Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

files in usb drive k


  • Please log in to reply
12 replies to this topic

#1 narayananms

narayananms

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 13 May 2013 - 04:32 AM

dear sirs

 

i was having some files (spreadsheets/word documents/accounting software) in pen drive (k). all of a sudden

i am unable to save anything in that drive.  more over, all the files show "shortcut" now. when i open the

accounting software, a message comes saying some violation.

 

please help me out how to retrieve the files to their earlier status.

 

thanks

 

narayanan m.s.


Edited by hamluis, 13 May 2013 - 11:56 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Anshad Edavana

Anshad Edavana

  • Members
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:16 PM

Posted 13 May 2013 - 06:34 AM

Hi

 

Are you the same guy who posted MS Word problem in http://www.bleepingcomputer.com/forums/t/494396/unable-to-open-ms-wordrestoring-earlier-setup/  ?

 

If yes, your problem is malware related. The virus, which creates shortcuts of all files and folders is detectable in almost all current antivirus solutions. So i assume either you don't  have an antivirus installed or you didn't updated it in a long time. First thing you should do is to bakup all your data to an external medium. Then Install a good free antivirus like "Avast" or "AVG" and scan you system for malwares. If the issue still remains, post a malware removal request in the appropriate section.

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/



#3 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:46 AM

Posted 13 May 2013 - 07:11 AM

Download MCShield via following link --> http://mcshield.net/downloads.html

Install it, now plug in USB, and wait until MCShield scan it. When it finish, press Start --> Run and type following
%AllUsersProfile%\MCShield\AllScans.txt
Then press OK.
 
Copy here content of that file.

#4 narayananms

narayananms
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 13 May 2013 - 09:34 AM

I installed MCShield and the following is the result::

 

>>> MCShield AllScans.txt <<<
 
 
 
>>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.5.12.1 / Windows XP <<<
 
 
13/05/2013 19:29:37 > Drive C: - scan started (no label ~29 GB, NTFS HDD )...
 
 
 
=> The drive is clean.
 
 
13/05/2013 19:29:37 > Drive D: - scan started (no label ~59 GB, NTFS HDD )...
 
 
 
=> The drive is clean.
 
 
13/05/2013 19:29:37 > Drive E: - scan started (no label ~61 GB, NTFS HDD )...
 
 
 
=> The drive is clean.
 
 
13/05/2013 19:29:37 > Drive L: - scan started (no label ~1909 MB, FAT flash drive )...
 
 
>>> L:\LOST.DIR.lnk - Malware > Deletion failed.
 
>>> L:\.android_secure.lnk - Malware > Deletion failed.
 
>>> L:\DCIM.lnk - Malware > Deletion failed.
 
>>> L:\WhatsApp.lnk - Malware > Deletion failed.
 
>>> L:\Android.lnk - Malware > Deletion failed.
 
>>> L:\.Trashes.lnk - Malware > Deletion failed.
 
>>> L:\Carnatic.lnk - Malware > Deletion failed.
 
>>> L:\Winamp.lnk - Malware > Deletion failed.
 
>>> L:\.Trashes\Desktop.ini - Malware > Deleted. (13.05.13. 19.29 Desktop.ini.105216; MD5: e783bdd20a976eaeaae1ff4624487420)
 
>>> L:\bDXCSjYgjLsdEvo.exe - Suspicious > Renaming failed.
 
> Resetting attributes: L:\LOST.DIR < Successful.
 
> Resetting attributes: L:\.android_secure < Successful.
 
> Resetting attributes: L:\DCIM < Successful.
 
> Resetting attributes: L:\WhatsApp < Successful.
 
> Resetting attributes: L:\Android < Successful.
 
> Resetting attributes: L:\.Trashes < Successful.
 
> Resetting attributes: L:\Carnatic < Successful.
 
> Resetting attributes: L:\Winamp < Successful.
 
 
=> Malicious files   : 1/9 deleted.
=> Suspicious files  : 0/1 renamed.
=> Hidden folders    : 8/8 unhidden.
 
