Other > Viruses and worms
Unknown virus (Secured by Kaspersky Internet Security)
(1/1)
REDACTED:
Hello, my usb drive is infected with a virus where all my files will be gone leaving only 2 files, a readme.txt file and another file named KINGSTON 15GB (Secured by Kaspersky Internet Security 2017). Attached are the logs.
Sass Drake:
* Open Notepad (click Start button -> type notepad.exe -> press Enter)
* Copy text from code block below and paste it into Notepad
--- Code: ---Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorers.lnk [2017-12-13]
ShortcutTarget: explorers.lnk -> C:\Users\User\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsvc.lnk [2017-12-13]
ShortcutTarget: spoolsvc.lnk -> C:\Users\User\AppData\Roaming\Kaspersky Internet Security 2017\spoolsvc.exe ()
HKU\S-1-5-21-2832009157-1620946795-1220949642-1001\...\MountPoints2: {3c94df94-b63e-11e6-827f-086266215369} - "F:\Setup.exe"
HKU\S-1-5-21-2832009157-1620946795-1220949642-1001\...\MountPoints2: {6958b931-113b-11e7-8283-086266215369} - "F:\Setup.exe"
HKU\S-1-5-21-2832009157-1620946795-1220949642-1001\...\MountPoints2: {6f570e3f-2efe-11e5-8269-086266215369} - "F:\windows\Data\autorun.exe"
HKU\S-1-5-21-2832009157-1620946795-1220949642-1001\...\MountPoints2: {7328162e-4f1a-11e7-8286-086266215369} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2832009157-1620946795-1220949642-1001\...\MountPoints2: {974da2fb-d8ff-11e4-8264-40e230dede8c} - "F:\AutoRun.exe"
HKU\S-1-5-21-2832009157-1620946795-1220949642-1001\...\MountPoints2: {ae7889f0-fd1d-11e4-8268-086266215369} - "F:\AutoRun.exe"
HKU\S-1-5-21-2832009157-1620946795-1220949642-1001\...\MountPoints2: {b91a55b0-d8d9-11e4-8264-40e230dede8c} - "F:\AutoRun.exe"
HKU\S-1-5-21-2832009157-1620946795-1220949642-1001\...\MountPoints2: {b91a58b8-d8d9-11e4-8264-40e230dede8c} - "F:\AutoRun.exe"
HKU\S-1-5-21-2832009157-1620946795-1220949642-1001\...\MountPoints2: {f418842d-991b-11e6-8276-40e230dede8c} - "F:\Setup.exe"
HKU\S-1-5-21-2832009157-1620946795-1220949642-1001\...\MountPoints2: {f4dbeaac-69b3-11e6-8274-086266215369} - "F:\Setup.exe"
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3176921&SearchSource=48&CUI=UN34729215091076614&UM=2
CHR StartupUrls: Default -> "hxxp://www.google.com.my/","hxxp://search.conduit.com/?ctid=CT3176921&SearchSource=48&CUI=UN34729215091076614&UM=2","hxxp://search.findwide.com/?guid={1E61F816-A3AB-4E42-84F6-DB3B95294905}&serpv=22"
Task: {384C5E4E-E54F-46A5-9959-201406FB821C} - \KwRunAsStdUser Task15772 -> No File <==== ATTENTION
Task: {5604013B-2C8F-48DC-862E-93586D8929F8} - \KwRunAsStdUser Task11127 -> No File <==== ATTENTION
Task: {75849D68-7A84-4715-A859-85E840CC2D3E} - \KwRunAsStdUser Task10510 -> No File <==== ATTENTION
C:\Users\User\AppData\Roaming\Kaspersky Internet Security 2017
EmptyTemp:
--- End code ---
* Go to File -> Save As
* Make sure that UTF-8 is selected as Encoding (left side of Save button)
* Save it as fixlist.txt on Desktop
* Open again FRST and click on button Fix
* Wait until FRST finishes
* fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
Navigation
[0] Message Index
Go to full version