Author Topic: Shortcut virus - location: cmd (C:\Windows\System32) ???? (Read 17824 times)

REDACTED · « **Reply #15 on:** September 06, 2014, 11:26:41 PM »

How is the situation now?

REDACTED · « **Reply #16 on:** September 07, 2014, 09:52:32 AM »

It is okay if the cmd.exe is still there ? $:-\$ or its not corrupted anymore ? I got 3 laptops that is corrupted by this malware/virus or whatever it is

REDACTED · « **Reply #17 on:** September 07, 2014, 11:20:44 AM »

http://www.speedyshare.com/9Uj5f/Video-2014-09-07-111519.wmv

MCShield log - video

REDACTED · « **Reply #18 on:** September 07, 2014, 11:28:03 AM »

Scan with Combofix:

Please download ComboFix by sUBs and save it to your Desktop.
You may read how Combofix works here.
Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.
Run ComboFix. Click on I Agree! & follow the prompts.
Note: If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.
When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
(typical log location: C:\ComboFix.txt )

.

Then connect a pendrive and attach here the log.

REDACTED · « **Reply #19 on:** September 07, 2014, 11:57:08 AM »

Here are the log for the combo fix but i can't understand what are you saying about the "pendrive and the logs"

REDACTED · « **Reply #20 on:** September 07, 2014, 01:28:21 PM »

Attach here All scans log (MCShield)

But here I do not see anything

Pondus · « **Reply #21 on:** September 07, 2014, 01:38:02 PM »

Quote

but i can't understand what are you saying about the "pendrive and the logs"

When you connect your pendrive, MCShield will scan it ....... when done, copy and paste the allscan.txt log here

There are some issues with some logs here in the forum, they are displayed as unicode when attached (looks like chinese so not readable. See pic in argus post) since this is a short log, you can copy and paste it

REDACTED · « **Reply #22 on:** September 07, 2014, 01:45:22 PM »

Is it this ?

>>> MCShield AllScans.txt <<<

-----------------------------

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/5/2014 12:04:02 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/5/2014 12:04:02 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

9/5/2014 12:04:02 PM > Drive H: - scan started (no label ~120 MB, FAT flash drive )...

>>> H:\sipkrzpmyl..vbs - Suspicious > Renamed. (MD5: unknown)

>>> H:\AdwCleaner.exe - Suspicious > Renamed. (MD5: 9ded4724d695cfb01960426da011abae)

>>> H:\FRST.exe - Suspicious > Renamed. (MD5: 77ce274a97ed45aa2f582245f2895051)

>>> H:\shck0ju3.exe - Suspicious > Renamed. (MD5: 60bf4ae8cc40b0e3e28613657ed2eed8)

=> Suspicious files : 4/4 renamed.

____________________________________________

::::: Scan duration: 6sec ::::::::::::::::::
____________________________________________

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/5/2014 12:07:14 PM > Drive H: - scan started (no label ~120 MB, FAT flash drive )...

>>> H:\AdwCleaner.lnk.vir - Malware > Deleted. (; MD5: unknown)

>>> H:\MCShield-Setup.lnk.vir - Malware > Deleted. (; MD5: unknown)

>>> H:\FRST.lnk.vir - Malware > Deleted. (; MD5: unknown)

>>> H:\shck0ju3.lnk.vir - Malware > Deleted. (; MD5: unknown)

>>> H:\fixlist.lnk.vir - Malware > Deleted. (; MD5: unknown)

>>> H:\AdwCleaner.exe - Suspicious > Renamed. (MD5: 9ded4724d695cfb01960426da011abae)

>>> H:\FRST.exe - Suspicious > Renamed. (MD5: 77ce274a97ed45aa2f582245f2895051)

>>> H:\shck0ju3.exe - Suspicious > Renamed. (MD5: 60bf4ae8cc40b0e3e28613657ed2eed8)

>>> H:\sipkrzpmyl..vbs - Suspicious > Renamed. (MD5: unknown)

=> Malicious files : 5/5 deleted.
=> Suspicious files : 4/4 renamed.

