How to remove virus
Closed
farzeen
Posts
1
Registration date
Saturday January 4, 2014
Status
Member
Last seen
January 4, 2014
-
Jan 4, 2014 at 10:16 PM
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 - Jan 5, 2014 at 06:29 AM
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 - Jan 5, 2014 at 06:29 AM
Related:
- Attrib - r-h-s /s /d *.* usb
- Goose virus - Download - Other
- Ntuser.dat virus - Guide
- How to remove blacklist number - Guide
- Can jpg have virus - Guide
- How to remove unhide files virus ✓ - Pen Drive, USB & SD Card Forum
10 responses
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Jan 5, 2014 at 05:18 AM
Jan 5, 2014 at 05:18 AM
Hello,
This type issue could be caused by a USB virus. It will spread to all of your USB memory devices and hard disk.
Here is a tool to remove the virus and vaccinate your USB against further viruses.
Download UsbFix (created by El Desaparecido) on your desktop.
http://ccm.net/download/download-24089-usbfix
If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.
Click on deletion
.
Let the tool work.
At the end of the scan a report will show which you can copy and paste here..
The report is save at the root ( C:\UsbFix.txt ).
You can also vaccinate against any virus.
Gabriel.
This type issue could be caused by a USB virus. It will spread to all of your USB memory devices and hard disk.
Here is a tool to remove the virus and vaccinate your USB against further viruses.
Download UsbFix (created by El Desaparecido) on your desktop.
http://ccm.net/download/download-24089-usbfix
If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.
Click on deletion
.
Let the tool work.
At the end of the scan a report will show which you can copy and paste here..
The report is save at the root ( C:\UsbFix.txt ).
You can also vaccinate against any virus.
Gabriel.
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Jan 5, 2014 at 05:58 AM
Jan 5, 2014 at 05:58 AM
Have you got the report please ?
Gabriel.
Gabriel.
Didn't find the answer you are looking for?
Ask a question
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Jan 5, 2014 at 06:05 AM
Jan 5, 2014 at 06:05 AM
So post it in your next reply please.
Gabriel.
Gabriel.
############################## | UsbFix V 7.158 | [Research]
User: farzeen (Administrator) # ZEEN
Updated 02/01/2014 by El Desaparecido - Team SosVirus
Started at 16:00:51 | 05/01/2014
Website : http://www.en.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: Acer (EA50_HC_CR)
CPU: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
RAM -> [Total : 3911 Mo| Free : 2367 Mo]
Bios: Insyde Corp.
Boot: Normal boot
OS: Microsoft Windows 8 Single Language (6.2.9200 64-Bit)
WB: Windows Internet Explorer : 10.0.9200.16721
SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: avast! Antivirus [Enabled | (!) Outdated]
AS: Windows Defender : 4.3.0215.0
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 153 Gb (64 Mb free - 41%) [Zeen] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 101 Gb (10 Mb free - 10%) [for me] # NTFS
F:\ -> Fixed drive # 98 Gb (52 Mb free - 53%) [For you] # NTFS
G:\ -> Fixed drive # 91 Gb (24 Mb free - 26%) [For us] # NTFS
H:\ -> Removable drive # 7 Gb (413 Mb free - 6%) [PENDRIVE] # FAT32
User: farzeen (Administrator) # ZEEN
Updated 02/01/2014 by El Desaparecido - Team SosVirus
Started at 16:00:51 | 05/01/2014
Website : http://www.en.usbfix.net
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: Acer (EA50_HC_CR)
CPU: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
RAM -> [Total : 3911 Mo| Free : 2367 Mo]
Bios: Insyde Corp.
Boot: Normal boot
OS: Microsoft Windows 8 Single Language (6.2.9200 64-Bit)
WB: Windows Internet Explorer : 10.0.9200.16721
SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AV: avast! Antivirus [Enabled | (!) Outdated]
AS: Windows Defender : 4.3.0215.0
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 153 Gb (64 Mb free - 41%) [Zeen] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 101 Gb (10 Mb free - 10%) [for me] # NTFS
F:\ -> Fixed drive # 98 Gb (52 Mb free - 53%) [For you] # NTFS
G:\ -> Fixed drive # 91 Gb (24 Mb free - 26%) [For us] # NTFS
H:\ -> Removable drive # 7 Gb (413 Mb free - 6%) [PENDRIVE] # FAT32
################## | Active Processes |
C:\Windows\system32\csrss.exe (ID: 512 |ParentID: 500)
C:\Windows\system32\wininit.exe (ID: 568 |ParentID: 500)
C:\Windows\system32\services.exe (ID: 668 |ParentID: 568)
C:\Windows\system32\lsass.exe (ID: 676 |ParentID: 568)
C:\Windows\system32\svchost.exe (ID: 784 |ParentID: 668)
C:\Windows\system32\svchost.exe (ID: 836 |ParentID: 668)
C:\Windows\System32\svchost.exe (ID: 888 |ParentID: 668)
C:\Windows\system32\svchost.exe (ID: 920 |ParentID: 668)
C:\Windows\system32\svchost.exe (ID: 976 |ParentID: 668)
C:\Windows\System32\svchost.exe (ID: 1016 |ParentID: 668)
C:\Windows\system32\svchost.exe (ID: 1092 |ParentID: 668)
C:\Windows\system32\svchost.exe (ID: 1132 |ParentID: 668)
C:\Windows\System32\spoolsv.exe (ID: 1260 |ParentID: 668)
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (ID: 1500 |ParentID: 668)
C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (ID: 1528 |ParentID: 668)
C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (ID: 1548 |ParentID: 668)
C:\Windows\system32\csrss.exe (ID: 512 |ParentID: 500)
C:\Windows\system32\wininit.exe (ID: 568 |ParentID: 500)
C:\Windows\system32\services.exe (ID: 668 |ParentID: 568)
C:\Windows\system32\lsass.exe (ID: 676 |ParentID: 568)
C:\Windows\system32\svchost.exe (ID: 784 |ParentID: 668)
C:\Windows\system32\svchost.exe (ID: 836 |ParentID: 668)
C:\Windows\System32\svchost.exe (ID: 888 |ParentID: 668)
C:\Windows\system32\svchost.exe (ID: 920 |ParentID: 668)
C:\Windows\system32\svchost.exe (ID: 976 |ParentID: 668)
C:\Windows\System32\svchost.exe (ID: 1016 |ParentID: 668)
C:\Windows\system32\svchost.exe (ID: 1092 |ParentID: 668)
C:\Windows\system32\svchost.exe (ID: 1132 |ParentID: 668)
C:\Windows\System32\spoolsv.exe (ID: 1260 |ParentID: 668)
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (ID: 1500 |ParentID: 668)
C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (ID: 1528 |ParentID: 668)
C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (ID: 1548 |ParentID: 668)
################## | Generic Research |
Found ! H:\_WHYQDX.init
Found ! H:\autorun.inf
################## | Registry |
################## | Vaccin |
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> ???
Found ! H:\_WHYQDX.init
Found ! H:\autorun.inf
################## | Registry |
################## | Vaccin |
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> ???
After the run it shows like this
Line 19615 (file "c:/usbfix/go.exe")
Error : the requested action with this object has failed.
What u want me to do?
Line 19615 (file "c:/usbfix/go.exe")
Error : the requested action with this object has failed.
What u want me to do?
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Jan 5, 2014 at 06:29 AM
Jan 5, 2014 at 06:29 AM
Why do you post the report in 3 parts ?
Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan on all discs, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Gabriel.
Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan on all discs, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Gabriel.