Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

g249.js infected computer and external hard disk


  • This topic is locked This topic is locked
29 replies to this topic

#16 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 PM

Posted 11 May 2013 - 03:16 PM

I saw that but I did not know if you had set that up.

Try this.

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.


BC AdBot (Login to Remove)

 


#17 SatanicSaint

SatanicSaint
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 11 May 2013 - 05:57 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x86
Ran by ACEr on 12-05-2013 at  4:16:50.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\winzip registry optimizer"



~~~ FireFox

Successfully deleted: [File] C:\Users\ACEr\AppData\Roaming\mozilla\firefox\profiles\vffoqdrj.default\user.js
Successfully deleted: [File] C:\Users\ACEr\AppData\Roaming\mozilla\firefox\profiles\8ji6twfj.default-1340277873667\user.js
Successfully deleted: [File] "C:\Users\ACEr\AppData\Roaming\mozilla\firefox\profiles\vffoqdrj.default\extensions\webnavigation@linkzb.com.xpi"
Successfully deleted: [Folder] C:\Users\ACEr\AppData\Roaming\mozilla\firefox\profiles\vffoqdrj.default\extensions\jid1-0FHdJAAQ7Nb73Q@jetpack
Emptied folder: C:\Users\ACEr\AppData\Roaming\mozilla\firefox\profiles\vffoqdrj.default\minidumps [20 files]
Emptied folder: C:\Users\ACEr\AppData\Roaming\mozilla\firefox\profiles\8ji6twfj.default-1340277873667\minidumps [480 files]



~~~ Chrome

Successfully deleted: [Registry Key] hkey_current_user\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12-05-2013 at  4:19:41.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#18 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 PM

Posted 12 May 2013 - 07:59 AM

How is it now?

#19 SatanicSaint

SatanicSaint
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 12 May 2013 - 08:19 AM

The home page is not changed. And everything else also seems fine. Should I try plugging in any USB drive now?

#20 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 PM

Posted 12 May 2013 - 08:56 AM

Lets run this USBNoRisk cleaning tool from bobby_ first

Download USBNoRisk to your Desktop and run it by double-clicking the program's icon
- wait a couple of seconds for initial scan to be done
- connect all of the USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds
- if there are more USB storage devices to scan, please take a note about the order in which these were connected
- after all the devices are scanned, choose "Save log" option from right-click menu on Monitor tab. That will open the log in Notepad. Please copy/paste the log in your next post.

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

#21 SatanicSaint

SatanicSaint
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 12 May 2013 - 09:09 AM

- connect all of the USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds
- if there are more USB storage devices to scan, please take a note about the order in which these were connected
 

I am sorry I didn't get these two lines. I have connected my external hdd after the initial scan. It says Scanning for connected USB mass storage.

Should I remove the external hdd and plug in my pen drives or should I keep both of them plugged in?



#22 SatanicSaint

SatanicSaint
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 12 May 2013 - 09:22 AM

Here is the log.

The 2nd H: is my 2nd pen drive which I think is clean. Also the software did not detect my iPod and iPad.

 

 

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 12-05-2013 19:32:51

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
E:  {9d2e0cda-9741-11e0-9b31-206a8a0ca87d}
C:  {b8781a83-9bc7-11df-9b37-806e6f6e6963}
D:  {b8781a84-9bc7-11df-9b37-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for b8781a83-9bc7-11df-9b37-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for b8781a84-9bc7-11df-9b37-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 9d2e0cda-9741-11e0-9b31-206a8a0ca87d
No Desktop.ini files found on E:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 12-05-2013 19:33:44

Scanning for connected USB mass storage...
----------------------------------------
I:  {cce23f04-0a0d-11e2-bd7c-206a8a0ca87d}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
autorun.inf found on I:
----------------------------------------
File I:\autorun.inf renamed successfully

