Previous Topic Next Topic

Cleaning from shortcut virus failed.. :(

Closed
Lau151 Posts 1 Registration date Monday April 21, 2014 Status Member Last seen April 21, 2014 - Apr 21, 2014 at 09:54 AM
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 - Apr 22, 2014 at 02:14 AM
Hello,

I just followed the instructions of the tutorial for the cleaning of the USBs and laptop from the Shortcut virus.
However, after the end of the process, the shortcuts are still there, and I got the following report, which taks of "vaccines" instead of "delation", as in the sample of reprot attacheed to the tutorail...
Can anyone tell me why it didn't work? :(

Thanks! :)
L.

############################## | UsbFix V 7.169 | [Deletion]

User: DELL (Administrator) # DELL-BILGISAYAR
Updated 31/03/2014 by El Desaparecido - Team SosVirus
Started at 16:37:25 | 21/04/2014

Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : https://ccm.net/forum/viruses-security-7
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: Dell Inc. (03HH35)
CPU: Intel(R) Core(TM) i5 CPU M 580 @ 2.67GHz
RAM -> [Total : 3958 Mo| Free : 3009 Mo]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17041
WB: Google Chrome : 34.0.1847.116
WB: Mozilla Firefox : 28.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: ESET Smart Security 6.0 [Enabled | (!) Outdated]
AV: Norton AntiVirus [(!) Disabled | Updated]
AS: Norton AntiVirus [Enabled | Updated]
AS: ESET Smart Security 6.0 [Enabled | (!) Outdated]
AS: Windows Defender [(!) Disabled | Updated]
FW: ESET Ki?isel güvenlik duvar? [(!) Disabled]
FW: Windows FireWall [(!) Disabled]

C:\ (%systemdrive%) -> Fixed drive # 98 Gb (45 Mb free - 46%) [] # NTFS
D:\ -> Fixed drive # 368 Gb (368 Mb free - 100%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 7 Gb (7 Mb free - 99%) [TOSHIBA] # FAT32
G:\ -> Fixed drive # 15 Gb (15 Mb free - 100%) [] # FAT32

################## | Active Processes |

C:\Windows\system32\csrss.exe (ID: 404 |ParentID: 376)
C:\Windows\system32\wininit.exe (ID: 468 |ParentID: 376)
C:\Windows\system32\csrss.exe (ID: 488 |ParentID: 476)
C:\Windows\system32\services.exe (ID: 532 |ParentID: 468)
C:\Windows\system32\lsass.exe (ID: 548 |ParentID: 468)
C:\Windows\system32\lsm.exe (ID: 556 |ParentID: 468)
C:\Windows\system32\svchost.exe (ID: 652 |ParentID: 532)
C:\Windows\system32\winlogon.exe (ID: 724 |ParentID: 476)
C:\Windows\system32\svchost.exe (ID: 776 |ParentID: 532)
C:\Windows\System32\svchost.exe (ID: 868 |ParentID: 532)
C:\Windows\System32\svchost.exe (ID: 908 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 952 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 976 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 396 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 428 |ParentID: 532)
C:\Windows\System32\spoolsv.exe (ID: 1188 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 1216 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 1252 |ParentID: 532)
C:\Windows\system32\taskeng.exe (ID: 1404 |ParentID: 976)
C:\Windows\system32\taskhost.exe (ID: 1456 |ParentID: 532)
C:\Windows\system32\Dwm.exe (ID: 1580 |ParentID: 908)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1636 |ParentID: 532)
C:\Windows\system32\PrintIsolationHost.exe (ID: 1644 |ParentID: 652)
C:\Windows\Explorer.EXE (ID: 1704 |ParentID: 1544)
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (ID: 1756 |ParentID: 532)
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ID: 1816 |ParentID: 532)
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ID: 1884 |ParentID: 532)
C:\Windows\system32\runonce.exe (ID: 1944 |ParentID: 1704)
C:\Windows\SysWOW64\runonce.exe (ID: 1968 |ParentID: 1944)
C:\ProgramData\DatacardService\HWDeviceService64.exe (ID: 1988 |ParentID: 532)
C:\ProgramData\MobileBrServ\mbbservice.exe (ID: 2028 |ParentID: 532)
C:\ProgramData\DatacardService\DCSHelper.exe (ID: 1028 |ParentID: 1988)
C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\NAV.exe (ID: 1372 |ParentID: 532)
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe (ID: 1400 |ParentID: 532)
C:\Program Files (x86)\Skype\Updater\Updater.exe (ID: 1956 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 2112 |ParentID: 532)
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe (ID: 2508 |ParentID: 1400)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2672 |ParentID: 652)
C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\NAV.exe (ID: 2828 |ParentID: 1372)
C:\Windows\system32\SearchIndexer.exe (ID: 3288 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 3492 |ParentID: 532)
C:\Windows\System32\WUDFHost.exe (ID: 3548 |ParentID: 908)
C:\Windows\System32\WUDFHost.exe (ID: 3624 |ParentID: 908)
C:\Windows\system32\SearchProtocolHost.exe (ID: 3704 |ParentID: 3288)
C:\Windows\system32\SearchFilterHost.exe (ID: 3724 |ParentID: 3288)
C:\Windows\System32\rundll32.exe (ID: 3808 |ParentID: 652)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3996 |ParentID: 652)

