Author Topic: Shortcut Virus (same Problem as 'Jens Räven')  (Read 2311 times)

0 Members and 1 Guest are viewing this topic.

flaanza

  • Guest
Shortcut Virus (same Problem as 'Jens Räven')
« on: March 07, 2014, 10:04:59 AM »
Hej!

I have used a friend's USB stick and since then whenever I open a USB stick it only shows shortcuts...I guess I have a similar issue like this thread: http://195.74.76.34/index.php?topic=144424.0

I ran my usual Virus program and already ran OTL and MBAM. I will attach the files. Thank you so much for your help!

Best,
Mac

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Shortcut Virus (same Problem as 'Jens Räven')
« Reply #1 on: March 07, 2014, 10:18:36 AM »
diconnect all usb devices....

follow the Anti VBS/VBE and Farbar instructions here   http://forum.avast.com/index.php?topic=147269.msg1069397#msg1069397

attach those logs and then somone should soon be online and help you



« Last Edit: March 07, 2014, 12:01:34 PM by Pondus »

flaanza

  • Guest
Re: Shortcut Virus (same Problem as 'Jens Räven')
« Reply #2 on: March 07, 2014, 10:40:48 AM »
Thanks for the quick reply,

attached are files!

argus

  • Guest
Re: Shortcut Virus (same Problem as 'Jens Räven')
« Reply #3 on: March 07, 2014, 12:15:17 PM »
Hi,



1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]
Start
HKU\S-1-5-21-605631571-2152560228-314550346-1000\...\MountPoints2: {1d044e61-a449-11e3-be6a-8c89a50acc6a} - E:\ESRI.exe
HKU\S-1-5-21-605631571-2152560228-314550346-1000\...\MountPoints2: {695621f7-baa9-11e2-9ee7-806e6f6e6963} - D:\CDSetup.exe
HKU\S-1-5-21-605631571-2152560228-314550346-1000\...\MountPoints2: {ef87026d-12df-11e3-bc47-8c89a50acc6a} - F:\LaunchU3.exe -a
C:\Users\Marius\AppData\Local\Temp\AskSLib.dll
C:\Users\Marius\AppData\Local\Temp\avgnt.exe
C:\Users\Marius\AppData\Local\Temp\BackupSetup.exe
C:\Users\Marius\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Marius\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Marius\AppData\Local\Temp\install.exe
C:\Users\Marius\AppData\Local\Temp\installerdll4631903.dll
C:\Users\Marius\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Marius\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Marius\AppData\Local\Temp\Quarantine.exe
C:\Users\Marius\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Marius\AppData\Local\Temp\sonarinst.exe
C:\Users\Marius\AppData\Local\Temp\uninst1.exe
C:\Users\Marius\AppData\Local\Temp\_is1380.exe
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
.





************************************





Please download MCShield from one of the following links:

MCShield -Official download link
  • Double click on MCShield-Setup to install the application.
    Next => I Agree => Next => Install ... per installation click on Run! button.
  • Wait a few seconds to MCShield finish initial HDD scan...
  • Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
  • When all scanning is done, you need to post a logreport that MCShield has created.
Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.

=> Post here AllScanst.txt


Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

flaanza

  • Guest
Re: Shortcut Virus (same Problem as 'Jens Räven')
« Reply #4 on: March 07, 2014, 12:37:40 PM »
Wow, thanks.

Attached are the two files.

Cheers

argus

  • Guest
Re: Shortcut Virus (same Problem as 'Jens Räven')
« Reply #5 on: March 07, 2014, 12:50:35 PM »
Very good.

Do you still redirections?

flaanza

  • Guest
Re: Shortcut Virus (same Problem as 'Jens Räven')
« Reply #6 on: March 07, 2014, 01:07:51 PM »
Wow, no more shortcuts on the USB-stick.

Does that mean I am cleaned? :)

Thank you so much guys, awesome help! I really appreciate your help!

Cheers, Marius

argus

  • Guest
Re: Shortcut Virus (same Problem as 'Jens Räven')
« Reply #7 on: March 07, 2014, 01:17:49 PM »
Yes, the system is clean.



 Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
.





The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

.




I recommended to use MCShield if you will.
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.