Shortcut virus on my pc & pendrive «SOS»

Closed
skadam1 Posts 1 Registration date Friday March 21, 2014 Status Member Last seen March 21, 2014 - Mar 21, 2014 at 05:17 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Mar 22, 2014 at 06:25 AM
Hi,

I have run USBFIX on my pc to remove shortcut virus permanently., please check below report received and advise what needs to be done...



############################## | UsbFix V 7.167 | [Research]

User: USER (Administrator) # ABC
Updated 13/03/2014 by El Desaparecido - Team SosVirus
Started at 14:33:05 | 21/03/2014

Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : https://ccm.net/forum/viruses-security-7
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: Intel Corporation (D945GCLF)
CPU: Intel(R) Atom(TM) CPU 230 @ 1.60GHz
RAM -> [Total : 1014 Mo| Free : 226 Mo]
Bios: Intel Corp.
Boot: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Mozilla Firefox : 27.0.1

SC: Security Center [Enabled]
WU: Windows Update [Enabled]

FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 29 Gb (2 Mb free - 6%) [] # NTFS
D:\ -> Fixed drive # 39 Gb (20 Mb free - 51%) [] # NTFS
E:\ -> Fixed drive # 39 Gb (2 Mb free - 6%) [] # NTFS
F:\ -> Fixed drive # 42 Gb (854 Mb free - 2%) [] # NTFS
G:\ -> CD-ROM
H:\ -> Removable drive # 15 Gb (7 Mb free - 45%) [NUFILE] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (ID: 768 |ParentID: 4)
C:\WINDOWS\system32\winlogon.exe (ID: 852 |ParentID: 768)
C:\WINDOWS\system32\services.exe (ID: 896 |ParentID: 852)
C:\WINDOWS\system32\lsass.exe (ID: 908 |ParentID: 852)
C:\WINDOWS\system32\svchost.exe (ID: 1104 |ParentID: 896)
C:\WINDOWS\System32\svchost.exe (ID: 1304 |ParentID: 896)
C:\WINDOWS\system32\svchost.exe (ID: 1380 |ParentID: 896)
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (ID: 1596 |ParentID: 896)
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (ID: 1636 |ParentID: 896)
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (ID: 1740 |ParentID: 896)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1756 |ParentID: 896)
C:\WINDOWS\system32\spoolsv.exe (ID: 1916 |ParentID: 896)
C:\WINDOWS\Explorer.EXE (ID: 288 |ParentID: 200)
C:\PROGRA~1\SYMANT~1\VPTray.exe (ID: 1428 |ParentID: 288)
C:\WINDOWS\system32\igfxpers.exe (ID: 2044 |ParentID: 288)
C:\WINDOWS\system32\igfxtray.exe (ID: 224 |ParentID: 288)
C:\WINDOWS\system32\hkcmd.exe (ID: 308 |ParentID: 288)
C:\Program Files\Common Files\Symantec Shared\ccApp.exe (ID: 508 |ParentID: 288)
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (ID: 296 |ParentID: 288)
C:\WINDOWS\system32\igfxsrvc.exe (ID: 956 |ParentID: 1104)
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (ID: 128 |ParentID: 288)
C:\WINDOWS\system32\wscript.exe (ID: 1256 |ParentID: 288)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 1276 |ParentID: 288)
C:\Program Files\Alwil Software\Avast5\avastUI.exe (ID: 1764 |ParentID: 288)
C:\WINDOWS\system32\ctfmon.exe (ID: 1560 |ParentID: 288)
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (ID: 1344 |ParentID: 288)
C:\WINDOWS\system32\wuauclt.exe (ID: 2924 |ParentID: 2864)
C:\Program Files\Symantec AntiVirus\DefWatch.exe (ID: 3072 |ParentID: 896)
C:\Program Files\Java\jre6\bin\jqs.exe (ID: 3220 |ParentID: 896)
C:\Program Files\Skype\Phone\Skype.exe (ID: 3236 |ParentID: 288)
C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe (ID: 3520 |ParentID: 896)
C:\Program Files\Internet Download Manager\IDMan.exe (ID: 3544 |ParentID: 288)
C:\Documents and Settings\USER\Application Data\BitTorrent\BitTorrent.exe (ID: 3552 |ParentID: 288)
C:\WINDOWS\system32\NLSSRV32.EXE (ID: 3560 |ParentID: 896)
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (ID: 3812 |ParentID: 896)
C:\WINDOWS\system32\svchost.exe (ID: 4076 |ParentID: 896)
C:\Program Files\Symantec AntiVirus\Rtvscan.exe (ID: 1648 |ParentID: 896)
C:\Program Files\Internet Download Manager\IEMonitor.exe (ID: 2748 |ParentID: 3544)
C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe (ID: 3168 |ParentID: 896)
C:\Program Files\Mozilla Firefox\firefox.exe (ID: 2668 |ParentID: 288)

