Author Topic: . bat secured by kapersky internet security 2017 virus (Read 3068 times)

REDACTED · « **on:** November 30, 2017, 08:28:48 AM »

Hi all,

Newcomer here

I think my laptop has been infected by this .bat virus/Trojan.

It has affected by USB drives.
while I manage to save the USB drives, problem still persist the moment I inserted usb drives in my laptop.

installed avast free and subscribed to avast cleanup to no avail.

need assistance to get rid this virus from my laptop.

Asyn · « **Reply #1 on:** November 30, 2017, 08:35:02 AM »

Attach your basic diagnostic logs. (MBAM, FRST and MCShield)
Instructions: https://forum.avast.com/index.php?topic=194892

REDACTED · « **Reply #2 on:** November 30, 2017, 10:16:49 AM »

Hi,

Attached are files required. took a bit of time to respond.

REDACTED · « **Reply #3 on:** November 30, 2017, 10:22:04 AM »

MCS Shield

Pondus · « **Reply #4 on:** November 30, 2017, 10:28:35 AM »

MCShield log must be copy an paste here og it wil look like chinese

It may take some hours before malware experts are online

REDACTED · « **Reply #5 on:** November 30, 2017, 10:32:41 AM »

Thanks Pondus.

here goes.

>>> MCShield AllScans.txt <<<

-----------------------------

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<

30/11/2017 5:19:08 PM > Drive C: - scan started (Windows8_OS ~426 GB, NTFS HDD )...

=> The drive is clean.

30/11/2017 5:19:09 PM > Drive D: - scan started (LENOVO ~25 GB, NTFS HDD )...

=> The drive is clean.

30/11/2017 5:19:10 PM > Drive E: - scan started (no label ~3846 MB, FAT32 flash drive )...

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<

30/11/2017 5:19:47 PM > Drive E: - scan started (no label ~3846 MB, FAT32 flash drive )...

=> The drive is clean.

Sass Drake · « **Reply #6 on:** December 01, 2017, 03:01:22 PM »

Open Notepad (click Start button -> type notepad.exe -> press Enter)
Copy text from code block below and paste it into Notepad

Code: [Select]

IFEO\appvlp.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\googleearth.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\iumsvc.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lenovo.harmonypicks.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lenovo.harmonysetting.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msouc.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\netcamstudio.client.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\netcamstudiox.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenotem.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\setlang.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
VirusTotal: C:\Users\Sharul Sazman Samaan\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe
Startup: C:\Users\Sharul Sazman Samaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorers.lnk [2017-11-30]
ShortcutTarget: explorers.lnk -> C:\Users\Sharul Sazman Samaan\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe ()
C:\Users\Sharul Sazman Samaan\AppData\Roaming\Kaspersky Internet Security 2017

Go to File -> Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

REDACTED · « **Reply #7 on:** December 03, 2017, 08:00:38 AM »

Sass Drake, here goes.

verdict?

Sass Drake · « **Reply #8 on:** December 03, 2017, 11:39:54 AM »

What is current status of your system?

REDACTED · « **Reply #9 on:** December 03, 2017, 11:51:23 AM »

System working fine.

I tried 2 infected usb and format it. so far no trace of .bat symptom

Sass Drake · « **Reply #10 on:** December 03, 2017, 01:03:40 PM »

Cool.

• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

REDACTED · « **Reply #11 on:** December 03, 2017, 01:33:12 PM »

To the team, thanks so much.

i was wondering, as i have another pc also showing the symptom, does it also has to go the same procedure?.

that PC is my secondary, only for gaming thus far so not so much pressing for fix. I just have to avoid using usb

Sass Drake · « **Reply #12 on:** December 03, 2017, 09:48:07 PM »

Open the new topic and post MBAM and FRST logs from that PC.

Author Topic: . bat secured by kapersky internet security 2017 virus (Read 3068 times)

REDACTED

. bat secured by kapersky internet security 2017 virus

Asyn

Re: . bat secured by kapersky internet security 2017 virus

REDACTED

Re: . bat secured by kapersky internet security 2017 virus

REDACTED

Re: . bat secured by kapersky internet security 2017 virus

Pondus

Re: . bat secured by kapersky internet security 2017 virus

REDACTED

Re: . bat secured by kapersky internet security 2017 virus

Sass Drake

Re: . bat secured by kapersky internet security 2017 virus

REDACTED

Re: . bat secured by kapersky internet security 2017 virus

Sass Drake

Re: . bat secured by kapersky internet security 2017 virus

REDACTED

Re: . bat secured by kapersky internet security 2017 virus

Sass Drake

Re: . bat secured by kapersky internet security 2017 virus

REDACTED

Re: . bat secured by kapersky internet security 2017 virus

Sass Drake

Re: . bat secured by kapersky internet security 2017 virus