Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on November 30, 2017, 08:28:48 AM

Title: . bat secured by kapersky internet security 2017 virus
Post by: REDACTED on November 30, 2017, 08:28:48 AM

Hi all,

Newcomer here

I think my laptop has been infected by this .bat virus/Trojan.

It has affected by USB drives.
while I manage to save the USB drives, problem still persist the moment I inserted usb drives in my laptop.

installed avast free and subscribed to avast cleanup to no avail.

need assistance to get rid this virus from my laptop.

Title: Re: . bat secured by kapersky internet security 2017 virus
Post by: Asyn on November 30, 2017, 08:35:02 AM

Attach your basic diagnostic logs. (MBAM, FRST and MCShield)
Instructions: https://forum.avast.com/index.php?topic=194892

Title: Re: . bat secured by kapersky internet security 2017 virus
Post by: REDACTED on November 30, 2017, 10:16:49 AM

Hi,

Attached are files required. took a bit of time to respond.

Title: Re: . bat secured by kapersky internet security 2017 virus
Post by: REDACTED on November 30, 2017, 10:22:04 AM

MCS Shield

Title: Re: . bat secured by kapersky internet security 2017 virus
Post by: Pondus on November 30, 2017, 10:28:35 AM

MCShield log must be copy an paste here og it wil look like chinese

It may take some hours before malware experts are online

Title: Re: . bat secured by kapersky internet security 2017 virus
Post by: REDACTED on November 30, 2017, 10:32:41 AM

Thanks Pondus.

here goes.

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<


30/11/2017 5:19:08 PM > Drive C: - scan started (Windows8_OS ~426 GB, NTFS HDD )...



=> The drive is clean.


30/11/2017 5:19:09 PM > Drive D: - scan started (LENOVO ~25 GB, NTFS HDD )...



=> The drive is clean.


30/11/2017 5:19:10 PM > Drive E: - scan started (no label ~3846 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<


30/11/2017 5:19:47 PM > Drive E: - scan started (no label ~3846 MB, FAT32 flash drive )...



=> The drive is clean.

Title: Re: . bat secured by kapersky internet security 2017 virus
Post by: Sass Drake on December 01, 2017, 03:01:22 PM

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

IFEO\appvlp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\googleearth.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iumsvc.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lenovo.harmonypicks.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lenovo.harmonysetting.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msouc.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\netcamstudio.client.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\netcamstudiox.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenotem.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\setlang.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
VirusTotal: C:\Users\Sharul Sazman Samaan\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe
Startup: C:\Users\Sharul Sazman Samaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorers.lnk [2017-11-30]
ShortcutTarget: explorers.lnk -> C:\Users\Sharul Sazman Samaan\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe ()
C:\Users\Sharul Sazman Samaan\AppData\Roaming\Kaspersky Internet Security 2017

• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Title: Re: . bat secured by kapersky internet security 2017 virus
Post by: REDACTED on December 03, 2017, 08:00:38 AM

Sass Drake, here goes.

verdict?

Title: Re: . bat secured by kapersky internet security 2017 virus
Post by: Sass Drake on December 03, 2017, 11:39:54 AM

What is current status of your system?

Title: Re: . bat secured by kapersky internet security 2017 virus
Post by: REDACTED on December 03, 2017, 11:51:23 AM

System working fine.

I tried 2 infected usb and format it. so far no trace of .bat symptom

Title: Re: . bat secured by kapersky internet security 2017 virus
Post by: Sass Drake on December 03, 2017, 01:03:40 PM

Cool.


• The following will implement some post-cleanup procedures:

=> Please download DelFix (https://toolslib.net/downloads/finish/2-delfix/) by Xplode to your Desktop.
Run the tool and check the following boxes below;
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Remove disinfection tools
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Create registry backup
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Title: Re: . bat secured by kapersky internet security 2017 virus
Post by: REDACTED on December 03, 2017, 01:33:12 PM

To the team, thanks so much.

i was wondering, as i have another pc also showing the symptom, does it also has to go the same procedure?.

that PC is my secondary, only for gaming thus far so not so much pressing for fix. I just have to avoid using usb

Title: Re: . bat secured by kapersky internet security 2017 virus
Post by: Sass Drake on December 03, 2017, 09:48:07 PM

Open the new topic and post MBAM and FRST logs from that PC.