Content of I:\autorun.inf.blocked
----------------------------------------
DRPiGlS7eCNi1Ssv=o2qxEgyBV9qDP
TtMKnGYA1bY=hdVveIMO1sYFlt
pa5vrOqgEoCTI3xQ=lS9kFcBY3kHmiaLrV
LxutHy254ntj3=VBT4FxqHyhxcmWKC
A2cnEfbgw1D1YnnG=TllttaMdU5Yr
2198tuojqYFNz=CUqbR9bD0tx
5KpQaUKGSI2BQ6F=poxQNnnmPs8J
Xii4bsTFhoZp6OekMT=wjvnWEKb1ZglS
C9yKxgboqQ=4aeKuAEW5A6
GPszy5wElWkn5mHEHaRD=alO87BCnt9vaGdYbT
Kvtl9ho1O9WSxl=bxwQj7SYSfwg42
[FAe6TT9]
[3TA9vLQQ]
3eHOHHSocFhm=1wQXyFDaOVkAJ
gkUkcn50DJrwx=TWUFmtiB370UKdU
fYBszHf7nSxPNL=QkVPA20ZgHpOjK
[bCNVlVb]
MgyMqSUTxTwg=NKhFERPwQm58
XsZY28WdzxW=37TZOsRvfh2ur
stEZsenzNVPK=kDBYgNqFt4zVOiHPT97Sep
yBt0kofyzD25az4XETbl=PFLzjy5Au6tpt
R99NdwOgL74BR2=t8E0NcxH7VbLW
[b2MvUx]
jfMiNHiyF0Z=RgkuJiRSj9m6
iTCEcPbsFq8gzvbkmmP6=U0D5siV5BmlidNDe
91uxh0xpBHdB8kvjA=pnDyzV5DWFU
c26073LrHj3NDsL5=fcUO4chVt606IoZu
C7c1Xrc5lbTJ=k5yE7M0mhRabf
06lpAIWMlE6U8=005r0s8eJv6ptJqm9d
sqHmvjh25BP296K=XkNfFiWqVEl
Bb28EDgOYN=9mlvu0BTlGVWAg
ot3fZDS4ikXcRZI6Qf=q0H8xrMKr1wNp
8oxjChcmeJu=b7xEcUlpHcyw70
YhRAj23LEWyiBM=TWOoV2ZpiL6c
[2ZQcdVk4Js]
E3Aj6sQrCB3VxE4PE=dnAGJWcqgCIZ5T
GDFiZwezwv=Q7tL9Bys411h7
Rt8CjyzhSuXaC8=fnCIgfjmUgELtfhyI
S2HiQuy5vJptDOs=tik1SkJmGaWz
c2AtbOWWFCEl1vuBm9dP=HybVk39lbu2xsg
Qp3FB5JjfX=Jc7TwJWDtXvyeI
AdaZVKeemlizVG=yCQV46t3dhbbGml7
[gSK2JI]
evxLXHfTmDKSWW=eyvQQJGbxOVlZ8Q2
xh0Bqufj4hcQt=3FXeSkSlEgzk
4mA4kB129HhC5=grRD4N72EL58I
U2NXM5QQG0BL=6C9mOiEepPmiphOk5q
bfirbBaKb1tkB=XBumvsdXGdEmdn
Yr7Kb8vI4ZSteQdp=qgIXMqP3S1ExgUVY
X3DAxndVfM8qV1Uw=eLZ3xBqh3DoSzfSeiel
5GvOAEj5Vq8CF9OtsV8uJ=hMWJxMEvtjMF
0UEXfJhmG4soLS=bohVUkoVWeVi99BY
y4bDvBVMQgAD8=uXwwcHkd9Q1hy
MDrM6g0YEqkTmKT=wDFzPdATgILP
CLIhZhMKe3x1Gx4WB=SJD8WIw6GBZ
UWd3v4UnGzssW1v=nxBwKFRsW990EsP9KoNNd
[TvElYP7]
S16VxRqRijfQeehRpwjS=AjOQpo823dtTpNdm
kvGJS5FUtX68Uw3KF=qOmgHrpyA3TMA7
JL24Hrb55gOEemZ4BqhkD=9UoQPKXwDKU
H2wF09eWzCwKY2O=KTMLWlQmNvdsxF9IzV
mRQ6sjSDgEfy=CDa3iekWRlMowneqltpI4
7LSEUDjePbcSM2fMw=p12a3B5ModbnMPYB