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - [64bit] HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
F2 - [64bit] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run : [{51528D0F-5EF7-AD40-AAB3-BD138B3A9E01}] "C:\Documents and Settings\USER\Application Data\Gikaja\uhiki.exe"
04 - HKCU\..\Run : [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKCU\..\Run : [Facebook Update] "C:\Documents and Settings\USER\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKCU\..\Run : [Google Update] "C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
04 - HKCU\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [ChicaPasswordManager] "C:\Program Files\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned
04 - HKCU\..\Run : [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKCU\..\Run : [Uhiki] "C:\Documents and Settings\USER\Application Data\Gikaja\uhiki.exe"
04 - HKCU\..\Run : [yvuvrzwboi] wscript.exe //B "C:\DOCUME~1\USER\LOCALS~1\Temp\yvuvrzwboi..vbs"
04 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKCU\..\Run : [BitTorrent] "C:\Documents and Settings\USER\Application Data\BitTorrent\BitTorrent.exe" /MINIMIZED
04 - HKCU\..\RunOnce : [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe -update plugin
04 - HKLM\..\Run : [NPSStartup]
04 - HKLM\..\Run : [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
04 - HKLM\..\Run : [SoundMan] SOUNDMAN.EXE
04 - HKLM\..\Run : [SkyTel] SkyTel.EXE
04 - HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE
04 - HKLM\..\Run : [Persistence] C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\..\Run : [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\..\Run : [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
04 - HKLM\..\Run : [AlcWzrd] ALCWZRD.EXE
04 - HKLM\..\Run : [Alcmtr] ALCMTR.EXE
04 - HKLM\..\Run : [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
04 - HKLM\..\Run : [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [yvuvrzwboi] wscript.exe //B "C:\DOCUME~1\USER\LOCALS~1\Temp\yvuvrzwboi..vbs"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
04 - HKLM\..\RunOnce : []
04 - HKLM\..\Policies\Explorer\run : [316] C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\ccxfvft.com
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\Run : []
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : []
04 - HKU\S-1-5-21-1715567821-179605362-299502267-1003\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-1715567821-179605362-299502267-1003\..\Run : [{51528D0F-5EF7-AD40-AAB3-BD138B3A9E01}] "C:\Documents and Settings\USER\Application Data\Gikaja\uhiki.exe"
04 - HKU\S-1-5-21-1715567821-179605362-299502267-1003\..\Run : [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKU\S-1-5-21-1715567821-179605362-299502267-1003\..\Run : [Facebook Update] "C:\Documents and Settings\USER\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-1715567821-179605362-299502267-1003\..\Run : [Google Update] "C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1715567821-179605362-299502267-1003\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1715567821-179605362-299502267-1003\..\Run : [ChicaPasswordManager] "C:\Program Files\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned
04 - HKU\S-1-5-21-1715567821-179605362-299502267-1003\..\Run : [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKU\S-1-5-21-1715567821-179605362-299502267-1003\..\Run : [Uhiki] "C:\Documents and Settings\USER\Application Data\Gikaja\uhiki.exe"
04 - HKU\S-1-5-21-1715567821-179605362-299502267-1003\..\Run : [yvuvrzwboi] wscript.exe //B "C:\DOCUME~1\USER\LOCALS~1\Temp\yvuvrzwboi..vbs"
04 - HKU\S-1-5-21-1715567821-179605362-299502267-1003\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-1715567821-179605362-299502267-1003\..\Run : [BitTorrent] "C:\Documents and Settings\USER\Application Data\BitTorrent\BitTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-1715567821-179605362-299502267-1003\..\RunOnce : [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe -update plugin
04 - HKU\S-1-5-18\..\RunOnce : [RunNarrator] Narrator.exe
04 - HKU\S-1-5-18\..\RunOnce : []

