Author Topic: Shortcut virus  (Read 6286 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Shortcut virus
« on: May 24, 2016, 06:16:04 AM »
Hi, I need some help please! My laptop is infected with a virus that turn my files into shorcuts. I don"t know how to fix the problem. Can anybody help me please??  Thank you in advance


Hola! Necesito ayuda urgente por favor! Mi laptop está infectada con un virus que reemplaza los archivos por accesos directos en la USB. No sé como eliminarlo. Si me pueden ayudar estaré muy agradecida! Muchas gracias de antemano
« Last Edit: May 24, 2016, 06:19:40 AM by Carolina39 »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Shortcut virus
« Reply #1 on: May 24, 2016, 07:41:43 AM »
Attach your diagnostic logs. (MBAM, FRST and MCShield)
Instructions: https://forum.avast.com/index.php?topic=53253
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

REDACTED

  • Guest
Re: Shortcut virus
« Reply #2 on: May 25, 2016, 07:02:28 AM »
Hi Asyn. I've just finished the scan with Malwarebites Anti-malware. It says that there is no malware in my laptop but it founds 5 pottentially unwanted programs (registry keys). Do I proceed to remove them with Malwares anti-malware?? I don't know what to do. Thanks for your help

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Shortcut virus
« Reply #3 on: May 25, 2016, 07:06:15 AM »
Follow the instructions and attach the requested logs.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

REDACTED

  • Guest
Re: Shortcut virus
« Reply #4 on: May 25, 2016, 08:25:18 AM »
Hi Asyn:
There are the logs. When i was running the aswMBR program, it stopped and a Scan error message appeared. I tried to run it several times but the program always stopped.  Thank you so much for your help!!
« Last Edit: May 25, 2016, 08:43:24 AM by Carolina39 »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Shortcut virus
« Reply #5 on: May 25, 2016, 08:57:17 AM »
OK, now you've to wait a bit...

PS: Could you please copy and paste the MCShield log..!?
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

REDACTED

  • Guest
Re: Shortcut virus
« Reply #6 on: May 25, 2016, 09:00:40 AM »
>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 7 <<<


25/05/2016 02:08:46 a.m. > Drive C: - scan started (no label ~233 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 7 <<<


25/05/2016 02:13:22 a.m. > Drive F: - scan started (UNIDAD_USB ~3832 MB, FAT32 flash drive )...


>>> F:\Travaux.lnk - Malware > Deleted. (16.05.25. 02.16 Travaux.lnk.396420; MD5: 3b71d14a8c946e02f41743f7cfd92eba)

>>> F:\Ana Rewakowicz.lnk - Malware > Deleted. (16.05.25. 02.16 Ana Rewakowicz.lnk.968727; MD5: 4f73d30b76f1ff2b55e01da2aa12081a)

>>> F:\TP2.lnk - Malware > Deleted. (16.05.25. 02.16 TP2.lnk.973028; MD5: 3e0f98ea8ce1b614612bf583fa40e399)

>>> F:\System Volume Information.lnk - Malware > Deleted. (16.05.25. 02.16 System Volume Information.lnk.980877; MD5: adcf0666fd067f70cbd0c729dab5dca2)

>>> F:\AUTOCAD ET PROJETS.lnk - Malware > Deleted. (16.05.25. 02.16 AUTOCAD ET PROJETS.lnk.466407; MD5: 6ab58b7986d405ec5cefe0bb065e868d)

>>> F:\Nuevo.lnk - Malware > Deleted. (16.05.25. 02.16 Nuevo.lnk.908834; MD5: 68d8d781b782f6f6daaf7757679c1f23)

>>> F:\notepad.vbe - Malware > Deleted. (16.05.25. 02.16 notepad.vbe.641230; MD5: 9ffe72c88ada6aa9580ad9ab685d5561)

> F:\System Volume Information

>>> F:\System Volume Information - Malware (folder) > Deleted. (16.05.25. 02.16 System Volume Information.23602)

> Resetting attributes: F:\Travaux < Successful.

> Resetting attributes: F:\Ana Rewakowicz < Successful.

> Resetting attributes: F:\TP2 < Successful.

> Resetting attributes: F:\AUTOCAD ET PROJETS < Successful.

> Resetting attributes: F:\Nuevo < Successful.


=> Malicious files   : 7/7 deleted.
=> Malicious folders : 1/1 deleted.
=> Hidden folders    : 5/5 unhidden.

____________________________________________

::::: Scan duration: (Interactive mode) ::::
____________________________________________


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Shortcut virus
« Reply #7 on: May 25, 2016, 09:13:18 AM »
Good job Carolina, as said, now you've to wait a bit...
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Shortcut virus
« Reply #8 on: May 25, 2016, 09:16:46 AM »
Quote
Do I proceed to remove them with Malwares anti-malware?? I don't know what to do.
Yes


Good job Carolina, as said, now you've to wait a bit...
That means hours, as malware experts is usually online after 15:00 european time   ;)



In case you are curious, this was the bug MCShield found on your flash drive
https://www.virustotal.com/en/file/a022a4e730dabcbd9b4d3f3192f9c489ab714679c1ce7ff644fb33d82b2c8598/analysis/




« Last Edit: May 25, 2016, 09:42:30 AM by Pondus »

REDACTED

  • Guest
Re: Shortcut virus
« Reply #9 on: May 25, 2016, 09:20:31 AM »
I will wait, take your time! Thank you so much!

REDACTED

  • Guest
Re: Shortcut virus
« Reply #10 on: May 25, 2016, 09:38:19 AM »
Quote
Do I proceed to remove them with Malwares anti-malware?? I don't know what to do.
Yes


Good job Carolina, as said, now you've to wait a bit...
That means hours, as Essexboy is usually online after 15:00 european time   ;)



In case you are curious, this was the bug MCShield found on your flash drive
https://www.virustotal.com/en/file/a022a4e730dabcbd9b4d3f3192f9c489ab714679c1ce7ff644fb33d82b2c8598/analysis/


wow, it looks "dangerous" lol. My flash drive was infected in a library  :(

Offline dbrisendine

  • Malware Fighter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1258
Re: Shortcut virus
« Reply #11 on: May 25, 2016, 09:54:44 AM »

Fix with Farbar Recovery Scan Tool
This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
Win7 x32 Ult. SP1, Brain 2.0 / Win10 x64, Brain2.5
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE

REDACTED

  • Guest
Re: Shortcut virus
« Reply #12 on: May 25, 2016, 10:20:14 AM »
Thanks! This is the fixlog

Offline dbrisendine

  • Malware Fighter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1258
Re: Shortcut virus
« Reply #13 on: May 25, 2016, 05:06:42 PM »
Thanks for the log file; looks good so far.  How is your system running now?



FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
[ul]
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:


Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this


On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
[/ul]

Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
Win7 x32 Ult. SP1, Brain 2.0 / Win10 x64, Brain2.5
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE

REDACTED

  • Guest
Re: Shortcut virus
« Reply #14 on: May 25, 2016, 09:29:52 PM »
Thank you so much! Here are the last logs! My laptop works great now!  I'm so happy and so grateful! :D ;D :D