################## | Generic Research |


(!) Temporary files deleted.

################## | Registry |

Deleted ! HKU\S-1-5-21-579226153-1887405181-4136869760-1000\Software\.\.\.\.\Mountpoints2\{78c8807c-c39b-11e3-b4e7-5c260a4ba4fa}

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKCU\..\Run : [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [Mobile Partner] C:\Program Files (x86)\MobileWiFi\MobileWiFi
04 - HKCU\..\Run : [YandexElements] "C:\Program Files (x86)\Yandex\Common\elements64.exe" /auto
04 - HKCU\..\Run : [GoogleChromeAutoLaunch_4061A3059D27C63A84FB99ECD0D22755] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKLM\..\Run : [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [CheckNDISPort_df] C:\Program Files (x86)\Hostless Modem\Turkcell VINN\CheckNDISPort_df.exe
04 - [x64] HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - [x64] HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - [x64] HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - [x64] HKLM\..\Run : [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-579226153-1887405181-4136869760-1000\..\Run : [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKU\S-1-5-21-579226153-1887405181-4136869760-1000\..\Run : [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKU\S-1-5-21-579226153-1887405181-4136869760-1000\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-579226153-1887405181-4136869760-1000\..\Run : [Mobile Partner] C:\Program Files (x86)\MobileWiFi\MobileWiFi
04 - HKU\S-1-5-21-579226153-1887405181-4136869760-1000\..\Run : [YandexElements] "C:\Program Files (x86)\Yandex\Common\elements64.exe" /auto
04 - HKU\S-1-5-21-579226153-1887405181-4136869760-1000\..\Run : [GoogleChromeAutoLaunch_4061A3059D27C63A84FB99ECD0D22755] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Listing |

