Problem with continous creation of shortcuts in the pendrive
Solved/Closed
light of dawn
Posts
9
Registration date
Sunday August 25, 2013
Status
Member
Last seen
September 10, 2013
-
Aug 25, 2013 at 09:28 AM
light of dawn Posts 9 Registration date Sunday August 25, 2013 Status Member Last seen September 10, 2013 - Aug 30, 2013 at 11:39 AM
light of dawn Posts 9 Registration date Sunday August 25, 2013 Status Member Last seen September 10, 2013 - Aug 30, 2013 at 11:39 AM
Related:
- Problem with continous creation of shortcuts in the pendrive
- The joy of creation download - Download - Horror
- Keyboard opening shortcuts instead of typing - Guide
- Shortcut for e with accent - Guide
- At the rate shortcut key - Guide
- Google creation date - Guide
2 responses
light of dawn
Posts
9
Registration date
Sunday August 25, 2013
Status
Member
Last seen
September 10, 2013
Aug 26, 2013 at 06:07 AM
Aug 26, 2013 at 06:07 AM
been there........
done that.....
i have done everything I could with suggestions and softwares from internet......
literally i've tried everything.....
and feeling totally helpless now.....
i've never faced something like this......!!
i still can see the shortcuts.....
i can't even have access to my files without disabling the hidden file options.......
someone please provide me some real solution.......
i just feel like throwing the flash drive away........!!!
and finally....
attrib -h -r -s /s /d g:\*.*
is useless.....
:/
and everytime malwarebytes deletes the viruses hiding in the pendrive......
it shows solved or deleted in the scan result......
but still it keeps coming back........!!!
done that.....
i have done everything I could with suggestions and softwares from internet......
literally i've tried everything.....
and feeling totally helpless now.....
i've never faced something like this......!!
i still can see the shortcuts.....
i can't even have access to my files without disabling the hidden file options.......
someone please provide me some real solution.......
i just feel like throwing the flash drive away........!!!
and finally....
attrib -h -r -s /s /d g:\*.*
is useless.....
:/
and everytime malwarebytes deletes the viruses hiding in the pendrive......
it shows solved or deleted in the scan result......
but still it keeps coming back........!!!
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Aug 25, 2013 at 04:33 PM
Aug 25, 2013 at 04:33 PM
If you did not format your flash drive, then check whether the files are not in
hidden mode. Follow the following steps.
Step 1:
Click on the below link and download the file "AutorunExterminator"
https://ccm.net/downloads/security-and-maintenance/5911-autorun-exterminator/
Extract it --> Double-click on "AutorunExterminator" --> Plug your flash drive now.
This will remove the autorun.inf files from your flash drive and also from drives.
Step 2:
Click on "Start" -->Run --> type cmd and click on OK.
Here I assume your flash drive letter as G:
Enter this command.
attrib -h -r -s /s /d g:\*.*
You can copy the above command --> Right-click in the Command Prompt and
paste it.
Note : Don't forget to replace the letter g with your flash drive letter.
Now press "Enter".
Now check for your files in Flash Drive.
Step 3:
After that, download the Malwarebytes' Anti-Malware from the below link
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Update it --> Perform "Full Scan"
Note : Default selected option is "Quick Scan".
Good Luck.
hidden mode. Follow the following steps.
Step 1:
Click on the below link and download the file "AutorunExterminator"
https://ccm.net/downloads/security-and-maintenance/5911-autorun-exterminator/
Extract it --> Double-click on "AutorunExterminator" --> Plug your flash drive now.
This will remove the autorun.inf files from your flash drive and also from drives.
Step 2:
Click on "Start" -->Run --> type cmd and click on OK.
Here I assume your flash drive letter as G:
Enter this command.
attrib -h -r -s /s /d g:\*.*
You can copy the above command --> Right-click in the Command Prompt and
paste it.
Note : Don't forget to replace the letter g with your flash drive letter.
Now press "Enter".
Now check for your files in Flash Drive.
Step 3:
After that, download the Malwarebytes' Anti-Malware from the below link
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Update it --> Perform "Full Scan"
Note : Default selected option is "Quick Scan".