____________________________________________

::::: Scan duration: 6sec ::::::::::::::::::
____________________________________________

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/5/2014 12:22:53 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/5/2014 12:22:54 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/5/2014 12:54:28 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/5/2014 12:54:29 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/5/2014 1:20:07 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/5/2014 1:20:08 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/5/2014 8:23:23 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/5/2014 8:23:24 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/5/2014 11:14:09 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/5/2014 11:14:09 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/6/2014 8:36:16 AM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/6/2014 8:36:16 AM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/6/2014 3:42:24 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/6/2014 3:42:26 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/6/2014 4:11:32 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/6/2014 4:11:34 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/6/2014 6:13:42 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/6/2014 6:13:44 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/7/2014 9:34:29 AM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/7/2014 9:34:31 AM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/7/2014 10:04:27 AM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/7/2014 10:04:29 AM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<

9/7/2014 10:28:06 AM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/7/2014 10:28:06 AM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.6.1 / Windows 7 <<<

9/7/2014 2:57:52 PM > Drive G: - scan started (no label ~3893 MB, FAT32 flash drive )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.6.1 / Windows 7 <<<

9/7/2014 3:45:02 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/7/2014 3:45:04 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.6.1 / Windows 7 <<<

9/7/2014 4:04:59 PM > Drive H: - scan started (no label ~120 MB, FAT flash drive )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.6.1 / Windows 7 <<<

9/7/2014 5:47:01 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...

=> The drive is clean.

9/7/2014 5:47:04 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...

=> The drive is clean.

REDACTED · « **Reply #23 on:** September 07, 2014, 01:50:58 PM »

This laptop is clean.

REDACTED · « **Reply #24 on:** September 07, 2014, 01:53:52 PM »

Do you have another laptop?

REDACTED · « **Reply #25 on:** September 07, 2014, 01:56:22 PM »

Thank you argus, pondus and the other generous guys

! I appreciated your help. Can you help me for the next 3 other laptops ? or I will just do what i've done in the first place ? If its ok? Then I think I can do it.

Pondus · « **Reply #26 on:** September 07, 2014, 02:21:10 PM »

Quote

Can you help me for the next 3 other laptops

Start with attaching logs for next computer ......

REDACTED · « **Reply #27 on:** September 08, 2014, 03:07:17 AM »

It is ok that I will not attach the log for MBAM cause the screen is too small so I can't click the export/save log. But it says no malware detected.

REDACTED · « **Reply #28 on:** September 08, 2014, 03:32:44 AM »

For the fixlog.

and MCshield log

>>> MCShield AllScans.txt <<<

-----------------------------

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.6.1 / Windows 7 <<<

09/08/2014 9:34:17 AM > Drive C: - scan started (no label ~127 GB, NTFS HDD )...

=> The drive is clean.

09/08/2014 9:34:18 AM > Drive D: - scan started (no label ~171 GB, NTFS HDD )...

=> The drive is clean.

TrueIndian · « **Reply #29 on:** September 08, 2014, 05:41:48 AM »

Quote from: bob3160 on September 06, 2014, 03:44:17 PM

Quote from: RichardGonzaga on September 06, 2014, 03:40:32 PM
If I'm not using avast. It is fine right ?
If you're not using avast!, why are you here asking for help cleaning up a corruption
Why not ask Microsoft since they're the ones who let you get infected in the first place.
I'm not trying to be rude but I don't understand your logic and I'm sure argus will still continue to help you.

There is a point in bob's post.But i think we should work together to defeat malware and not watch who is using what and then help them.

Author Topic: Shortcut virus - location: cmd (C:\Windows\System32) ???? (Read 17824 times)

REDACTED

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????

REDACTED

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????

REDACTED

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????

REDACTED

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????

REDACTED

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????

REDACTED

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????

Pondus

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????

REDACTED

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????

REDACTED

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????

REDACTED

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????

REDACTED

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????

Pondus

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????

REDACTED

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????

REDACTED

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????

TrueIndian

Re: Shortcut virus - location: cmd (C:\Windows\System32) ????