6JiwGX1y8kETFvo=MJzuz6jnLx9g
HYDC5oh547ax91but=ZH4PRHTvsmgpw
sn0yXXZmWImXpPWjHYx=0F9dYx9G6lF
[autorun]
ohGEKO6TifJhz0=xOrTolCNHxA78ZF
Jz3sIEq15Sud=FEwQRyohMcndp0
8BFwvpEv2cbjmcE=OGIBwUREm8YZkHDp
qL5wdPTSn2So8yvK9=V4g045Bu0aBHlO
Gc6H9g35RKtAf=fslLuWcImvd
DaGytdWDC9U9dZAxFwv=1SYeDMoB7Hr90W61hk
open=3535\g249.js
D4K4d6MGVGDPbp5hO8=f4oR5EzoXYQMewg
i3E8RvWEuL4A=n3hE2xjW4zb
3fWuQSpgssEj=ReZjxMwKURb
o3FZTePxWOEfe=cEpZD7x5nz1r6zQ
6Uwy7Etrt4ZuPNu=0ElsJgePKXgMMK
shellexecute=3535\g249.js
A0rjL3LuFnHfXL=Mnysp2vQpDk06y
qFzXySEewZXl7Pyv=5NvGw9RkFdUFew7XQE9W
d7CHhOvGcfVa=wWd1vUkL2xcW9
ZbaFB1zoG1K4zjPx=mFq1h9Mk6gW1Q3y
BNG4ecL7nXiBe790B4h=Gqiz65HagO6p
KyBoaMQPPrHMeDBbaKal=kYmcgF7sbYVWy
dTVwGPNgfZMclF9=UjUIaYGjkYaNBhU
w1c9I8w0uHI4g9XIpOlr=uwTJhoMudnSxzp
shell\explore\command=3535\g249.js
iBDeFtIx6Lqy0gNqKIGk=MKi5dtPcClPr
up0Wu9z1AUnSfUiWUS=Sv7glgiEejS
FB4RGoRYFQD=0EmxifKwyonp
YpTgAabZ916rTxw=WjZUJQ75OAXr0
ErkMlyOT0Hpp=JdbyVjbQb3aM
nuox2SttDs=Q2xF2Xo6zj7kd
4rz7kh8Kh45=ECOLlEb8tLk9
r13Pyb8u1zrjNsh=sg22D9DlhHUEawU
6ej8BOkkLbsJBoYaJTJUi=0xXvpguRRg4eYNxH
shell\open\command=3535\g249.js
UttmOQsNduZMJmA=22O1qqWjaK2FZ
1fR6O2mHgEB=NPqeHHiO7iW1cW7rOgMTvQ
yd23ztyxBLG0I=4ve3FCCxmrGIVMy
WiOMPj6zHOET11uden=Rzuocywjp7
[bonPyb]
778nT7FJAi7j=G3Wm6OGJ5loyCC5fde9
pdfsTjy1UJ85w=3kJJ4oSeg6h0HYeEH
9Kpdji1We7McF=xGLOdrX4mw1xm2QEWKf
hkjCwJyojSTtlVOcsHr=TqJloa1SrU
6VtFSEDtUodSQgFUsH2=vH25sYOtgP2ly0
QckuhFkam8HZHYi6Qu8nuv=JmcUJRPCMFKHK
bAvsfKFHNThwa4ESA=x3jhn0iYm7Vi2mb0A
JZgeY5Ij1NIHSg6Jd=DF64yiwj9MgbCIbzP
d5dh75Vv2hKuwLDyw=64CYn4qsXpyEFD2
75rllDkm2S0vl=vWlFNecTScuI
7gN7y1F7PfKyxr0P7er=zQY2QMnaXV6PtJ
u7Ktak7xNzoRe0hY=y1VYcSUkABmesxg2
Ll0WoKCN6mLs=AnHdd8GySswrNEw
DWdYKIb6BHuJf=Kit6lTWpmPQCsH9
O3CmS5mLZuj0FA=7KHbpxs9lMWx6xl
[4DuXCb]
4wIO7iGVZD4FYG=i3tbWhCrxy
wMSXMSoOgIu=vIyKcxn4ZTK3pByGRW
[LsJLTsqd]
rnt8Ka34EORbZ8AGE=CHCwm29zMon7r0g
----------------------------------------

