USB Virus Remover is one of the many tool that promise to keep your USB storage devices free of such threats, eliminating the dangers before your system gets infected. Actually, its suggestive.
![]() ![]()
Here are the logs. MCShield AllScans.txt v 3.0.5.28 / DB: 2015.12.6.1 / Windows 7 Drive C: - scan started (no label 130 GB, NTFS HDD ). = The drive is clean. 1/28/2016 12:12:45 PM Drive D: - scan started (no label 400 GB, NTFS HDD ). = The drive is clean.
1/28/2016 12:12:45 PM Drive E: - scan started (no label 401 GB, NTFS HDD ). = The drive is clean. 1/28/2016 12:12:45 PM Drive G: - scan started (no label 7384 MB, FAT32 flash drive ). Executing generic S&D routine. Searching for files hidden by malware.
Items to process: 1 - G: Fratila inst. MAC.docx unhidden. G: Fratila inst.lnk - Malware Deleted. 12.13 Fratila inst.lnk.359966; MD5: 05d99e5b4cebeacb0a171e232c05d081) G: notepad.vbe - Malware Deleted. 12.13 notepad.vbe.214790; MD5: 2ec0d1f255e45c84c5bef8) = Malicious files: 2/2 deleted.
= Hidden files: 1/1 unhidden. ::::: Scan duration: 45sec::::::::::::::::: MCShield::Anti-Malware Tool:: v 3.0.5.28 / DB: 2015.12.6.1 / Windows 7 Drive G: - scan started (no label 7384 MB, FAT32 flash drive ).
Executing generic S&D routine. Searching for files hidden by malware. Items to process: 1 - G: Fratila inst. MAC.docx unhidden. G: Fratila inst.lnk - Malware Deleted. 12.17 Fratila inst.lnk.938793; MD5: 05d99e5b4cebeacb0a171e232c05d081) G: notepad.vbe - Malware Deleted. 12.17 notepad.vbe.624244; MD5: 2ec0d1f255e45c84c5bef8) = Malicious files: 2/2 deleted.
= Hidden files: 1/1 unhidden. ::::: Scan duration: (Interactive mode)::::. Quote CreateRestorePoint: HKU S-1-5-9801-1000. Run: Support Portable Program Link = C: zqyldymaoal nktmdqoaac.exe HKU S-1-5-9801-1000.
Run: Themes Tablet Reports Counter Keying = C: Users Amariucai AppData Local lkqcvwirowl.exe 15-11-12 HKU S-1-5-9801-1000. Run: Spooler Plug Device Services Resolution Windows = C: vesjihtm lynreujfq.exe 3-11-13 HKU S-1-5-9801-1000. Run: notepad = wscript.exe //B 'C: Users Amariucai AppData Roaming notepad notepad.vbe' U3 pflyiuog;??
C: Users AMARIU1 AppData Local Temp pflyiuog.sys X 2016-01-10 20:14 - 2015-11-12 20:46 - 00000000 HD C: Windows stmpegtpjyalw C: Windows kbygzjah.exe C: Windows lkqcvwirowl.exe C: Users Amariucai AppData Local lkqcvwirowl.exe C: vesjihtm C: zqyldymaoal C: Users Amariucai AppData Roaming notepad C: Users Amariucai Desktop ytgdwd81.exe Reg: reg delete HKLM SOFTWARE Policies Microsoft Windows IPSec Policy Local /f Reg: reg add HKLM SOFTWARE Policies Microsoft Windows IPSec Policy Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers. Save this as fixlist.txt, in the same location as FRST.exe Run FRST and press Fix On completion a log will be generated please post that THEN Download to your desktop. download the appropriate version (32 bit or 64 bit) and double click the file to run it. After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad. Post that report Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run. This is MCShield's log. MCShield::Anti-Malware Tool:: v 3.0.5.28 / DB: 2015.12.6.1 / Windows 7 Drive G: - scan started (no label 7384 MB, FAT32 flash drive ).
Executing generic S&D routine. Searching for files hidden by malware. Items to process: 1 - G: Fratila inst.
MAC.docx unhidden. G: Fratila inst.lnk - Malware Deleted.
02.15 Fratila inst.lnk.916180; MD5: 05d99e5b4cebeacb0a171e232c05d081) G: notepad.vbe - Malware Deleted. 02.15 notepad.vbe.715263; MD5: 2ec0d1f255e45c84c5bef8) = Malicious files: 2/2 deleted.
= Hidden files: 1/1 unhidden. ::::: Scan duration: (Interactive mode):::: EDIT: I have scanned and cleaned 2 other usb drives, and the bugger seems gone. They haven't reverted to their shortcut-filled dopplegangers. My thanks to you, dear sir.
Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |