Author Topic: shortcut virus  (Read 12325 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: shortcut virus
« Reply #15 on: June 11, 2015, 09:20:13 AM »
Hmm..the shortcuts still appear after I delete them, did I do something wrong?

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: shortcut virus
« Reply #16 on: June 11, 2015, 11:31:47 AM »
Why did you open new topic?

Can you make a picture how this looks like?
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

REDACTED

  • Guest
Re: shortcut virus
« Reply #17 on: June 11, 2015, 11:32:39 AM »
Oh...sorry. I thought you forgot to notice my question... Okay I'll create one
« Last Edit: June 11, 2015, 11:35:03 AM by zdsulo »

REDACTED

  • Guest
Re: shortcut virus
« Reply #18 on: June 11, 2015, 11:49:48 AM »
the recycle folder looks like this. the shortcut folder appears only on the first folders of the drives. If i go inside the second folders, there is no shortcut folder. along with this, there should be 3 snaps.
« Last Edit: June 11, 2015, 02:21:41 PM by zdsulo »

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: shortcut virus
« Reply #19 on: June 11, 2015, 03:32:17 PM »
This doesn't look like something malicious to me. Let's run one more tool:


Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on icon and select Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
Code: [Select]
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

REDACTED

  • Guest
Re: shortcut virus
« Reply #20 on: June 11, 2015, 05:16:33 PM »
Um.. I uninstalled Avast, downloaded and installed it again and ran a boot time scan. It found quite a few viruses this time. Now, the shortcut virus seems to be gone. But two problems are bugging me. First one is that Avast detected virus in the windows folder (windows\system32\wdi\......\snapshot.etl) Can i delete these files?
And the second is a command prompt that keeps popping up every time i boot the computer.(picture of the prompt has been attached) How do i stop this?
And finally here is the zoek file log.
Oh and one more thing, do I delete the recycle bin folder? If not, how can I hide it again?
Thanks. 
« Last Edit: June 11, 2015, 05:46:58 PM by zdsulo »

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: shortcut virus
« Reply #21 on: June 11, 2015, 05:59:12 PM »
No, files Avast detected are probably only password protected, so Avast could not access them, so it reported this. Do not touch them.

To hide files, look here:

http://www.howtogeek.com/194671/how-to-hide-files-and-folders-on-every-operating-system/

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.

My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

REDACTED

  • Guest
Re: shortcut virus
« Reply #22 on: June 11, 2015, 06:46:05 PM »
Here are the files. Thanks for checking it again.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: shortcut virus
« Reply #23 on: June 11, 2015, 06:52:33 PM »
Quote
  No, files Avast detected are probably only password protected, so Avast could not access them, so it reported this. Do not touch them. 

@zdsulo   
did the message from avast say   "some files could not be scanned"  ?    If so, this is not a detection but a scan error message


REDACTED

  • Guest
Re: shortcut virus
« Reply #24 on: June 11, 2015, 06:56:06 PM »
yah.. avast said that.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: shortcut virus
« Reply #25 on: June 11, 2015, 07:05:05 PM »

Offline TwinHeadedEagle

  • Malware Removal Expert
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2987
    • Zemana
Re: shortcut virus
« Reply #26 on: June 11, 2015, 07:12:12 PM »
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
My help is free, however if you'd like to show your appreciation by leaving a donation, it will be much appreciated ------> DONATE

REDACTED

  • Guest
Re: shortcut virus
« Reply #27 on: June 11, 2015, 07:15:14 PM »
the command prompt is gone. thanks a lot!
« Last Edit: June 11, 2015, 08:07:41 PM by zdsulo »

REDACTED

  • Guest
Re: shortcut virus
« Reply #28 on: June 11, 2015, 07:24:20 PM »
okay, i believe the fix log is attached.

REDACTED

  • Guest
Re: shortcut virus
« Reply #29 on: June 11, 2015, 08:02:38 PM »
BTW let me clarify something, since you told me not to touch the files that avast had detected in windows system32, i have not deleted them. Is there a risk of getting infected again if i restore them? i've attached a picture of the files in the quarantine.
Thanks.