlog to this post.
What is system status now?
I think the issue has been resolved. I can’t find the virus again. Thank you for your time and help.
Rename FRST64.exe to uninstall.exe and run it. That should uninstall FRST.