Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on September 08, 2017, 02:08:49 PM
-
Good day ladies and gentlemen. Can you guys help me to remove this malware in my external hard drive and possibly in my laptop? The problem is my files (external hard drive) turned to shortcuts and when I open its location, it says system32/cmd.exe. Thank you.
p.s I already encountered this situation and you guys already helped me (thank you bro Argus), but unfortunately my friend plugged it on an infected device and all went to sh*t.
-
https://forum.avast.com/index.php?topic=194892.0
-
Sorry for the late reply. These are the logs.
-
You need to copy/paste the McShield log or it will not be readable.
-
You need to copy/paste the McShield log or it will not be readable.
Can read it using Android. Anyway it is very looooong, goes back to 2015 and we don't need all that
-
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
3/28/2017 5:33:09 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
3/28/2017 5:33:09 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
3/28/2017 5:33:40 PM > Drive E: - scan started (no label ~30424 MB, FAT32 flash drive )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
3/28/2017 5:34:01 PM > Drive E: - scan started (no label ~30424 MB, FAT32 flash drive )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
3/28/2017 5:41:38 PM > Drive G: - scan started (Seagate Expansion Drive ~932 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
6/27/2017 1:52:32 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
6/27/2017 1:52:36 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
6/27/2017 1:52:36 PM > Drive G: - scan started (RICHARD ~964 MB, FAT flash drive )...
---> Note: paranoid mode is enabled.
>>> G:\RICHARD (1GB).lnk - Malware > Deleted. (17.06.27. 13.52 RICHARD (1GB).lnk.845730; MD5: b3b799814827f8b3edf606c8f71285a1)
> Resetting attributes: G:\ < Successful.
=> Malicious files : 1/1 deleted.
=> Hidden folders : 1/1 unhidden.
____________________________________________
::::: Scan duration: 5sec ::::::::::::::::::
____________________________________________
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
6/27/2017 1:52:53 PM > Drive G: - scan started (RICHARD ~964 MB, FAT flash drive )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
6/27/2017 1:55:54 PM > Drive G: - scan started (RICHARD ~964 MB, FAT flash drive )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
6/27/2017 2:23:17 PM > Drive G: - scan started (RICHARD ~964 MB, FAT flash drive )...
---> Note: paranoid mode is enabled.
>>> G:\RICHARD (1GB).lnk - Malware > Deleted. (17.06.27. 14.23 RICHARD (1GB).lnk.158398; MD5: ad3765520f0995e66535f8cde3f4f433)
=> Malicious files : 1/1 deleted.
____________________________________________
::::: Scan duration: 1sec ::::::::::::::::::
____________________________________________
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
6/27/2017 2:23:38 PM > Drive G: - scan started (RICHARD ~964 MB, FAT flash drive )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
6/27/2017 2:39:47 PM > Drive G: - scan started (RICHARD ~964 MB, FAT flash drive )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
6/28/2017 10:00:52 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
6/28/2017 10:00:53 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
6/29/2017 1:45:59 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
6/29/2017 1:46:00 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
8/6/2017 10:25:39 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
8/6/2017 10:25:42 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
8/6/2017 10:25:42 PM > Drive E: - scan started (System Reserved ~unknown size, NTFS HDD )...
=> The drive is clean.
8/6/2017 10:25:43 PM > Drive G: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean.
8/6/2017 10:25:44 PM > Drive H: - scan started (no label ~311 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
8/6/2017 10:26:03 PM > Drive J: - scan started (TOSHIBA ERG ~7400 MB, NTFS flash drive )...
---> Note: paranoid mode is enabled.
>>> J:\PowerISO6-x64.exe - Malware > Deleted. (17.08.06. 22.26 PowerISO6-x64.exe.57079; MD5: 9271c5e672a156531f1de5ccb16145ee)
=> Malicious files : 1/1 deleted.
____________________________________________
::::: Scan duration: 12sec :::::::::::::::::
____________________________________________
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
8/18/2017 8:25:17 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
8/18/2017 8:25:18 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
8/18/2017 8:25:34 PM > Drive I: - scan started (Seagate Expansion Drive ~932 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
8/18/2017 8:35:51 PM > Drive E: - scan started (System Reserved ~unknown size, NTFS HDD )...
=> The drive is clean.
8/18/2017 8:35:53 PM > Drive G: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
8/18/2017 9:10:37 PM > Drive G: - scan started (System Reserved ~unknown size, NTFS HDD )...
=> The drive is clean.
8/18/2017 9:10:38 PM > Drive H: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/3/2017 3:13:24 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
9/3/2017 3:13:26 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/3/2017 3:13:35 PM > Drive E: - scan started (no label ~7640 MB, FAT32 flash drive )...
---> Note: paranoid mode is enabled.
>>> E:\FROM;DESKTOP-MDMUBBK.pif - Malware > Deleted. (17.09.03. 15.13 FROM;DESKTOP-MDMUBBK.pif.459957; MD5: 0a0dc7ecde33ec7e53ddf48f39cd5591)
=> Malicious files : 1/1 deleted.
