Can't remove shortcut virus
Solved/Closed
Al_Bo
Posts
3
Registration date
Monday November 11, 2013
Status
Member
Last seen
November 12, 2013
-
Nov 11, 2013 at 04:28 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - May 20, 2014 at 07:56 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - May 20, 2014 at 07:56 AM
Related:
- Del *.lnk access denied
- Goose virus - Download - Other
- Windows defender can't remove threat ✓ - Viruses & Security Forum
- How to remove trojan virus ✓ - Viruses & Security Forum
- At shortcut - Guide
- Ntuser.dat virus - Guide
5 responses
Al_Bo
Posts
3
Registration date
Monday November 11, 2013
Status
Member
Last seen
November 12, 2013
3
Nov 12, 2013 at 08:52 AM
Nov 12, 2013 at 08:52 AM
Hi,
Running in safe mode worked, the problem seems fixed. Thanks!
The log is
Running in safe mode worked, the problem seems fixed. Thanks!
The log is
############################## | UsbFix V 7.150 | [Deletion]
User: Alex (Administrator) # ALEX-LAPTOP
Updated 08/11/2013 by El Desaparecido - Team SosVirus
Started at 14:30:33 | 12/11/2013
Website : http://www.en.usbfix.net
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: Sony Corporation (VAIO)
CPU: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
RAM -> [Total : 4066 | Free : 2917]
Bios: Insyde Corp.
Boot: Fail-safe boot
OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware : 1.75.0001
FW: Windows FireWall Service [(!) Disabled]
C:\ (%systemdrive%) -> Fixed drive # 577 Gb (272 Mb free - 47%) [] # NTFS
D:\ -> CD-ROM
H:\ -> Removable drive # 15 Gb (15 Mb free - 100%) [] # FAT32
################## | Stopped processes |
Stopped! C:\Windows\Explorer.EXE (ID: 1032 |ParentID: 492)
Stopped! C:\Windows\system32\ctfmon.exe (ID: 1076 |ParentID: 1032)
Stopped! C:\Windows\system32\DllHost.exe (ID: 1332 |ParentID: 708)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\SOFTWARE | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\SOFTWARE | Run : [ISBMgr.exe] - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
04 - HKLM\SOFTWARE | Run : [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
04 - HKLM\SOFTWARE | Run : [Reader Library Launcher] - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
04 - HKLM\SOFTWARE | Run : [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [ISBMgr.exe] - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
04 - HKLM\SOFTWARE\wow6432Node | Run : [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
04 - HKLM\SOFTWARE\wow6432Node | Run : [Reader Library Launcher] - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3503229905-3959933055-1343893597-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-3503229905-3959933055-1343893597-1000\SOFTWARE | Run : [SkyDrive] - "C:\Users\Alex\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
04 - HKU\S-1-5-21-3503229905-3959933055-1343893597-1000\SOFTWARE | Run : [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
04 - HKU\S-1-5-21-3503229905-3959933055-1343893597-1000\SOFTWARE | Run : [iTunesHelper] - wscript.exe //B "C:\Users\Alex\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Generic Research |
Deleted ! C:\Users\Alex\AppData\Local\Temp\iTunesHelper.vbe
Deleted ! C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Deleted ! H:\iTunesHelper.vbe
Deleted ! H:\map.lnk
(!) Temporary files deleted.
################## | Reference of comparison MD5 |
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\Alex\AppData\Local\Temp\iTunesHelper.vbe
Md5 : B3FDF6E7B0AECD48CA7E4921773FB606 -> C:\Users\Alex\AppData\Local\Temp\7z920.exe
Md5 : 2AE9B37AC30676121F0029989DEC79DD -> H:\iTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\Alex\AppData\Local\Temp\iTunesHelper.vbe
Md5 : B3FDF6E7B0AECD48CA7E4921773FB606 -> C:\Users\Alex\AppData\Local\Temp\7z920.exe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> H:\iTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\Alex\AppData\Local\Temp\iTunesHelper.vbe
Md5 : 8EF632D044C361C08122A50A38797B35 -> H:\iTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> C:\Users\Alex\AppData\Local\Temp\iTunesHelper.vbe
Md5 : 32BEF3BB4B558ADE6CF41113628FC86D -> H:\iTunesHelper.vbe
################## | Comparison MD5 |
################## | Registry |
Deleted ! HKU\S-1-5-21-3503229905-3959933055-1343893597-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Deleted ! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Deleted ! HKU\S-1-5-21-3503229905-3959933055-1343893597-1000\Software\.\.\.\.\Mountpoints2\G
################## | Listing |
[07/09/2012 - 11:17:27 | SHD ] C:\$Recycle.Bin
[23/08/2013 - 14:49:35 | N | 1024] C:\.rnd
[12/05/2012 - 12:00:36 | D ] C:\Documentation
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[12/11/2013 - 14:29:28 | ASH | 3197915136] C:\hiberfil.sys
[12/05/2012 - 11:27:26 | D ] C:\Intel
[08/10/2012 - 13:17:30 | RHD ] C:\MSOCache
[12/11/2013 - 14:29:28 | ASH | 4263886848] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[11/11/2013 - 14:55:46 | D ] C:\Program Files
[11/11/2013 - 20:23:39 | D ] C:\Program Files (x86)
[11/11/2013 - 15:09:37 | HD ] C:\ProgramData
[03/05/2013 - 18:54:44 | D ] C:\Python33
[12/05/2012 - 11:30:55 | N | 2197] C:\RHDSetup.log
[25/08/2013 - 14:29:54 | D ] C:\SkyDriveTemp
[12/11/2013 - 14:12:16 | SHD ] C:\System Volume Information
[11/11/2013 - 23:34:02 | D ] C:\temp
[12/11/2013 - 14:44:45 | D ] C:\UsbFix
[12/11/2013 - 14:45:11 | A | 8631] C:\UsbFix [Clean 3] ALEX-LAPTOP.txt
[07/09/2012 - 11:15:07 | RD ] C:\Users
[12/05/2012 - 12:29:23 | D ] C:\VAIO Sample Contents
[07/09/2012 - 15:10:44 | D ] C:\watcom-1.3
[12/11/2013 - 14:29:28 | D ] C:\Windows
[11/11/2013 - 22:20:14 | D ] H:\map
################## | Vaccin |
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
