Author Topic: Shortcut virus - location: cmd (C:\Windows\System32) ????  (Read 15962 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: Shortcut virus - location: cmd (C:\Windows\System32) ????
« Reply #15 on: September 06, 2014, 11:26:41 PM »
How is the situation now?

REDACTED

  • Guest
Re: Shortcut virus - location: cmd (C:\Windows\System32) ????
« Reply #16 on: September 07, 2014, 09:52:32 AM »
It is okay if the cmd.exe is still there ?  :-\ or its not corrupted anymore ? I got 3 laptops that is corrupted by this malware/virus or whatever it is  :(

REDACTED

  • Guest

REDACTED

  • Guest
Re: Shortcut virus - location: cmd (C:\Windows\System32) ????
« Reply #18 on: September 07, 2014, 11:28:03 AM »


Scan with Combofix:
  • Please download ComboFix by sUBs and save it to your Desktop.
    You may read how Combofix works here.

  • Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
    If you are unsure how to do this please read this or this Instruction.

  • Run ComboFix. Click on I Agree! & follow the prompts.
    Note: If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

  • When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
    (typical log location: C:\ComboFix.txt )
.



Then connect a pendrive and attach here the log.

REDACTED

  • Guest
Re: Shortcut virus - location: cmd (C:\Windows\System32) ????
« Reply #19 on: September 07, 2014, 11:57:08 AM »
Here are the log for the combo fix but i can't understand what are you saying about the "pendrive and the logs"


REDACTED

  • Guest
Re: Shortcut virus - location: cmd (C:\Windows\System32) ????
« Reply #20 on: September 07, 2014, 01:28:21 PM »
Attach here All scans log (MCShield)



But here I do not see anything
« Last Edit: September 07, 2014, 01:36:53 PM by argus »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37147
  • Not a avast user
Re: Shortcut virus - location: cmd (C:\Windows\System32) ????
« Reply #21 on: September 07, 2014, 01:38:02 PM »
Quote
  but i can't understand what are you saying about the "pendrive and the logs"   
When you connect your pendrive, MCShield will scan it ....... when done, copy and paste the allscan.txt log here

There are some issues with some logs here in the forum, they are displayed as unicode when attached (looks like chinese so not readable. See pic in argus post) since this is a short log, you can copy and paste it

« Last Edit: September 07, 2014, 01:44:18 PM by Pondus »

REDACTED

  • Guest
Re: Shortcut virus - location: cmd (C:\Windows\System32) ????
« Reply #22 on: September 07, 2014, 01:45:22 PM »
Is it this ?

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<


9/5/2014 12:04:02 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/5/2014 12:04:02 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.


9/5/2014 12:04:02 PM > Drive H: - scan started (no label ~120 MB, FAT flash drive )...


>>> H:\sipkrzpmyl..vbs - Suspicious > Renamed. (MD5: unknown)

>>> H:\AdwCleaner.exe - Suspicious > Renamed. (MD5: 9ded4724d695cfb01960426da011abae)

>>> H:\FRST.exe - Suspicious > Renamed. (MD5: 77ce274a97ed45aa2f582245f2895051)

>>> H:\shck0ju3.exe - Suspicious > Renamed. (MD5: 60bf4ae8cc40b0e3e28613657ed2eed8)


=> Suspicious files  : 4/4 renamed.

____________________________________________

::::: Scan duration: 6sec ::::::::::::::::::
____________________________________________




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<


9/5/2014 12:07:14 PM > Drive H: - scan started (no label ~120 MB, FAT flash drive )...


>>> H:\AdwCleaner.lnk.vir - Malware > Deleted. (; MD5: unknown)

>>> H:\MCShield-Setup.lnk.vir - Malware > Deleted. (; MD5: unknown)

>>> H:\FRST.lnk.vir - Malware > Deleted. (; MD5: unknown)

>>> H:\shck0ju3.lnk.vir - Malware > Deleted. (; MD5: unknown)

>>> H:\fixlist.lnk.vir - Malware > Deleted. (; MD5: unknown)

>>> H:\AdwCleaner.exe - Suspicious > Renamed. (MD5: 9ded4724d695cfb01960426da011abae)

>>> H:\FRST.exe - Suspicious > Renamed. (MD5: 77ce274a97ed45aa2f582245f2895051)

>>> H:\shck0ju3.exe - Suspicious > Renamed. (MD5: 60bf4ae8cc40b0e3e28613657ed2eed8)

>>> H:\sipkrzpmyl..vbs - Suspicious > Renamed. (MD5: unknown)


=> Malicious files   : 5/5 deleted.
=> Suspicious files  : 4/4 renamed.

