Virus in my pendrive!

Closed
drumarboy Posts 2 Registration date Tuesday June 17, 2014 Status Member Last seen June 17, 2014 - Jun 17, 2014 at 03:35 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Jun 17, 2014 at 05:40 AM
[b]############################## | UsbFix V 7.171 | [Research][/b]

User: Mohila Bishoyok (Administrator) # MOHILABISHOYOK
Updated 18/05/2014 by El Desaparecido - SosVirus
Started at 13:26:29 | 17/06/2014

Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url]
Changelog : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog/[/url]
Support : [url=http://ccm.net/forum/viruses-security-7]https://ccm.net/forum/viruses-security-7[/url]
Upload Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact/[/url]

PC: MICRO-STAR INTERNATIONAL CO., LTD (3666h)
CPU: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
RAM -> [Total : 1917 Mo| Free : 769 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Enterprise (6.1.7600 32-Bit)
WB: Windows Internet Explorer : 8.0.7600.16385
WB: Google Chrome : 35.0.1916.153

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Avira Desktop [Enabled | Updated]
AS: Avira Desktop [Enabled | Updated]
AS: Windows Defender [(!) Disabled | (!) Outdated]
FW: Windows FireWall [(!) Disabled]

C:\ (%SystemDrive%) -> Fixed drive # 57 Gb (28 Mb free - 48%) [Windows 7] # NTFS
D:\ -> Fixed drive # 100 Gb (100 Mb free - 100%) [Office Documents] # NTFS
E:\ -> Fixed drive # 76 Gb (66 Mb free - 87%) [Software] # NTFS
F:\ -> CD-ROM
G:\ -> Removable drive # 15 Gb (15 Mb free - 100%) [OVEY] # FAT32

[b]################## | Active Processes |[/b]

C:\Windows\System32\smss.exe (ID: 260|ParentID: 4|SYSTEM)
C:\Windows\System32\wininit.exe (ID: 440|ParentID: 384)
C:\Windows\System32\services.exe (ID: 500|ParentID: 440)
C:\Windows\System32\lsass.exe (ID: 524|ParentID: 440)
C:\Windows\System32\lsm.exe (ID: 532|ParentID: 440)
C:\Windows\System32\winlogon.exe (ID: 620|ParentID: 448)
C:\Windows\System32\svchost.exe (ID: 708|ParentID: 500)
C:\Windows\System32\svchost.exe (ID: 788|ParentID: 500)
C:\Windows\System32\svchost.exe (ID: 864|ParentID: 500)
C:\Windows\System32\svchost.exe (ID: 928|ParentID: 500)
C:\Windows\System32\svchost.exe (ID: 960|ParentID: 500)
C:\Windows\System32\svchost.exe (ID: 1096|ParentID: 500)
C:\Windows\System32\svchost.exe (ID: 1216|ParentID: 500)
C:\Windows\System32\spoolsv.exe (ID: 1400|ParentID: 500)
C:\Program Files\Avira\AntiVir Desktop\sched.exe (ID: 1448|ParentID: 500)
C:\Windows\System32\dwm.exe (ID: 1456|ParentID: 928|Mohila Bishoyok)
C:\Windows\explorer.exe (ID: 1468|ParentID: 1420|Mohila Bishoyok)
C:\Windows\System32\svchost.exe (ID: 1508|ParentID: 500)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1632|ParentID: 500)
C:\Program Files\Avira\AntiVir Desktop\avguard.exe (ID: 1660|ParentID: 500)
C:\Windows\System32\svchost.exe (ID: 1736|ParentID: 500)
C:\Windows\System32\taskhost.exe (ID: 1880|ParentID: 500|Mohila Bishoyok)
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ID: 2020|ParentID: 1660)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (ID: 2348|ParentID: 1468|Mohila Bishoyok)
C:\Windows\System32\igfxtray.exe (ID: 2368|ParentID: 1468|Mohila Bishoyok)
C:\Windows\System32\hkcmd.exe (ID: 2376|ParentID: 1468|Mohila Bishoyok)
C:\Windows\System32\igfxpers.exe (ID: 2384|ParentID: 1468|Mohila Bishoyok)
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (ID: 2452|ParentID: 1468)
C:\Windows\System32\igfxsrvc.exe (ID: 2460|ParentID: 708|Mohila Bishoyok)
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (ID: 2496|ParentID: 1468|Mohila Bishoyok)
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe (ID: 2724|ParentID: 2496|Mohila Bishoyok)
C:\Program Files\Avro Keyboard\Avro Keyboard.exe (ID: 2796|ParentID: 1468|Mohila Bishoyok)
C:\Windows\System32\wscript.exe (ID: 2804|ParentID: 1468|Mohila Bishoyok)
C:\Program Files\Bijoy Bayanno 2010\BijoyEkushe.exe (ID: 2836|ParentID: 1468|Mohila Bishoyok)
C:\Program Files\WinZip\WZQKPICK.EXE (ID: 2844|ParentID: 1468|Mohila Bishoyok)
C:\Windows\System32\SearchIndexer.exe (ID: 3040|ParentID: 500)
C:\Windows\System32\svchost.exe (ID: 3308|ParentID: 500)
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (ID: 2948|ParentID: 1648|Mohila Bishoyok)
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (ID: 2528|ParentID: 500)
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (ID: 676|ParentID: 500)
C:\Windows\System32\taskhost.exe (ID: 3480|ParentID: 500|Mohila Bishoyok)
C:\Windows\System32\audiodg.exe (ID: 2284|ParentID: 864)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 2632|ParentID: 1468|Mohila Bishoyok)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 2568|ParentID: 2632|Mohila Bishoyok)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 2892|ParentID: 2632|Mohila Bishoyok)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 1492|ParentID: 2632|Mohila Bishoyok)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3896|ParentID: 2632|Mohila Bishoyok)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 2648|ParentID: 2632|Mohila Bishoyok)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4064|ParentID: 2632|Mohila Bishoyok)
C:\UsbFix\UsbFix.exe (ID: 3976|ParentID: 1468|Mohila Bishoyok)

