Shortcut virus - Command Prompt

[REDACTED]

Hi everybody It's been awhile xD

You see, my USB drive had been infected by shortcut virus so I was trying to remove it with the Command Prompt so I typed this command:
                   attrib -r -h -s /d /s *.*
and then:
                   @echo off
                   cls
                   del /f /s /q /a *.lnk

but I by mistake forgot to replace the root directory (C: drive) with the USB flash drive letter, now my computer it's all a mess 
Years ago the analysts in this forum helped me a lot . I was wondering if I can use the Farbar Recovery Scan Tool to solve this

I've attached the FRST file
 
Anybody help me please
Thanks in advance

[Pondus]

Also scroll down to  >>  SPECIFIC INFECTIONS LOGS   and follow MCshield instructions  >>  https://forum.avast.com/index.php?topic=194892.0

MCshield log must be copy paste here ... NOT attach or it will look like chinese


Malware expert is notified. It may take hours before he is online

[REDACTED]

Okay thank you very much, just give me a moment
AllScans log, that's right?
...

Well, something went wrong, USB Drive not showing up in AllScans.txt tab neither LastScan.txt tab, but in "My computer" the USB drive were there, and again all files were in shortcut having destination folder as cmd (C:\Windows\System32), that's why I opened the Command Prompt
 
Here it is my MCShield LastScan log

Code: [Select]


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<

22/03/2018 09:41:27 a. m. > Unidad C: - análisis comenzó (OS ~917 GB, NTFS HDD )...

=> El disco está limpio.
Latest Allscans log (AllScans list is too long) and all of them from february

Code: [Select]

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<

11/02/2018 11:13:27 a. m. > Unidad C: - análisis comenzó (OS ~917 GB, NTFS HDD )...

=> El disco está limpio.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<

11/02/2018 06:45:42 p. m. > Unidad C: - análisis comenzó (OS ~917 GB, NTFS HDD )...

=> El disco está limpio.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<

12/02/2018 10:03:41 a. m. > Unidad C: - análisis comenzó (OS ~917 GB, NTFS HDD )...

=> El disco está limpio.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<

12/02/2018 02:19:19 p. m. > Unidad C: - análisis comenzó (OS ~917 GB, NTFS HDD )...

=> El disco está limpio.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<

14/02/2018 09:00:54 a. m. > Unidad C: - análisis comenzó (OS ~917 GB, NTFS HDD )...

=> El disco está limpio.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 8.1 <<<

16/02/2018 07:21:53 a. m. > Unidad C: - análisis comenzó (OS ~917 GB, NTFS HDD )...

=> El disco está limpio.
System is clean

[Sass Drake]

I don't see malware in FRST logs. Can you explain "now my computer it's all a mess"?

[REDACTED]

Hello

what I did is deleted all files with extension .lnk in root directory (C:) , all shortcuts are gone, how can I undo these commands?

maybe with FRST? What about with this: LastRegBack...

[Michael (alan1998)]

Please don't go messing about with FRST commands without instructions. You may end up doing more damage then good - especially when it comes to your Registry.

Edit: Is Windows pirated?

KMS-R@1n is commonly associated with pirated copies of Windows.

[REDACTED]

yes I understand now the risk of doing things without knowing
it was original, I don't know why I used kms

(sorry for my bad english)

[Sass Drake]

Hello

what I did is deleted all files with extension .lnk in root directory (C:) , all shortcuts are gone, how can I undo these commands?

maybe with FRST? What about with this: LastRegBack...

Only solution is to manually create shortcuts for application you are using or reinstalling them. There is no undo for those commands.


• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

[REDACTED]

Okay, I'll be more careful next time

Thank you very much, just one last question. I'd like to know, could you please explain it to me?. FRST log report include the following: LastRegBack: 2018-03-22 03:50 (prior to that date I hadn't done anything yet)

At first I thought this will work, but it's not really the case.

[Michael (alan1998)]

FRST looks into the system and lists the last registry backup made by the system. The registry backup contains a backup of all the hives. It is different from the LKGC (Last Known Good Configuration) backup of the ControlSet.

There are a number of reasons why you might want to use this backup as a solution to a problem but a common one is where loss or corruption has occurred.

For example, when a program is installed, a new subkey containing settings like a program's location, its version, and how to start the program, are all added to the Windows Registry.

Programs Location is exactly what the shortcut is pointing to. The registry itself wouldn't store a reference to a reference to a program.

[REDACTED]

Hi Michael,

Thank you for your answer, I get it now

Regards