Shortcut virus - location: cmd

[REDACTED]

Hello,

I'm currently having the same issue as this user in the topic below.
https://forum.avast.com/index.php?topic=138715.0

Therefore, I'm trying to follow TwinHeadedEagle's procedure, and I'm currently in the phase after the first usage of Farbar Recovery Scan Tool by Farbar. I've included all the needed attached files so far, and I'm awaiting the next step. My USB key is detached from any computer right now, as per instruction from the previous topic.

If any steps need to be retaken, or if there's anything else I should do, please let me know. Thank you for your help!

[TwinHeadedEagle]

Monitoring...

[TwinHeadedEagle]

Uninstall Ad-Aware Antivirus


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please attach it to your reply.



Please download MCShield from one of the following links:

MCShield -Official download link

• Double click on MCShield-Setup to install the application.
  Next => I Agree => Next => Install ... per installation click on Run! button.
  
• Wait a few seconds to MCShield finish initial HDD scan...
• Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
• When all scanning is done, you need to post a logreport that MCShield has created.

Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.

=> Post here AllScanst.txt


Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

[REDACTED]

Here you go. Thank you very much! I shall keep MCShield from now on.

Anything else I should do?

[TwinHeadedEagle]

Press the + R on your keyboard at the same time. Copy C:\ProgramData\MCShield\AllScans.txt and click OK.

Select all content and copy it here.

[REDACTED]

I already attached it in the previous reply, but for some reason it was renamed with the prefix MCShield. Oh well.

Here you go.

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<


27/05/2015 10:05:00 AM > Drive C: - scan started (no label ~466 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.5.23.1 / Windows 7 <<<


27/05/2015 10:06:08 AM > Drive F: - scan started (no label ~15281 MB, FAT32 flash drive )...



---> Executing generic S&D routine... Searching for files hidden by malware...


---> Items to process: 2

---> F:\SushiSama-14 mars.pdf > unhidden.

---> F:\Luciole.docx > unhidden.



>>> F:\SushiSama-14 mars.lnk - Malware > Deleted. (15.05.27. 10.06 SushiSama-14 mars.lnk.300961; MD5: 1b9693db1b15e038b87c4c352cf94f05)

>>> F:\Luciole.lnk - Malware > Deleted. (15.05.27. 10.06 Luciole.lnk.402122; MD5: 226d3192493c99c92e092acf77363b30)

>>> F:\notepad.vbe - Malware > Deleted. (15.05.27. 10.06 notepad.vbe.119542; MD5: 9ffe72c88ada6aa9580ad9ab685d5561)

>>> F:\PS4.lnk - Malware > Deleted. (15.05.27. 10.06 PS4.lnk.124539; MD5: 57ac531250c4b260231565c1c395dcbc)

>>> F:\Chison.lnk - Malware > Deleted. (15.05.27. 10.06 Chison.lnk.938911; MD5: c8f4f8e0b1e125270ccc7a423bedd9c6)

>>> F:\SUSHI.lnk - Malware > Deleted. (15.05.27. 10.06 SUSHI.lnk.463171; MD5: 28d1a847d101cd50a02f01e3ef4278b1)

>>> F:\scan.lnk - Malware > Deleted. (15.05.27. 10.06 scan.lnk.667887; MD5: d07923a87b91c356fd59cfe6ec02a55a)

> Resetting attributes: F:\PS4 < Successful.

> Resetting attributes: F:\Chison < Successful.

> Resetting attributes: F:\SUSHI < Successful.

> Resetting attributes: F:\scan < Successful.


=> Malicious files   : 7/7 deleted.
=> Hidden folders    : 4/4 unhidden.
=> Hidden files      : 2/2 unhidden.

____________________________________________

::::: Scan duration: 41sec :::::::::::::::::
____________________________________________

[Pondus]

I already attached it in the previous reply,............

this forum dont like MCShield logs, when attaching they look chinese ... thats why we need copy and paste

in case your interested, this was found and removed by MCShield
https://www.virustotal.com/nb/file/a022a4e730dabcbd9b4d3f3192f9c489ab714679c1ce7ff644fb33d82b2c8598/analysis/

[TwinHeadedEagle]

How is your PC behaving now?

[REDACTED]

Thank you for the explanation Pondus!

So far so good. I don't see any issues, and my USB seems clean. Repetitive usage on my computer and the files seem intact; no shortcut created, and no malware detected by MCShield each time it auto-scanned.

Thank you very much! I will update you if any new issues arise related to this issue.