So the USBs we’ve been using have been infected by the shortcut virus. It shows the target as being somewhere in C:\Windows\system32. I also dunno if it’s related to the virus, but deleting files is also impossible for the USBs.
Could someone possibly help me clean the main PC (which is probably carrying the virus) and the affected USBs? And hopefully without damaging any files.
I’ve attached a malwarebytes log, and another log with a scan of one of the USB drives.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
1. Open notepad and copy/paste the text present inside the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
2. Save notepad as fixlist.txt to your Desktop. NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warned you about the outdated version please download and run the updated version.
Hmm…
The USBs aren’t totally clean. There are still some shortcuts for some files (which still link to the cmd32), and are the vir files normally supposed to be present?
EDIT: I’m sorry to leave now, but I have to sleep. I’ll be back in around 8-10hours. Please post if you have something that can help, and I’ll get to work on it once I’m back online. Thanks for taking the trouble so far!
Open MCShield Control center, and under Scanner tab tick Always unhide items on flash drives
Ther rescan USB with MCShield. Delete all of the shortcut files you find…
We’re done here, only to remove used tools. Keep using MCShield on all accounts on your PC, you’ll need to start MCShield manually on other accounts and to set language for MCShield to start monitoring.
Please download DelFix by “Xplode” to your Desktop.
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt) Note: The report will also be stored on C:\DelFix.txt
Download attached fixlist.txt to your Desktop. NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warned you about the outdated version please download and run the updated version.
[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that MCShield has created.
Start → All Programs → MCShield → Logs
Attach here → AllScans.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.