Good Luck.
Aug 26, 2013 at 06:22 AM
Download UsbFix (created by El Desaparecido) on your desktop.
http://ccm.net/download/download-24089-usbfix
If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.
Click on deletion
.
Let the tool work.
Ambucias
Moderator/virus security contributor
Aug 27, 2013 at 01:33 PM
specially when I click "deletion"
Aug 27, 2013 at 04:19 PM
Here is a tool to remove the virus and vaccinate your USB against further viruses.
Download UsbFix (created by El Desaparecido) on your desktop.
http://ccm.net/download/download-24089-usbfix
If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.
Click on deletion
.
Let the tool work.
Ambucias
Moderator/virus security contributor
At the end of the scan a report will show which you can copy and paste here..
The report is save at the root ( C:\UsbFix.txt ).
P.S. If the does not complete, repeat in safe mode.
Aug 28, 2013 at 08:48 AM
but I am uploading the log it has now in my pc as you required.......
############################## | UsbFix V 7.133 | [Deletion]
User: User (Administrator) # NAFI
Updated 27/08/2013 by El Desaparecido
Started at 22:09:05 | 27/08/2013
Website: https://www.sosvirus.net/
Upload Malware: http://sosvirus.net/viewtopic.php?f=6&t=489
Contact: eldesaparecido@sosvirus.net
PC: Acer (AOD270) (X86-based PC)
CPU: Intel(R) Atom(TM) CPU N2600 @ 1.60GHz (1600)
RAM -> [Total : 2036 | Free : 363]
BIOS: InsydeH2O Version CCB.03.61.31V1.06
BOOT: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 50 Gb (21 Mb free - 42%) [] # NTFS
E:\ -> Fixed drive # 124 Gb (16 Mb free - 13%) [Others] # NTFS
G:\ -> Removable drive # 15 Gb (2 Mb free - 15%) [RATUL] # FAT32
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [GfxServiceInstall] - C:\Windows\system32\GfxCUIServiceInstall.vbs
HKLM\SOFTWARE | Run : [ETDCtrl] - %ProgramFiles%\Elantech\ETDCtrl.exe
HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE | Run : [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [Broadcom Wireless Manager UI] - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
HKLM\SOFTWARE | Run : [LManager] - C:\Program Files\Launch Manager\LManager.exe
HKLM\SOFTWARE | Run : [AdobeAAMUpdater-1.0] - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\SOFTWARE | Run : [AdobeCS5ServiceManager] - "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE | Run : [WiMAXDevDetector] - C:\Program Files\Banglalion Connection Manager\WiMAXDevDetector.exe
HKLM\SOFTWARE | Run : [AtherosBtStack] - "C:\Program Files\Bluetooth Suite\BtvStack.exe"
HKLM\SOFTWARE | Run : [AthBtTray] - "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
HKLM\SOFTWARE | Run : [CancelAutoPlay] - "C:\Program Files\Teletalk 3G\CancelAutoPlay.exe" run
HKLM\SOFTWARE | Run : [UIExec] - "C:\Program Files\Teletalk 3G\UIExec.exe"
HKLM\SOFTWARE | Run : [vProt] - "C:\Program Files\AVG Secure Search\vprot.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-104921175-759645193-2269690925-1000\SOFTWARE | Run : [Avro Keyboard] - C:\Program Files\Avro Keyboard\Avro Keyboard.exe
HKU\S-1-5-21-104921175-759645193-2269690925-1000\SOFTWARE | Run : [googletalk] - C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
HKU\S-1-5-21-104921175-759645193-2269690925-1000\SOFTWARE | Run : [Messenger (Yahoo!)] - "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-104921175-759645193-2269690925-1000\SOFTWARE | Run : [Internet Download Accelerator] - C:\Program Files\IDA\ida.exe -autorun
HKU\S-1-5-21-104921175-759645193-2269690925-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-104921175-759645193-2269690925-1000\SOFTWARE | Run : [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-104921175-759645193-2269690925-1000\SOFTWARE | Run : [fofo] - wscript.exe //B "C:\Users\User\AppData\Roaming\fofo.vbe"
