yesterday a reported on your external hard drive Samsung is infected with virus, I found a folder 536 which contains the file flwechlh.js , detected as Worm:JS/ Bondat D! by MSE antivirus.I have the LNKs shortcuts made by trojan.when sending the file uncompressed its name changes to Cmd.exe and fool the scanners on VT (virus total).McShield not detected some LNK files or JS

Result the analysis

536.rar

https://www.virustotal.com/en/file/f1d4a03f60d9c4169d8008489e8ae040948004cff4811d7b70c49a81911fad44/analysis/1443129087/

flwechlh.js

https://www.virustotal.com/en/file/e3f31fcfb370f74a2ada2e6477e0f582cd6c37694527dd7790a178f672ecd828/analysis/1443146889/

LNK files
https://www.virustotal.com/pt/file/31bc4be25f4fb2080c87b632547d32d460ac14e17731b9eb1839ad3e8d74f23a/analysis/1443147416/

LNK 2.rar

https://www.virustotal.com/en/file/64d0f4e28d2c97e4f9cff504cc8f81d55c4191983d80d371755ba4314c893633/analysis/1443147701/

wtobte.js

https://www.virustotal.com/en/file/e3f31fcfb370f74a2ada2e6477e0f582cd6c37694527dd7790a178f672ecd828/analysis/1443147796/

send the files via email to virus@avast.com.Zip them up in password protected archive and keep password as virus.Dont forget to specify password in e-mail body.

Thanks for samples. We will add these samples in our database

Thanks,Done.
It is only way to sending files,except cases for FTP

Thanks.I see some signs, desktop.lnk is detected Other: malware-gen [trj], I have to wait for the next definitions VPS

flwechlh.js and wtobte.js is detected as JS:Bondat-A [Trj]
Bat.bat is detected as Other:malware-gen [trj]
all of infected shortcuts files are being detected now
LNK: Wtobte-A [Trj]
LNK: Wtobte-B [Trj]
LNK: Wtobte-C [Trj]
LNK: Wtobte-D [Trj]

users are protected against this threats.