Author Topic: Unknown Virus (Secured By Kaspersky Internet Security)  (Read 313 times)

0 Members and 1 Guest are viewing this topic.

Offline Fahmi Muza

  • Newbie
  • *
  • Posts: 6
Unknown Virus (Secured By Kaspersky Internet Security)
« on: December 06, 2017, 02:41:52 AM »
Hey there

I think my laptop was infected by some kind of viruses (same issue with wan ahmad). When I inserted a flash drive, all of my files are gone, there will be 2 files appeared which is REMOVABLE DISK 7GB(Secured By Kaspersky Internet Security 2017).bat and readme.txt. when i click on the file REMOVABLE DISK 7GB(Secured By Kaspersky Internet Security 2017).bat ,a folder will appeared, named System Volume Information and it contained all of my files. Then, i put another drive and the same thing happens. I had formatted my drive but the files still appeared.  I had also tried to scan my laptop, but it does not detect anything. What should i do? I really need your help. Thank you.

Offline Asyn

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 49358
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Unknown Virus (Secured By Kaspersky Internet Security)
« Reply #1 on: December 06, 2017, 05:23:56 AM »
Attach your basic diagnostic logs. (MBAM, FRST and MCShield)
Instructions: https://forum.avast.com/index.php?topic=194892
Win 8.1 [x64] - Avast Premier 17.9.2320.Beta#2 - CC 5.37 [OD] - MCS [OD] - EEK [OD] - FF ESR 52.5.2 [NS5/uBO] - Thunderbird 52.5 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Fahmi Muza

  • Newbie
  • *
  • Posts: 6
Re: Unknown Virus (Secured By Kaspersky Internet Security)
« Reply #2 on: December 06, 2017, 06:12:05 AM »
Here are the logs
But i still have another drive which may affected my laptop but it is not with me right now, i should have it on friday i guess. So, what should i do?

Offline Sass Drake

  • MyCity AMF R2
  • Sr. Member
  • ****
  • Posts: 212
Re: Unknown Virus (Secured By Kaspersky Internet Security)
« Reply #3 on: December 06, 2017, 09:49:39 AM »
  • Open Notepad (click Start button -> type notepad.exe -> press Enter)
  • Copy text from code block below and paste it into Notepad
Code: [Select]
VirusTotal: C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe;C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\spoolsvc.exe
Startup: C:\Users\Asus A555L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorers.lnk [2017-11-30]
ShortcutTarget: explorers.lnk -> C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe ()
Startup: C:\Users\Asus A555L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsvc.lnk [2017-11-30]
ShortcutTarget: spoolsvc.lnk -> C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\spoolsvc.exe ()
Startup: C:\Users\Asus A555L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svhost.lnk [2017-12-06]
ShortcutTarget: svhost.lnk -> C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017\svhost.exe (No File)
CHR HKU\S-1-5-21-4193916560-1828382214-1993866547-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Bing) - C:\Users\Asus A555L\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-11-29]
C:\Users\Asus A555L\AppData\Roaming\Kaspersky Internet Security 2017
EmptyTemp:
  • Go to File -> Save As
  • Make sure that  UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Offline Fahmi Muza

  • Newbie
  • *
  • Posts: 6
Re: Unknown Virus (Secured By Kaspersky Internet Security)
« Reply #4 on: December 06, 2017, 02:36:49 PM »
Here it is

Offline Fahmi Muza

  • Newbie
  • *
  • Posts: 6
Re: Unknown Virus (Secured By Kaspersky Internet Security)
« Reply #5 on: December 06, 2017, 05:26:21 PM »
One more thing, how about my other thumb drive which is not with me right now, i may have it on friday perhaps. I guess that drive was the main reason how my laptop got affected. What should i do with it when i have it this friday?

Offline Sass Drake

  • MyCity AMF R2
  • Sr. Member
  • ****
  • Posts: 212
Re: Unknown Virus (Secured By Kaspersky Internet Security)
« Reply #6 on: December 06, 2017, 07:05:10 PM »
Scan it with MCShield.  ;)


The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Offline Fahmi Muza

  • Newbie
  • *
  • Posts: 6
Re: Unknown Virus (Secured By Kaspersky Internet Security)
« Reply #7 on: December 07, 2017, 02:07:58 AM »
I had done ran it. Is there anything else i need to do?

Offline Sass Drake

  • MyCity AMF R2
  • Sr. Member
  • ****
  • Posts: 212
Re: Unknown Virus (Secured By Kaspersky Internet Security)
« Reply #8 on: December 07, 2017, 11:14:11 AM »
Nope. :)

Offline Fahmi Muza

  • Newbie
  • *
  • Posts: 6
Re: Unknown Virus (Secured By Kaspersky Internet Security)
« Reply #9 on: December 07, 2017, 11:49:37 AM »
Ok then, thank you so much  ;D  ;D