Windows 8.1 PC Infected with Shortcut Virus

Hello all,

I have a desktop which is running on Windows 8.1. Recently my desktop has been infected by shortcut virus (my guess) because whenever I insert a pen drive it infected with some shortcuts. Not only that but also when I click on a folder a shortcut of that folder generates inside the clicked folder.

I need to know how to clean this mess.

Please need help as soon as possible.

I have attached the FRST.txt file here.

hey plaese go to this guide and also attach the logs from malwarebytes. i think there should be a addiotional log from the first scan can you attach that to please.

https://forum.avast.com/index.php?topic=53253.0

MBAM will not target the VBS file. However, do attach the Addition.txt file please.
You also have MCShield. Attach the allscans.txt file please.

Ok necessary files have been attached.

Hi tareq.mhd, :slight_smile:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer’s time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
    • Please do not install any new software while we are working on this system as it may hinder our process.
    • Malware removal is a complicated process so don’t stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
    • Please do not try to fix anything without being ask.
    • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
    • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
    • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
    • If you are confused about any instruction, stop and ask. Do not keep on going.
    • Do not repeat the steps if you face any problems.
    • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
    • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
    • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Where are you from?
  • Step #1 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    [li]Open Notepad.exe. Do not use any other text editor software;
    - Copy and Paste the contents inside the code-box to your Notepad
    [/li]
Start
Closeprocesses:
Emptytemp:
Folder: C:\Google
C:\Google
HKU\S-1-5-21-304195867-3514970815-1895132206-1001\...\Run: [AntiWormUpdate] => C:\Google\AutoIt3.exe [750320 2012-01-29] (AutoIt Team)
HKU\S-1-5-21-304195867-3514970815-1895132206-1001\...\Run: [AntiUsbWorm] => C:\Windows\system32\cmd.exe /c start C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x  & exit
HKU\S-1-5-21-304195867-3514970815-1895132206-1001\...\MountPoints2: {849dad5d-08b5-11e4-834f-0026186ecdc4} - "G:\setup.exe" 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=1AEE00FFD07FEA2B&affID=122304&tt=180613_ndt1&tsp=4920
End
  •   [li]Click on [b]File[/b] > [b]Save as...[/b]
    

[list]
[li]Inside the File Name box type fixlist.txt
- From the Save as type drop down list, choose All Files
[/li]
- Save the file to your Desktop;
- Re-run FRST.exe and click Fix;

		[li][b]Note[/b]: If FRST advises there is a new updated version to be downloaded, do so/allow this.
	[/li]
	- After the completion, a log will be produced;
	- Attach the log in your next reply.
[/list][/li]

  • Required Log(s):

      [li]FRST Fix Log
    

    [/li]
    Regards,
    Valinorum

Thank you Valinorum.

I am from Bangladesh.

Now fixlog.txt file is attached.

Is your version of Windows genuine?

Yes, my windows 8.1 is genuine.

Hi,

  • Step #2 Scan with CKScanner

      [li]Download [b]CKScanner by [i]askey127[/i][/b] to your [i]Desktop[/i] from the link below.
    

Download Link
- Right-click on the program and choose Run as administrator;
- Click Search for files;
- After the scan is finished choose Save List to File;
- You will get a notification that the file has been saved;
- Attach the CKFiles.txt on your Desktop in your next reply.
[/li]


  • Required Log(s):

      [li]CKScanner Log
    

    [/li]
    Regards,
    Valinorum

My windows 8.1 is genuine but not the Office 2013.

ckfiles.txt is attached

Are you sure?
What about the following –

[]Internet Download Manager
[
]MATLAB R2013a

Cracked software lists:

Office 2013 (using kmspico)
IDM
MATLAB
CST STUDIO 2013

Genuine: Windows 8.1

Others are freeware program.

I do not condone piracy. Remove the pirated software. Re-run FRST and check all the boxes prior clicking Scan and attach the logs. Further assistance has been stalled until the issue is rectified.