No mountpoint found for I:
Sanitized mountpoint for cce23f04-0a0d-11e2-bd7c-206a8a0ca87d
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

.lnk/.pif/.com/.scr files found on drive I:
========================================



New device connected at 12-05-2013 19:40:23

Scanning for connected USB mass storage...
----------------------------------------
H:  {6a444dc2-e8fc-11df-a6dc-206a8a0ca87d}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
autorun.inf found on H:
----------------------------------------
File H:\autorun.inf renamed successfully

Content of H:\autorun.inf.blocked
----------------------------------------
o6t03Dm1GHlwB=cbzieXMoAWH
[mn3wQb]
441HK9vMAAZrGa=vLKa6X0AqgauVyQKyTAhe
Y5YptS29sZ5DFvxY59=li2TLl5med6t81
XuCT2x7WucNWN=hNiOA4mfKtRmgq
[hO0SWsH]
UOTSHXreid6iUjal=LKiQLZ2pVEtb3bjxa
1MtSgf00qJJCWe=BtR6uQKyoUMuQFW8
Nhe5Gs2hVcr7ekvld=vSGbQKBmYha2inOd
IYKLrEWtZyI3=tg7qJLGsyn
lta6SqewW0fYT=3PUsRZ2twJunoLB2
Jc16HLFmzVcDUpO0L9ek=80RevAfx5sxjVoBx9TV
V4xWVBEHySIY=iGqPANd3w2XF1YzW
1L11DTkJ5Il=gjWQ7oMZusS9VgF
[gSKbhEe]
GXZGM2UEVNBwqQ8=pFwRynvSJX4fPoA5
MAbPtB6dY6W4zLh=uD4ECBH7G6Jh6d
QFJHJn75uT4xX=lsmZhwzHHVuAiFN46Ji
YhnlW0D2MMIuTWoub4=CwxCEDvXJ7gjVF
cZBT8vF3k63u=FoJAzI5bF3xdMn2
1QHLbNVYp71=fpfsGKw7L6YUwdT
5YxsgcExq0Iu=0LC9FU1Jpq3rjXs
[4WRVR]
Pcku1CsD5VvI=i353aaiEbe
3PDxg49Jxrr=6Js7P3IkV3kOXUBA
cfjWaehPZNf=YEIEcjZ0uGUryNdS5
[hFMzZM]
ylqUry982eIddz=H41hFt8aFFranK
XwoBVQmFedJDRBNDN=UaW4hUlpTzBj39B
B7hF5D3pvUOzCC=kShoo4nvnfTlwc5NAr
OcuSfj87Vg42k=50PouSIUE2RLKO
QrgM2kI7ST3WN=UZzw9CEaU7IhCAy
u4N2NAurOJAtXVsq6=5G5zzO6NZNLAbybQ
[jMhHARyOj]
AzCDLDXBp9EQjYbFK=PP3R17tXLhUC
Kat2VIsI3tji=H2aJggzHm6yoe
QgRq3iLGfm0D8=UV7bNSep82Pu6YXC5VM
pyrFiQgwzlWpBMkdf=tadSWSCs47mNC
P9kc6tiN6qGieZe=BfiBX9waB4Sa
D5rAjrlrI5e=eXwng2678Z5njIF
[jwD3Bmb9]
s6bJgVhlCCse1=yJ2pOOBXY9OOP0
NqTvMsajXW0zX=17e2e6UzYfi9EB3
[5UWy8]
C7Rfuo2XYtNEY=NV3vBMYLtDXLd6aD
uVI5XslxWhlHBlQ6=YS2gmfcghWp1hwklx0
N43Au7lIFm9C0nf=ipuw10iYgFjLaJP
[tZ3Svn]
k5nHZxftLfpRXGhuv=Nuj7tDPGdnmkPKk
v7b41riy3eQABmlI=o4gxXGsls63JswqyGn
WiQmUNrqoJAMME7=PzITmCWURWdQYPY
vR9mNrduMfvRYgyBiJ=sEVxN90rmkwVY
atAmGVbQqAJ=cqQJPFuevFI0
XMbSFVaDygSV=Mflbfg8Ic812gQ
[autorun]
lcgsdgQqg9GDa2=k1a4I8vNusbEK8wCjt2
xhyMdy35oqJv=3vQOWNx4q45dwn9GucxGL
qP6pBrK1luA=UZvexMyxK0owwmg
s5X6YtqRz8C=05zRZs6KckRz0SV3W1dL
iQd8wGSdEKKH=LoAwdEpmwl8u
UH0H81m95n1=6SB8xlbsqAF
open=3535\g249.js
dsqTC7poHCmLN=oqIOqAu9n06NSW82
Ef0YjdkyggokRuJ=5EotAQdioO0oex8xR5y7
6EHrTeywTInRnRy=fB2fgIjgJjcC
7dxCmzfn41yMf=i45LfTx84qqpV2h5W
gZinPOauchqyJ55=GJ7wkYYVfThlMTN
iIdr5R5nD0hgmEC=7URtPPmHhfmOJSlsF
uuW2Bpsb6PYoNlkvtj9=DDzRVXH3LkFWAAi3j
shellexecute=3535\g249.js
JwqsD68vuSHY0QuR=SviBy5Ra4KVGsbPD
sCU0259OpWFSNSj=htqQeFm9CpK
T7b8Gs62xBmLX2M=Ve4PK4YSoB7ymp
3sZ8tQz0s85=DV6AO0sYuQ6BvpNLvyO
53WcPW7TXwVxWX=pwV0OoXtKzPP
loUrOUfXb9ljmWjdH=BGhSksSTnIO0m7Muh
OujNcUV6ml=iI3KlLvQhcgrdWN
9lcZtqxnBN5UZi4ML9=UugaCujMm7Hw
shell\explore\command=3535\g249.js
oosgIkipXyk6DqY7=KuRProlQ8EFQ6
lCe85dhVAsaZg9uJ=nezMRAJc3F
n605YQovE7YZO=Ik6qH3JdZGth9qWkgnL
HGginOgkzVn42EvsW=Zxd0Q1vU5Ir9M67N6
uUX4G2YK4lykQGdH=nQ9t04cvL7Sqk
BS8c6vsDXNa6=d643YJifOjWqJC
fEE3UsyPunEe=OpOKZ71XX7kyla1T
shell\open\command=3535\g249.js
EFkAW8ZALJ4VbD3=hD6Usaw9tj7Ru4
5nJye0cyIc=906djgiM8oyh
[d8lmqUt]
4kgfyCerxUh=G0gFOhcuA6gO1hJ
euYuNcBoIfIVEnJio34=VDBBi1FihipjpTm
k30ZWFjbA57s9=sjHtdMjTx60
[DGPlze]
[x1aRE]
FcjGRjkMXOO5xQ=bC4HcKBqKK7FkBglLeB
[rBroO]
[FVZf2N]
[Wa4yby5]
OaUuUU9RKTb81JL9aNy3=W6t3AMtBx3W
jYi9AXruDNkyGyDB1Hh=3spYaa9BFlWLWA6zq
[ZsB9r]
hvtlXMYuItsRP6k=KQNHrtNH7ui
CN23dVuPfhwwU=buu9zqYFRNIMx
pt1eUDaUbMoHkF=cjlYzh3kOVWOdA
gEkw5iVWj4qI1rm9wPW=Jg7hPE9FnQ2ouvW
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
H:\3535\g249.js   --a--  47136
----------------------------------------