____________________________________________
::::: Scan duration: 21sec :::::::::::::::::
____________________________________________
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/3/2017 3:14:19 PM > Drive E: - scan started (no label ~7640 MB, FAT32 flash drive )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 10:33:26 AM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 10:33:26 AM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 10:33:54 AM > Drive E: - scan started (System Reserved ~unknown size, NTFS HDD )...
>>> E:\Boot.lnk - Malware > Deleted. (17.09.07. 10.33 Boot.lnk.615185; MD5: cdb0b8c9d3a7c2bafa66a545b4c886ab)
>>> E:\Recovery.lnk - Malware > Deleted. (17.09.07. 10.33 Recovery.lnk.470008; MD5: 2049070aefd5d29884c2095f56c354f6)
=> Malicious files : 2/2 deleted.
____________________________________________
::::: Scan duration: 1sec ::::::::::::::::::
____________________________________________
9/7/2017 10:33:55 AM > Drive H: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 10:33:56 AM > Drive I: - scan started (no label ~311 GB, NTFS HDD )...
>>> I:\Assassins.Creed.Brotherhood-SKIDROW.part1.rar.lnk - Malware > Deleted. (17.09.07. 10.33 Assassins.Creed.Brotherhood-SKIDROW.part1.rar.lnk.18056; MD5: c64c4fc59d091edab4042fbae12e4366)
=> Malicious files : 1/1 deleted.
____________________________________________
::::: Scan duration: 2sec ::::::::::::::::::
____________________________________________
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 5:29:48 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 5:29:49 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 5:29:50 PM > Drive E: - scan started (System Reserved ~unknown size, NTFS HDD )...
=> The drive is clean.
9/7/2017 5:29:51 PM > Drive H: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 5:29:51 PM > Drive I: - scan started (no label ~311 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 5:52:24 PM > Drive H: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 7:29:57 PM > Drive I: - scan started (no label ~311 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 7:30:45 PM > Drive E: - scan started (System Reserved ~unknown size, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 7:52:14 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 7:52:15 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 7:52:15 PM > Drive E: - scan started (System Reserved ~unknown size, NTFS HDD )...
=> The drive is clean.
9/7/2017 7:52:16 PM > Drive H: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 7:52:16 PM > Drive I: - scan started (no label ~311 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 8:12:40 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 8:12:49 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 8:13:12 PM > Drive E: - scan started (RICHARD ~964 MB, FAT flash drive )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 8:13:46 PM > Drive E: - scan started (RICHARD ~964 MB, FAT flash drive )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 8:15:30 PM > Drive E: - scan started (RICHARD ~964 MB, FAT flash drive )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 8:46:51 PM > Drive E: - scan started (RICHARD ~964 MB, FAT flash drive )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 8:47:14 PM > Drive E: - scan started (System Reserved ~unknown size, NTFS HDD )...
=> The drive is clean.
9/7/2017 8:47:15 PM > Drive H: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 8:47:15 PM > Drive I: - scan started (no label ~311 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 8:50:59 PM > Drive E: - scan started (System Reserved ~unknown size, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 9:02:46 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 9:02:48 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 9:02:49 PM > Drive E: - scan started (System Reserved ~unknown size, NTFS HDD )...
=> The drive is clean.
9/7/2017 9:02:51 PM > Drive H: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 9:02:51 PM > Drive I: - scan started (no label ~311 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/7/2017 9:13:39 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 9:13:41 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 9:13:41 PM > Drive E: - scan started (System Reserved ~unknown size, NTFS HDD )...
=> The drive is clean.
9/7/2017 9:13:41 PM > Drive H: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean.
9/7/2017 9:13:41 PM > Drive I: - scan started (no label ~311 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/8/2017 9:31:53 AM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
9/8/2017 9:31:53 AM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/8/2017 9:39:08 AM > Drive E: - scan started (RICHARD ~964 MB, FAT flash drive )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/8/2017 12:37:24 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
9/8/2017 12:37:25 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/8/2017 6:44:56 PM > Drive E: - scan started (System Reserved ~unknown size, NTFS HDD )...
=> The drive is clean.
9/8/2017 6:44:57 PM > Drive H: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean.
9/8/2017 6:44:57 PM > Drive I: - scan started (no label ~311 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/8/2017 7:37:29 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
9/8/2017 7:37:31 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
9/8/2017 7:37:33 PM > Drive E: - scan started (System Reserved ~unknown size, NTFS HDD )...
=> The drive is clean.
9/8/2017 7:37:35 PM > Drive H: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean.
9/8/2017 7:37:35 PM > Drive I: - scan started (no label ~311 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/8/2017 7:38:23 PM > Drive H: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/8/2017 7:39:25 PM > Drive I: - scan started (no label ~311 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/9/2017 12:34:21 PM > Drive C: - scan started (no label ~231 GB, NTFS HDD )...