____________________________________________

::::: Scan duration: 6sec ::::::::::::::::::
____________________________________________




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<


9/5/2014 12:22:53 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/5/2014 12:22:54 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<


9/5/2014 12:54:28 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/5/2014 12:54:29 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<


9/5/2014 1:20:07 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/5/2014 1:20:08 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<


9/5/2014 8:23:23 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/5/2014 8:23:24 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<


9/5/2014 11:14:09 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/5/2014 11:14:09 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<


9/6/2014 8:36:16 AM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/6/2014 8:36:16 AM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<


9/6/2014 3:42:24 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/6/2014 3:42:26 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<


9/6/2014 4:11:32 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/6/2014 4:11:34 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<


9/6/2014 6:13:42 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/6/2014 6:13:44 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<


9/7/2014 9:34:29 AM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/7/2014 9:34:31 AM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<


9/7/2014 10:04:27 AM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/7/2014 10:04:29 AM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.26.1 / Windows 7 <<<


9/7/2014 10:28:06 AM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/7/2014 10:28:06 AM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.6.1 / Windows 7 <<<


9/7/2014 2:57:52 PM > Drive G: - scan started (no label ~3893 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.6.1 / Windows 7 <<<


9/7/2014 3:45:02 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/7/2014 3:45:04 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.6.1 / Windows 7 <<<


9/7/2014 4:04:59 PM > Drive H: - scan started (no label ~120 MB, FAT flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.6.1 / Windows 7 <<<


9/7/2014 5:47:01 PM > Drive C: - scan started (no label ~155 GB, NTFS HDD )...



=> The drive is clean.


9/7/2014 5:47:04 PM > Drive D: - scan started (no label ~311 GB, NTFS HDD )...



=> The drive is clean.



« Last Edit: September 07, 2014, 01:49:11 PM by RichardGonzaga »

REDACTED

  • Guest
Re: Shortcut virus - location: cmd (C:\Windows\System32) ????
« Reply #23 on: September 07, 2014, 01:50:58 PM »
This laptop is clean.

REDACTED

  • Guest
Re: Shortcut virus - location: cmd (C:\Windows\System32) ????
« Reply #24 on: September 07, 2014, 01:53:52 PM »
Do you have another laptop?

REDACTED

  • Guest
Re: Shortcut virus - location: cmd (C:\Windows\System32) ????
« Reply #25 on: September 07, 2014, 01:56:22 PM »
Thank you argus, pondus and the other generous guys  8)! I appreciated your help. Can you help me for the next 3 other laptops ? or I will just do what i've done in the first place ? If its ok? Then I think I can do it.  ;D
« Last Edit: September 07, 2014, 02:12:54 PM by RichardGonzaga »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37147
  • Not a avast user
Re: Shortcut virus - location: cmd (C:\Windows\System32) ????
« Reply #26 on: September 07, 2014, 02:21:10 PM »
Quote
    Can you help me for the next 3 other laptops   
Start with attaching logs for next computer ......

REDACTED

  • Guest
Re: Shortcut virus - location: cmd (C:\Windows\System32) ????
« Reply #27 on: September 08, 2014, 03:07:17 AM »
It is ok that I will not attach the log for MBAM cause the screen is too small so I can't click the export/save log. But it says no malware detected.



REDACTED

  • Guest
Re: Shortcut virus - location: cmd (C:\Windows\System32) ????
« Reply #28 on: September 08, 2014, 03:32:44 AM »
For the fixlog.

and MCshield log

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.9.6.1 / Windows 7 <<<


09/08/2014 9:34:17 AM > Drive C: - scan started (no label ~127 GB, NTFS HDD )...



=> The drive is clean.


09/08/2014 9:34:18 AM > Drive D: - scan started (no label ~171 GB, NTFS HDD )...



=> The drive is clean.



« Last Edit: September 08, 2014, 03:35:02 AM by RichardGonzaga »

Offline TrueIndian

  • Poster
  • *
  • Posts: 433
Re: Shortcut virus - location: cmd (C:\Windows\System32) ????
« Reply #29 on: September 08, 2014, 05:41:48 AM »
If I'm not using avast. It is fine right ?
If you're not using avast!, why are you here asking for help cleaning up a corruption ???
Why not ask Microsoft since they're the ones who let you get infected in the first place.  ???
I'm not trying to be rude but I don't understand your logic and I'm sure argus will still continue to help you.

There is a point in bob's post.But i think we should work together to defeat malware and not watch who is using what and then help them.
Malware Hunter/Tester/Analysis
https://twitter.com/avman1995

“When I despair, I remember that all through history the way of truth and love have always won. There have been tyrants and murderers, and for a time, they can seem invincible, but in the end, they always fall. Think of it--always.”
― Mahatma Gandhi