[24/09/2013 - 11:57:43 | SHD] - C:\$Recycle.Bin
[14/07/2009 - 08:08:56 | SHD] - C:\Documents and Settings
[21/04/2014 - 16:36:38 | ASH | 3039628 Ko] - C:\hiberfil.sys
[07/10/2013 - 11:58:48 | N | 5 Ko] - C:\HPDIU.log
[07/10/2013 - 11:58:44 | N | 2 Ko] - C:\HPSIU.log
[24/09/2013 - 12:09:05 | D] - C:\Intel
[25/09/2013 - 14:13:13 | RHD] - C:\MSOCache
[21/04/2014 - 16:36:44 | ASH | 4052840 Ko] - C:\pagefile.sys
[14/07/2009 - 06:20:08 | D] - C:\PerfLogs
[21/04/2014 - 15:57:32 | D] - C:\Program Files
[18/04/2014 - 17:01:25 | D] - C:\Program Files (x86)
[18/04/2014 - 17:01:25 | HD] - C:\ProgramData
[24/09/2013 - 11:57:31 | SHD] - C:\Recovery
[21/04/2014 - 16:36:11 | SHD] - C:\System Volume Information
[21/04/2014 - 16:35:38 | D] - C:\UsbFix
[21/04/2014 - 16:33:30 | N | 13 Ko | 0077C47065F0E430CE1CA587342AEDEC] - C:\UsbFix [Clean 2] DELL-BILGISAYAR.txt
[21/04/2014 - 16:37:53 | A | 8 Ko | 700676F81253ACBBFC50EEFA9D3EB232] - C:\UsbFix [Clean 4] DELL-BILGISAYAR.txt
[24/09/2013 - 11:57:41 | D] - C:\Users
[21/04/2014 - 16:36:38 | D] - C:\Windows
[24/09/2013 - 14:31:37 | N | 18 Ko | 84A96781617613D444339BD8EB9DE2CB] - C:\WPI_Log.txt
[24/09/2013 - 12:10:53 | SHD] - D:\$RECYCLE.BIN
[21/04/2014 - 16:36:12 | SHD] - D:\System Volume Information
[16/12/2013 - 10:21:08 | N | 517 Ko] - F:\Rent contract Istanbul.PDF
[12/02/2014 - 15:57:14 | N | 73 Ko] - F:\MRFS PFA Training Evaluation Arabic.docx
[27/02/2014 - 12:20:30 | D] - F:\cimen sokak 105_1 sisli istanbul google map - Google Maps_files
[09/04/2014 - 14:44:20 | N | 158 Ko] - F:\Evaluation IMC.xlsx
[27/02/2014 - 12:20:36 | N | 171 Ko] - F:\cimen sokak 105_1 sisli istanbul google map - Google Maps.htm
[06/04/2014 - 16:19:04 | N | 5055 Ko] - F:\IRQ_KRG_OverviewLabeled_11SEP2013-001.jpg
[09/04/2014 - 00:08:12 | N | 545 Ko] - F:\GBV Emergencies Training _Part 2 Intro to GBV_lc_comments.pptx
[10/02/2014 - 12:57:42 | D] - F:\IMS training
[23/12/2013 - 11:14:42 | N | 259 Ko] - F:\acv.jpg
[05/11/2013 - 19:47:34 | N | 22 Ko] - F:\Camp Safety Audit_Akcakale_2013_1.docx
[06/12/2013 - 10:39:54 | N | 385 Ko] - F:\Employment Agreement Laura Canali fully signed.pdf
[27/01/2014 - 16:00:16 | N | 269 Ko] - F:\Flight Ticket.pdf
[07/11/2013 - 10:44:14 | N | 18 Ko] - F:\GBV Women Men FGD Guide_Draft_Turkey_2013.docx
[11/02/2014 - 22:37:56 | N | 2753 Ko] - F:\GBVIMS FG PPT-6 Analysis_Turkey_data entry_feb2014.pptx
[30/01/2014 - 11:00:16 | N | 129 Ko] - F:\IMC N Turkey CM 2014 Proposal OFDA GBV.docx
[05/11/2013 - 09:47:18 | N | 17 Ko] - F:\Interview - Note Form (10-2013).docx
[17/04/2013 - 10:42:58 | N | 13054 Ko] - F:\IR_SS_17APR13.xls
[10/02/2014 - 19:49:34 | N | 12197 Ko] - F:\IR_v68_GBV_Turkey_2013_Kilis_v1.xls
[13/04/2014 - 10:39:08 | D] - F:\Arabic GBV training
[10/10/2013 - 14:56:50 | D] - G:\SanDiskSecureAccessV2.0
[09/10/2013 - 14:04:14 | N | 7236 Ko | 8F6DEE91078C10FBA6134E83D1034E92] - G:\SanDiskSecureAccessV2_win.exe
[20/04/2014 - 22:50:46 | SHD] - G:\$RECYCLE.BIN

################## | Vaccin |

D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.en.usbfix.net/ - https://www.sosvirus.net/ |


Related:

1 response

Answer 1 / 1
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Apr 22, 2014 at 02:14 AM
Hello,

You are sure that the shortcuts are still here ?

Run again UsbFix, clic on Research and post the report.

Gabriel.
0

Similar discussions

Using attrib -h -r -s /s /d g:\*.* I could not wipe the attributes of my externa
jwtingley -
ac3mark -

1 response
CMD to fix the shortcut error but it says access denied
AndThatsThat -
scarlette -

7 responses
attrib -h -r -s /s /d g:\*.* did not work for me
johnmenard -
Ambucias -

1 response