=> The drive is clean.
9/9/2017 12:34:24 PM > Drive D: - scan started (no label ~234 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/9/2017 12:36:24 PM > Drive E: - scan started (System Reserved ~unknown size, NTFS HDD )...
=> The drive is clean.
9/9/2017 12:36:24 PM > Drive H: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean.
9/9/2017 12:36:25 PM > Drive I: - scan started (no label ~311 GB, NTFS HDD )...
=> The drive is clean.
-
I don't see malware traces in FRST logs you posted. Was that external drive plugged in only to your computer?
-
The external hard drive is connected. Here are the new logs (in case if you guys need it) and some of the corrupted files.
disk H, I and E are the infected
-
You didn't answer me previous question. Have you plugged in your external HDD to other computers? Also, I see you have two hard drives and the second also seems to have OS installed on it. If you have another Windows on it did you used it when your external HDD was infected?
-
It was an old hard drive from another laptop. But the laptop is not working anymore so I salvage what I can and turned its drive to an external drive. My external drive just got infected when my friend copied/used it on an infected computer. It has only been plugged into 'my' laptop and the other one.
-
Logs you posted doesn't show signs of infection. Please, right-click on external hard drive in File Explorer and click on Scan with MCShield.
-
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<
9/12/2017 1:29:28 PM > Drive H: - scan started (no label ~155 GB, NTFS HDD )...
=> The drive is clean. (drive h, i and e)
log for the malwarebytes
i just dont understand why it says no malware/threats detected when it is clearly affected by it.
-
i just dont understand why it says no malware/threats detected when it is clearly affected by it.
MCShield is not a antivirus, and it ONLY target those malware types that try to jump disk
-
We will have to see file and folder structure of that drive. Running this will make list all of files and folders you have on that drive. Please analyze generated list before attaching just to be sure your privacy will not be violated.
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
dir /S H:
- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
-
Here it is my brotha.
-
Sorry, I've made a mistake. Here we go again.
We will have to see file and folder structure of that drive. Running this will make list all of files and folders you have on that drive. Please analyze generated list before attaching just to be sure your privacy will not be violated.
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
cmd: dir /S H:
- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
-
I cant seem to find the messages I've sent to. I have been looking at my https://forum.avast.com/index.php?action=pm;f=sent but it says 'no messages...'.
-
profile > show posts
-
I've sent a private/personal message to Pondus and Sass Drake. But i cant still find it in profile > show posts. Its about the files and how it may affect me if I post it here.
-
You can see all your posts in the place I told you.
For messages sent/received, click on "my messages".
-
I've sent a private/personal message to Pondus and Sass Drake. But i cant still find it in profile > show posts. Its about the files and how it may affect me if I post it here.
I have not recived any PM from you?
Anyway Sass Drake is the one that analyze logs, not me
You can not see sendt PMs unless you check the box "Save a copy in my outbox"
You will then find them at My Messages > Messages > Sendt Items
-
Did you received my message drake? I have already sent you the fixlog.
-
For now let's do this:
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
Zip: H:\Drive.bat;H:\Battlefield.lnk;H:\Grand Theft Auto.lnk;H:\Movies.lnk;H:\Saints Row.lnk
- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
Zip file will appear on your Desktop. Pleaseuplaod it on , for example, Google Drive, Onedrive, Dropbox, etc an d post link to it.
-
https://1drv.ms/u/s!AmGFEoP4MAMgjHIw3jXf6DE-mFCl
Is this correct?
-
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
H:\Drive.bat
H:\Battlefield.lnk
H:\Grand Theft Auto.lnk
H:\Movies.lnk
H:\Saints Row.lnk
cmd: attrib -H -S "H:\Drive"
- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
Please report if folders turn to shortcuts back.
-
The files on H is okay now i guess? but it is still on partition I and E. Anyway thanks. ;D
-
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
cmd: dir /S E:
cmd: dir /S I:
H:\Drive\461
E:\Drive\461
I:\Drive\461
- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
-
File is too large? So am I just gonna copy it here or what?
-
Uplaod it it to OneDrive.
-
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
E:\drive.bat
I:\Drive.bat
I:\Games, installers, etc.lnk
I:\Movies.lnk
I:\Other Files.lnk
- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
-
Woah. I try to run the FRST and it updates (like everyday) now my laptop can't run it. Windows 10 pro x64
-
Did Windows Update worked last day/night?
Try with downloaded fresh copy.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
-
New FRST works now.
-
Now you should be able to restore original folder structure on your drives. Please tell if malware on drives reappears.
-
The malware has been removed now i think. Thanks for the help! Have a great day.
-
• The following will implement some post-cleanup procedures:
=> Please download DelFix (https://toolslib.net/downloads/finish/2-delfix/) by Xplode to your Desktop.]
Run the tool and check the following boxes below;
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Remove disinfection tools
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Create registry backup
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.