HKU\S-1-5-21-104921175-759645193-2269690925-1000\SOFTWARE | Run : [SM?RT-Protection] - C:\Program Files\Smadav\SM?RTP.exe rtp
HKU\S-1-5-18\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Stopped processes |
Stopped! C:\Windows\system32\WLANExt.exe (1372)
Stopped! C:\Windows\System32\spoolsv.exe (1476)
Stopped! C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (1608)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1628)
Stopped! C:\Program Files\Bluetooth Suite\adminservice.exe (1648)
Stopped! C:\Program Files\Launch Manager\dsiwmis.exe (1700)
Stopped! C:\Program Files\QUBEE WCM\GPCommonService.exe (1736)
Stopped! C:\Program Files\Launch Manager\LMutilps32.exe (1744)
Stopped! C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (1772)
Stopped! C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (1804)
Stopped! C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (1828)
Stopped! C:\Program Files\PANDORA.TV\PanService\PandoraService.exe (1856)
Stopped! C:\Program Files\Teletalk 3G\AssistantServices.exe (1968)
Stopped! C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (2008)
Stopped! C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe (604)
Stopped! C:\Windows\system32\conhost.exe (608)
Stopped! C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (2088)
Stopped! C:\Windows\system32\taskhost.exe (2172)
Stopped! C:\Windows\System32\igfxtray.exe (2652)
Stopped! C:\Windows\System32\hkcmd.exe (2660)
Stopped! C:\Windows\System32\igfxpers.exe (2676)
Stopped! C:\Windows\system32\igfxsrvc.exe (2732)
Stopped! C:\Program Files\Elantech\ETDCtrl.exe (2768)
Stopped! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (2780)
Stopped! C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (2816)
Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (2860)
Stopped! C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (2880)
Stopped! C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (2904)
Stopped! C:\Program Files\Launch Manager\LManager.exe (2912)
Stopped! C:\Program Files\Banglalion Connection Manager\WiMAXDevDetector.exe (3044)
Stopped! C:\Program Files\Launch Manager\LMworker.exe (3096)
Stopped! C:\Program Files\Bluetooth Suite\BtvStack.exe (3132)
Stopped! C:\Program Files\Bluetooth Suite\AthBtTray.exe (3244)
Stopped! C:\Program Files\Teletalk 3G\CancelAutoPlay.exe (3320)
Stopped! C:\Program Files\Teletalk 3G\UIExec.exe (3396)
Stopped! C:\Program Files\AVG Secure Search\vprot.exe (3660)
Stopped! C:\Program Files\Common Files\Java\Java Update\jusched.exe (3928)
Stopped! C:\Program Files\Avro Keyboard\Avro Keyboard.exe (3388)
Stopped! C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (4056)
Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (3808)
Stopped! C:\Program Files\Internet Download Manager\IDMan.exe (3892)
Stopped! C:\Windows\System32\wscript.exe (2112)
Stopped! C:\Program Files\Elantech\ETDCtrlHelper.exe (2844)
Stopped! C:\Windows\system32\SearchIndexer.exe (1384)
Stopped! C:\Program Files\Smadav\SM?RTP.exe (1172)
Stopped! C:\Program Files\Internet Download Manager\IEMonitor.exe (4032)
Stopped! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (1108)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (4088)
Stopped! C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (4332)
Stopped! C:\Program Files\Banglalion Connection Manager\WiMAXCM.exe (5760)
Stopped! C:\Program Files\Banglalion Connection Manager\WCMServer.exe (4076)
Stopped! C:\Windows\system32\conhost.exe (4592)
Stopped! C:\Program Files\Mozilla Firefox\firefox.exe (4528)
Stopped! C:\Program Files\Mozilla Firefox\plugin-container.exe (5996)
Stopped! C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (3168)
Stopped! C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (4940)
Stopped! C:\Windows\system32\WUDFHost.exe (1164)
################## | Files # Infected Folders |
Aug 28, 2013 at 04:09 PM