Well, I can remove office 2013, IDM (I have alternatives like libre office and FDM/Orbit) but I need to use MATLAB, CST in my projects; or can you show me some freeware alternatives of CST MWS and MATLAB ?

I hope you will understand my situations. Thanks for your help and advices.

Office 2013 Replacement: https://www.openoffice.org/
IDM Replacement: http://www.orbitdownloader.com/
MATLAB: http://alternativeto.net/software/matlab/

Stuff I’ve done in the Past, and Valinorum may disapprove of this idea, but I will put it out there. Google License Keys. For example, my Visual Studio’s 2010 Express, is using a public License Key put out there by someone.

If not, Google is your best friend, don’t abuse it though.

I am against the piracy, I do use libre-office instead of MS Office long since. Even I am fan of Ubuntu/Linux Mint/OpenSUSE but for some official reasons I am using MS Office now. I don’t use photoshop for this piracy. Yea, IDM is pirated but all other alternatives are crap, I have a plan to buy license of IDM. MATLAB has Simulink which is unique optinos, python does not have that. Whatever, I am removing those from my PC.

Give me fresh FRST log.

Ok, here they are …

Hi,

We are almost done. :slight_smile:

  • Step #3 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    [li]Open Notepad.exe. Do not use any other text editor software;
    - Copy and Paste the contents inside the code-box to your Notepad
    [/li]
Start
Closeprocesses:
Emptytemp:
HKU\S-1-5-21-304195867-3514970815-1895132206-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-304195867-3514970815-1895132206-1001\Software\Classes\exefile:  <===== ATTENTION!
Task: C:\Windows\Tasks\0614aUpdateInfo.job => C:\ProgramData\Avg_Update_0614a\0614a_AVG-Secure-Search-Update.exe
End
  •   [li]Click on [b]File[/b] > [b]Save as...[/b]
    

[list]
[li]Inside the File Name box type fixlist.txt
- From the Save as type drop down list, choose All Files
[/li]
- Save the file to your Desktop;
- Re-run FRST.exe and click Fix;

		[li][b]Note[/b]: If FRST advises there is a new updated version to be downloaded, do so/allow this.
	[/li]
	- After the completion, a log will be produced;
	- Attach the log in your next reply.
[/list][/li]

  • Step #4 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.

      [li]Download [b]esetsmartinstaller_enu.exe[/b] by clicking [url=http://download.eset.com/special/eos/esetsmartinstaller_enu.exe][b]here[/b][/url].
      - Right-click on the program and choose [i]Run as administrator[/i].
      - Accept their terms and condition and proceed.
      - Install [b]Add-On/Active X[/b] if prompted.
      - From the [b]Computer Scan Setting[/b] --
    

[list]
[li]Enable detection of potentially unwanted application
[/li]
- Click on Advanced Setting

		[li]Check the following box --
		- [list]
			[li][b]Remove Found Threats[/b]
		[/li]
	[/list]
		- Check the following boxes --
		- [list]
			[li][b]Scan archives[/b];
			- [b]Scan for potentially unsafe applications[/b]
			- [b]Enable Anti-Stealth Technology[/b]
		[/li]
	[/list][/li]
	- Click on [b]Start[/b] and wait for the [b]virus signature database[/b] to update.
	- The online scan will begin [i]automatically[/i] and can take several hours.

		[li][b]Note:[/b] Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
	[/li]
	- After the Scan finishes --
	- 
		[li][b]If no threats were found:[/b]

[list]
[li]Put a checkmark in Uninstall application on close.
- Close the program and report that nothing was found
[/li]
- If threats were found:

			[li]Open the file located in [b]C:\Program Files\ESET\ESET Online Scanner\log.txt[/b] (32-bit) or [b]C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt[/b] (64-bit).
			- Attach the log file in your next reply.
		[/li]
	[/list][/li]
[/list][b]Note:[/b] Enable your security programs afterwards.[/li]

  • Required Log(s):

      [li]FRST Fix Log
      - ESET Scan Log
    

    [/li]
    Regards,
    Valinorum