Avast WEBforum
Other => Viruses and worms => Topic started by: Ambobaba on February 11, 2014, 09:08:05 AM
-
Shortcut virus - location: cmd (C:\Windows\System32) ????
Dear all and TwinHeadedEagle:
I read a topic related to the virus above and the solution that was offered included the following steps:
Download AdwCleaner by Xplode and save to your Desktop - Post logfile will also be saved in the C:\AdwCleaner folder.
download GMER, AntiRootkit tool from the link below and save it to your Desktop - Attach Gmer logreports.
download Farbar Recovery Scan Tool by Farbar and save it to your desktop - Please attach it to your reply log (FRST.txt) and log (Addition.txt).
then TwinHeadedEagle provided a code to past in the computer but the solution says it was based on that particular computer and topic and it should not be used by other.
I have the same virus and I followed the steps above and I was hoping that i can get the code that is suitable to my computer and case based on the attached logs
Thank you in advance for you time
Ambo ::)
-
disconnect any USB drives...
malware experts are notified, it may take some hours before they are online
-
Please download Anti-VBSVBE (http://www.mcshield.net/download/tools/Anti-VBSVBE/) and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double click to run the tool and wait until it finishes.
- It will make a log named Anti-VBSVBE.txt. Please attach it to your reply.
-
Please also attach the OTL log.
-
No need for OTL, FRST is enough...and Anti VBS/VBE will do the job...
-
Thanks a lot for your prompt reply
attached is the log
Ambo
-
I'll be offline for couple of hours, I reply as soon as I get home.
-
Thanks... I will be waiting
Ambo ::)
-
Download attached fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
-
Thanks again..
Log is attached
Ambo
-
Ok, run FRST one more and attach fresh report for final check:
-
It says: No fixlist.txt found
The fixlist.txt should be in the same folder/directory the tool is located :-\
-
Should I download the same fixlist you sent earlier one more time to the desktop and then run the fix?
Ambo
-
you have already run the fix ..... run a normal scan ;)
-
Ok... I got it.. here you go
Thanks for the note
Ambo
-
Good, PC is clean, let's disinfect your USB
Please download MCShield from one of the following links:
MCShield -Official download link (http://www.mcshield.net/downloads.html)
Softpedija -mirror download link (http://www.softpedia.com/get/Antivirus/MCShield.shtml)
- Double click on MCShield-Setup to install the application.
Next => I Agree => Next => Install ... per installation click on Run! button.
- Wait a few seconds to MCShield finish initial HDD scan...
- Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
- When all scanning is done, you need to post a logreport that MCShield has created.
Under Logs tab (in Control Center (http://www.mcshield.net/personal/magna86/Images/MCShield%27s%20Control%20Center.jpg)) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.
=> Post here AllScanst.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
-
Thanks a lot :D
Attached is the file..
Thank you for putting your time and effort into this. May you be rewarded with all goodness in return.
Ambo
-
Everything should be good now, do you agree?
-
Very much so ;)
You are a star ..
Ambo
-
Got it chief Pondus..
all tools used are removed now.
Thanx
Ambo
-
Ok :)
• The following will implement some post-cleanup procedures:
=> Please download DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by Xplode to your Desktop.
Run the tool and check the following boxes below;
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Remove disinfection tools
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Create registry backup
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
-
Ok.. I've done it. I thought I had to do it manually!
The log show all the tools and related folders deleted and a restore point created.
Thank you once more.
Ambo :D