Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on December 06, 2017, 02:41:52 AM

Title: Unknown Virus (Secured By Kaspersky Internet Security)
Post by: REDACTED on December 06, 2017, 02:41:52 AM

Hey there

I think my laptop was infected by some kind of viruses (same issue with wan ahmad). When I inserted a flash drive, all of my files are gone, there will be 2 files appeared which is REMOVABLE DISK 7GB(Secured By Kaspersky Internet Security 2017).bat and readme.txt. when i click on the file REMOVABLE DISK 7GB(Secured By Kaspersky Internet Security 2017).bat ,a folder will appeared, named System Volume Information and it contained all of my files. Then, i put another drive and the same thing happens. I had formatted my drive but the files still appeared.  I had also tried to scan my laptop, but it does not detect anything. What should i do? I really need your help. Thank you.

Title: Re: Unknown Virus (Secured By Kaspersky Internet Security)
Post by: Asyn on December 06, 2017, 05:23:56 AM

Attach your basic diagnostic logs. (MBAM, FRST and MCShield)
Instructions: https://forum.avast.com/index.php?topic=194892

Title: Re: Unknown Virus (Secured By Kaspersky Internet Security)
Post by: REDACTED on December 06, 2017, 06:12:05 AM

Here are the logs
But i still have another drive which may affected my laptop but it is not with me right now, i should have it on friday i guess. So, what should i do?

Title: Re: Unknown Virus (Secured By Kaspersky Internet Security)
Post by: Sass Drake on December 06, 2017, 09:49:39 AM

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

VirusTotal: C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe;C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\spoolsvc.exe
Startup: C:\Users\Asus A555L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorers.lnk [2017-11-30]
ShortcutTarget: explorers.lnk -> C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe ()
Startup: C:\Users\Asus A555L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsvc.lnk [2017-11-30]
ShortcutTarget: spoolsvc.lnk -> C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\spoolsvc.exe ()
Startup: C:\Users\Asus A555L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svhost.lnk [2017-12-06]
ShortcutTarget: svhost.lnk -> C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\svhost.exe (No File)
CHR HKU\S-1-5-21-4193916560-1828382214-1993866547-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Bing) - C:\Users\Asus A555L\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-11-29]
C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017
EmptyTemp:

• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Title: Re: Unknown Virus (Secured By Kaspersky Internet Security)
Post by: REDACTED on December 06, 2017, 02:36:49 PM

Here it is

Title: Re: Unknown Virus (Secured By Kaspersky Internet Security)
Post by: REDACTED on December 06, 2017, 05:26:21 PM

One more thing, how about my other thumb drive which is not with me right now, i may have it on friday perhaps. I guess that drive was the main reason how my laptop got affected. What should i do with it when i have it this friday?

Title: Re: Unknown Virus (Secured By Kaspersky Internet Security)
Post by: Sass Drake on December 06, 2017, 07:05:10 PM

Scan it with MCShield.  ;)


• The following will implement some post-cleanup procedures:

=> Please download DelFix (https://toolslib.net/downloads/finish/2-delfix/) by Xplode to your Desktop.
Run the tool and check the following boxes below;
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Remove disinfection tools
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Create registry backup
(http://www.mcshield.net/personal/magna86/Images/checkmark.png) Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Title: Re: Unknown Virus (Secured By Kaspersky Internet Security)
Post by: REDACTED on December 07, 2017, 02:07:58 AM

I had done ran it. Is there anything else i need to do?

Title: Re: Unknown Virus (Secured By Kaspersky Internet Security)
Post by: Sass Drake on December 07, 2017, 11:14:11 AM

Nope. :)

Title: Re: Unknown Virus (Secured By Kaspersky Internet Security)
Post by: REDACTED on December 07, 2017, 11:49:37 AM

Ok then, thank you so much  ;D  ;D

Title: Re: Unknown Virus (Secured By Kaspersky Internet Security)
Post by: REDACTED on December 11, 2018, 03:40:50 PM

hey there,

i have the same issues with my USB flash drive. kindly help me get rid of the Unknown Virus (Secured by Kaspersky Internet security 2017).

Thank You.

Title: Re: Unknown Virus (Secured By Kaspersky Internet Security)
Post by: Sass Drake on December 11, 2018, 07:58:00 PM

Quote from: Adebayo2 on December 11, 2018, 03:40:50 PM

hey there,

i have the same issues with my USB flash drive. kindly help me get rid of the Unknown Virus (Secured by Kaspersky Internet security 2017).

Thank You.

Open new topic and attach FRST logs from your system.