Author Topic: Unknown Virus (Secured By Kaspersky Internet Security) (Read 19912 times)

REDACTED · « **on:** December 06, 2017, 02:41:52 AM »

Hey there

I think my laptop was infected by some kind of viruses (same issue with wan ahmad). When I inserted a flash drive, all of my files are gone, there will be 2 files appeared which is REMOVABLE DISK 7GB(Secured By Kaspersky Internet Security 2017).bat and readme.txt. when i click on the file REMOVABLE DISK 7GB(Secured By Kaspersky Internet Security 2017).bat ,a folder will appeared, named System Volume Information and it contained all of my files. Then, i put another drive and the same thing happens. I had formatted my drive but the files still appeared. I had also tried to scan my laptop, but it does not detect anything. What should i do? I really need your help. Thank you.

Asyn · « **Reply #1 on:** December 06, 2017, 05:23:56 AM »

Attach your basic diagnostic logs. (MBAM, FRST and MCShield)
Instructions: https://forum.avast.com/index.php?topic=194892

REDACTED · « **Reply #2 on:** December 06, 2017, 06:12:05 AM »

Here are the logs
But i still have another drive which may affected my laptop but it is not with me right now, i should have it on friday i guess. So, what should i do?

Sass Drake · « **Reply #3 on:** December 06, 2017, 09:49:39 AM »

Open Notepad (click Start button -> type notepad.exe -> press Enter)
Copy text from code block below and paste it into Notepad

Code: [Select]

VirusTotal: C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe;C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\spoolsvc.exe
Startup: C:\Users\Asus A555L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorers.lnk [2017-11-30]
ShortcutTarget: explorers.lnk -> C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe ()
Startup: C:\Users\Asus A555L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsvc.lnk [2017-11-30]
ShortcutTarget: spoolsvc.lnk -> C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\spoolsvc.exe ()
Startup: C:\Users\Asus A555L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svhost.lnk [2017-12-06]
ShortcutTarget: svhost.lnk -> C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\svhost.exe (No File)
CHR HKU\S-1-5-21-4193916560-1828382214-1993866547-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Bing) - C:\Users\Asus A555L\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-11-29]
C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017
EmptyTemp:

Go to File -> Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

REDACTED · « **Reply #4 on:** December 06, 2017, 02:36:49 PM »

Here it is

REDACTED · « **Reply #5 on:** December 06, 2017, 05:26:21 PM »

One more thing, how about my other thumb drive which is not with me right now, i may have it on friday perhaps. I guess that drive was the main reason how my laptop got affected. What should i do with it when i have it this friday?

Sass Drake · « **Reply #6 on:** December 06, 2017, 07:05:10 PM »

Scan it with MCShield.

• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

REDACTED · « **Reply #7 on:** December 07, 2017, 02:07:58 AM »

I had done ran it. Is there anything else i need to do?

Sass Drake · « **Reply #8 on:** December 07, 2017, 11:14:11 AM »

Nope.

REDACTED · « **Reply #9 on:** December 07, 2017, 11:49:37 AM »

Ok then, thank you so much

REDACTED · « **Reply #10 on:** December 11, 2018, 03:40:50 PM »

hey there,

i have the same issues with my USB flash drive. kindly help me get rid of the Unknown Virus (Secured by Kaspersky Internet security 2017).

Thank You.

Sass Drake · « **Reply #11 on:** December 11, 2018, 07:58:00 PM »

Quote from: Adebayo2 on December 11, 2018, 03:40:50 PM

hey there,

i have the same issues with my USB flash drive. kindly help me get rid of the Unknown Virus (Secured by Kaspersky Internet security 2017).

Thank You.

Open new topic and attach FRST logs from your system.

Author Topic: Unknown Virus (Secured By Kaspersky Internet Security) (Read 19912 times)

REDACTED

Unknown Virus (Secured By Kaspersky Internet Security)

Asyn

Re: Unknown Virus (Secured By Kaspersky Internet Security)

REDACTED

Re: Unknown Virus (Secured By Kaspersky Internet Security)

Sass Drake

Re: Unknown Virus (Secured By Kaspersky Internet Security)

REDACTED

Re: Unknown Virus (Secured By Kaspersky Internet Security)

REDACTED

Re: Unknown Virus (Secured By Kaspersky Internet Security)

Sass Drake

Re: Unknown Virus (Secured By Kaspersky Internet Security)

REDACTED

Re: Unknown Virus (Secured By Kaspersky Internet Security)

Sass Drake

Re: Unknown Virus (Secured By Kaspersky Internet Security)

REDACTED

Re: Unknown Virus (Secured By Kaspersky Internet Security)

REDACTED

Re: Unknown Virus (Secured By Kaspersky Internet Security)

Sass Drake

Re: Unknown Virus (Secured By Kaspersky Internet Security)