____________________________________________
 
::::: Scan duration: 4sec ::::::::::::::::::
____________________________________________
 
 
 
 
>>> MCShield ::Anti-Malware Tool:: v 2.6.3.21 / DB: 2013.5.12.1 / Windows XP <<<
 
 
13/05/2013 19:32:07 > Drive K: - scan started (no label ~15260 MB, FAT32 flash drive )...
 
 
 
---> Executing generic S&D routine... Searching for files hidden by malware...
 
 
---> Items to process: 3
 
---> K:\New_Format_Credit_Card.xls > unhidden.
 
---> K:\Medical_Claims_upto_March_2013.xls > unhidden.
 
---> K:\subhaposted5th.MDB > unhidden.
 
 
 
>>> K:\New_Format_Credit_Card.xls.lnk - Malware > Deletion failed.
 
>>> K:\Medical_Claims_upto_March_2013.xls.lnk - Malware > Deletion failed.
 
>>> K:\subhaposted5th.MDB.lnk - Malware > Deletion failed.
 
>>> K:\qNHgggkiwxCTuPu.exe - Malware > Deletion failed.
 
>>> K:\backup.lnk - Malware > Deletion failed.
 
>>> K:\Tally.lnk - Malware > Deletion failed.
 
>>> K:\Cinema_Video.lnk - Malware > Deletion failed.
 
>>> K:\Correspondence.lnk - Malware > Deletion failed.
 
>>> K:\Tata_Tele_Bill_Payment.lnk - Malware > Deletion failed.
 
>>> K:\.Trashes.lnk - Malware > Deletion failed.
 
>>> K:\HDFC_Credit_Card_Payment.lnk - Malware > Deletion failed.
 
>>> K:\Documents.lnk - Malware > Deletion failed.
 
>>> K:\Old_Cinema_Songs_Audio.lnk - Malware > Deletion failed.
 
>>> K:\documents.lnk - Malware > Deletion failed.
 
>>> K:\.Trashes\Desktop.ini - Malware > Deleted. (13.05.13. 19.32 Desktop.ini.33708; MD5: e783bdd20a976eaeaae1ff4624487420)
 
>>> K:\qNHgggkiwxCTuPu.exe - Suspicious > Renaming failed.
 
> Resetting attributes: K:\backup < Successful.
 
> Resetting attributes: K:\Tally < Successful.
 
> Resetting attributes: K:\Cinema_Video < Successful.
 
> Resetting attributes: K:\Correspondence < Successful.
 
> Resetting attributes: K:\Tata_Tele_Bill_Payment < Successful.
 
> Resetting attributes: K:\.Trashes < Successful.
 
> Resetting attributes: K:\HDFC_Credit_Card_Payment < Successful.
 
> Resetting attributes: K:\Documents < Successful.
 
> Resetting attributes: K:\Old_Cinema_Songs_Audio < Successful.
 
 
=> Malicious files   : 1/15 deleted.
=> Suspicious files  : 0/1 renamed.
=> Hidden folders    : 9/9 unhidden.
=> Hidden files      : 3/3 unhidden.
 
____________________________________________
 
::::: Scan duration: 8sec ::::::::::::::::::
____________________________________________
 

i need your esteemed suggestion to remove the malware files.

 

thanks



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:46 AM

Posted 13 May 2013 - 10:57 AM

Moved from XP to Am I Infected.

 

Louis



#6 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:46 AM

Posted 13 May 2013 - 11:53 AM

Some of the malware files failed to delete, try to disable your security software and again plug in USB drives...

After you finish, attach the log...

Edited by TwinHeadedEagle, 13 May 2013 - 12:52 PM.


#7 narayananms

narayananms
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 13 May 2013 - 10:53 PM

Title was: MCShield . ~ OB :cherry:
 
 
Dear all

My apologies if I am not posting in the proper forum.

As guided by one of the members I installed and some problems were found.

Please guide me as to what action I should take now to remove the virus.