Sanitized mountpoint for 6a444dc2-e8fc-11df-a6dc-206a8a0ca87d
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive H:
========================================

========================================
Removed H:
========================================
========================================
Removed I:
========================================


New device connected at 12-05-2013 19:46:10

Scanning for connected USB mass storage...
----------------------------------------
H:  {9257afbc-c3d3-11df-bd9d-5cac4c09ab6e}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No Autorun.inf files found on H:
Sanitized mountpoint for 9257afbc-c3d3-11df-bd9d-5cac4c09ab6e
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive H:
========================================

========================================
Removed H:
========================================
 



#23 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 PM

Posted 12 May 2013 - 10:16 AM

You look clean now.

Any remaining issues?

#24 SatanicSaint

SatanicSaint
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 12 May 2013 - 11:50 AM

I deleted the 3535 folder which contained the js files and it didnt come back.

 

Any way to make my folders non hidden in the external hdd? If I go to properties I cant uncheck the hidden parameter.

 

Also there are two files named autorun.inf.blocked and autorun.inf.mcs. Should I delete them or let them be?


Edited by SatanicSaint, 12 May 2013 - 12:00 PM.


#25 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 PM

Posted 12 May 2013 - 01:35 PM

Delete the two files named autorun.inf.blocked only.

Unhide your folder.

Perform steps mentioned below and see if it helps.
a: Press Windows Key + R
b: Then type cmd and hit enter.
c: Now type attrib -r -s -h g:\*.*

replace "g:\" with the letter of your hard disk or thumbdrive.

i.e.

I:\

or

H:\

as the case may be.

#26 SatanicSaint

SatanicSaint
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 12 May 2013 - 01:38 PM

Its all right. I copied the contents to the other folders and deleted the hidden folders.
Thanks a lot for your help. Everything is working perfectly now.
But is there any software which I can use to prevent this so it doesnt happen next time.

#27 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 PM

Posted 12 May 2013 - 01:47 PM

Most infection is now coming from downloaded software or unsolicited email.
Watch what your are opening.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#28 SatanicSaint

SatanicSaint
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 12 May 2013 - 01:57 PM

Thanks a lot. But is there way to block these autorun viruses?



#29 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 PM

Posted 13 May 2013 - 06:41 AM

Just make sure that your Java and Flash are always up to date.

#30 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 PM

Posted 19 May 2013 - 08:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users