################## | Generic Research |

Found ! C:\Documents and Settings\USER\yvuvrzwboi..vbs
Found ! H:\yvuvrzwboi..vbs
Found ! H:\_WKIQQUQ.nil
Found ! C:\DOCUME~1\USER\LOCALS~1\Temp\yvuvrzwboi..vbs
Found ! D:\BitTorrent.exe
Found ! H:\NUFILE (15GB).lnk
Found ! H:\autorun.lnk
Found ! H:\_WKIQQUQ.lnk
Found ! H:\desktop.lnk
Found ! H:\Thumbs.lnk
Found ! H:\ .lnk
Found ! C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
Found ! E:\R
Found ! C:\Documents and Settings\All Users\Local Settings\Temp\ccxfvft.com
Found ! C:\Documents and Settings\Sakshi Computers\Local Settings\Temp\yvuvrzwboi..vbs
Found ! C:\Documents and Settings\Sakshi Computers\yvuvrzwboi..vbs
Found ! C:\Documents and Settings\USER\Local Settings\Temp\yvuvrzwboi..vbs
Found ! H:\ \yvuvrzwboi..vbs

################## | Registry |

Found ! HKCU\Software\HS
Found ! HKU\S-1-5-21-1715567821-179605362-299502267-1003\Software\HS
Found ! HKCU\Software\Microsoft\Handle
Found ! HKU\.DEFAULT\Software\Microsoft\Handle
Found ! HKU\S-1-5-20\Software\Microsoft\Handle
Found ! HKU\S-1-5-21-1715567821-179605362-299502267-1003\Software\Microsoft\Handle
Found ! HKU\S-1-5-18\Software\Microsoft\Handle
Found ! HKCU\Software\XML
Found ! HKU\S-1-5-21-1715567821-179605362-299502267-1003\Software\XML
Found ! HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS
Found ! HKLM\SYSTEM\ControlSet001\Services\SSHNAS
Found ! HKLM\SYSTEM\ControlSet002\Services\SSHNAS
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Found ! HKLM\Software\Microsoft\Security Center|AntiVirusDisableNotify -> 1
Found ! HKLM\Software\Microsoft\Security Center|FirewallDisableNotify -> 1
Found ! HKLM\Software\Microsoft\Security Center|UpdatesDisableNotify -> 1
Found ! HKU\S-1-5-21-1715567821-179605362-299502267-1003\Software\Microsoft\Windows\CurrentVersion\Run|yvuvrzwboi
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|yvuvrzwboi
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|yvuvrzwboi
Found ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|316
Found ! HKU\S-1-5-21-1715567821-179605362-299502267-1003\Software\Microsoft\Windows\CurrentVersion\Run|BitTorrent
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|BitTorrent

################## | E.O.F | http://www.en.usbfix.net/ - https://www.sosvirus.net/ |
Related:

1 response

Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Mar 21, 2014 at 05:32 AM
Run USB Fix again and click on delete

See this tutorial:

http://www.en.usbfix.net/2014/02/usbfix-tutorial-clean-option/
2
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Mar 22, 2014 at 06:25 AM
Skadam 1

For research and development purposes, could you please, upload this file

C:\Documents and Settings\USER\Application Data\Gikaja\uhiki.exe

on

https://authentification.site

Once uploaded, you will be given a url, please post the url here.

Thank you for your help
0