Thanks

Narayananms


Edited by Orange Blossom, 14 May 2013 - 12:37 AM.
Merged topics. ~ OB


#8 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:46 AM

Posted 14 May 2013 - 12:28 AM

I already gave you instructions. MCShield was blocked by your antivirus. Disable Antivirus and plug usb drives so MCShield can remove the infectons...

#9 narayananms

narayananms
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 14 May 2013 - 05:49 AM

dear sir

 

thanks for you instructions.

 

i am still stuck and am unable to disable mcshield antivirus.  

i am very sorry to bother you, but shall be thankful if you could

please advise me the steps to be followed to disable antivirus.

i tried so many times in vain.

 

narayananms



#10 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:46 AM

Posted 14 May 2013 - 09:42 AM

You don't need to disable MCShield, because MCShield is here to remove malware present on your usb drives. Problem is that your antivirus blocks MCShild in its attempt to remove malware.

Follow this guide, find your antivirus and disable it

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

After you disable antivirus, plug usb drives, and let MCShield scan them. After that, attach the report...

Edited by TwinHeadedEagle, 14 May 2013 - 09:43 AM.


#11 narayananms

narayananms
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 15 May 2013 - 04:33 AM

dear all

 

unfortunately, disabling antivirus did nothing to solve my problem.  

 

i give below the sequences enable to understand the problem and to guide me to solve it:

 

   1.  Open starting Windows XP - 

        Winzip screen appears - Closed

        PC Speed Maximizer appears - Closed

        MC Shield Protecting System - Closed

   2. Screen becomes black - waited for sometime

       Some messages appeared (Date, Time, accepted, 1/1, 100.00% etc)

   3. Start Memu and other shortcut icons appear

   4. In the task bar c: C:\Documents and Settings\Admin\Application Data\bits\scvhost.exe appears

   5. Right clicked on it - selected "Close" - Screen goes blank

   6. Opened and Closed "Task Manager"

   7. By shortcut, selected New Microsoft word document

   8. Message appears in File in use Screen: "New Microsoft word document.doc is locked for

       editing by 'another user'

   9. Opted for "Creating a local copy" - Does not work

 10 .Opened a New Document and Typed some sentences and tried to "Save as"

       Message "Word cannot complete the save due to a file permission error"

 

With my little knowledge, i tried to restore system but it did not work - probably

rstrui.exe is not found (though it is there)

 

i am also unable to open the computer in safe mode (by pressing f8)

 

hope the above indications can help diagnosing the problem.

 

thanks for all the assistance.

 

narayananms 



#12 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:46 AM

Posted 15 May 2013 - 06:35 AM

I think it is the best for you to open your topic at http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

 

 

Follow this preparation guide --> http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/



#13 cmptrgy

cmptrgy

  • Members
  • 1,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:06:46 AM

Posted 21 May 2013 - 07:38 AM

I can't tell yet whether or not you have moved to malware removal forum but as already recommended it's the right thing to do

 

BTW, does the computer test out clean without any USB's connected to the pc? 

--- Since you cannot boot into Safe Mode, you probably need to get the computer operating properly, clean and maintained before moving on to clean up the USB issues but I'll leave the experts to guide you along that path

--- I think it would be a good idea to look into the processes in Task Manager to look for questionable programs, especially .exe's at least for a FYI

 

Moving on

 

In your L drive you have a lot of failed deletions but some successful resetting attributes

--- I see a couple of major issues in there:

------ L:\.Trashes\Desktop.ini - Malware > 

------ L:\bDXCSjYgjLsdEvo.exe. This one is really troubling

 

In your K drive I see a additional issues

--- It looks to me like you are doing backups on this drive so I would be careful about continuing to do any more backups until your issues are resolve

--- There are also some credit card entries. Do what you have to do about that

--- K:\.Trashes\Desktop.ini - Malware just like drive L

--- K:\qNHgggkiwxCTuPu.exe This one is also really troubling

Those 2 exe's need to be dealt with immediately

 

It also looks to me like you are using PC Speed Maximiser as your computer protection program. I don't know whether or not that's a good idea but I would follow up on the experts on what to do about that especially if you move to the malware removal forum Good luck

 

 

 

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users