[b]################## | Autorun |[/b]

G:\T A Bill.lnk -> G:\setup.vbe - [url=https://www.virustotal.com/file/a1a6b54bea233c73fa873272d47a0278fa2c8f478fbf31ed7ff3b3cbd34bf238/analysis/1398231393/]VirusTotal[/url] - ([color=#FF0000]23[/color]/[color=#FF0000]51[/color])

[b]################## | Regedit Run |[/b]

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe,
04 - HKCU\..\Run : [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
04 - HKCU\..\Run : [Avro Keyboard] C:\Program Files\Avro Keyboard\Avro Keyboard.exe
04 - HKCU\..\Run : [setup] wscript.exe //B "C:\Users\MOHILA~1\AppData\Local\Temp\setup.vbe"
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2765757277-1382147859-2985629381-1000\..\Run : [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
04 - HKU\S-1-5-21-2765757277-1382147859-2985629381-1000\..\Run : [Avro Keyboard] C:\Program Files\Avro Keyboard\Avro Keyboard.exe
04 - HKU\S-1-5-21-2765757277-1382147859-2985629381-1000\..\Run : [setup] wscript.exe //B "C:\Users\MOHILA~1\AppData\Local\Temp\setup.vbe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

[b]################## | Generic Research |[/b]

Found ! C:\Users\Mohila Bishoyok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.vbe
Found ! C:\Users\MOHILA~1\AppData\Local\Temp\setup.vbe
Found ! G:\setup.vbe
Found ! G:\T A Bill.lnk
Found ! C:\Users\Mohila Bishoyok\AppData\Local\Temp\setup.vbe

[b]################## | Registry |[/b]

Found ! HKU\S-1-5-21-2765757277-1382147859-2985629381-1000\Software\Microsoft\Windows\CurrentVersion\Run|setup
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|setup

[b]################## | E.O.F | [url=http://www.sosvirus.net/]https://www.sosvirus.net/[/url] | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url] |[/b]

2 responses

drumarboy Posts 2 Registration date Tuesday June 17, 2014 Status Member Last seen June 17, 2014
Jun 17, 2014 at 03:40 AM
shortcut still appears
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Jun 17, 2014 at 05:40 AM
Of course they are still there, you have not used USBFix properly.

Follow the instructions in this tutorial:

http://www.en.usbfix.net/tutorial/
0