Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

shortcut virus?


  • Please log in to reply
6 replies to this topic

#1 happysunny90

happysunny90

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 30 July 2013 - 04:06 AM

recently i plug in a pendrive from my laptop and i notice that my file is missing so i thought that my pendrive is infected from my friend computer but as i format it and even use a sofware to clean it its still inside my pendrive and i thought that maybe my laptop is infected and as i scan my laptop with anti-virus and malware it turn out that my laptop is clean. right now im confused on how to remove this virus if i can call it that and when the shorcut is made there is always a file named publgdnzsz which is a vbscript script file.any help would be appreciated and i want to avoid formatting my laptop.

 

Thanks


Edited by hamluis, 30 July 2013 - 09:40 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 PM

Posted 30 July 2013 - 05:26 AM

Attention: This action will remove all the files on the flash drive.

 

:step1: Reformat the flash-drive. Go to computer, right click on the flash drive and choose format. 

 

:step2: Use USB Immunizer ==> http://labs.bitdefender.com/projects/usb-immunizer/overview/

                                       ==> http://labs.bitdefender.com/wp-content/plugins/download-monitor/download.php?id=BDUSBImmunizerLauncher.exe

 

:step3: Install and run MBAM

 

:step4: ESET Online Scanner

==================

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 happysunny90

happysunny90
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 30 July 2013 - 03:50 PM

i've done the ESET and from it i got some list of potential infected files and its result is

 

C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe    a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF application
C:\Users\HappySunny\AppData\Local\Temp\publgdnzsz.vbs    VBS/Agent.NDE worm
C:\Users\HappySunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\publgdnzsz.vbs    VBS/Agent.NDE worm
C:\Users\HappySunny\AppData\Roaming\uTorrent\uTorrent.exe    a variant of Win32/Bunndle application
C:\Users\HappySunny\Desktop\asx-ss5_jpn.exe    a variant of Win32/GameHack.EH application
C:\Users\HappySunny\Desktop\ssztrainer.EXE    a variant of Win32/HackTool.CheatEngine.AF application
C:\Users\HappySunny\Desktop\Folder\Aliens Colonial Marines Trainer +16.exe    a variant of Win32/HackTool.CheatEngine.AB application
C:\Users\HappySunny\Downloads\Programs\AS_RO2_downloader.exe    a variant of Win32/InstallCore.CA.gen application
C:\Users\HappySunny\Downloads\Programs\CheatEngine62.exe    multiple threats
C:\Users\HappySunny\Downloads\Programs\DTLite4471-0333.exe    Win32/OpenCandy application
C:\Users\HappySunny\Downloads\Programs\GOMPLAYERENSETUP.EXE    Win32/OpenCandy application
C:\Users\HappySunny\Downloads\Programs\smplayer-0.8.5-ps-win32.exe    Win32/OpenCandy application
C:\Users\HappySunny\Downloads\Programs\smplayer-0.8.5-ps-win32_2.exe    Win32/OpenCandy application
C:\Users\HappySunny\Downloads\Programs\smplayer-0.8.5-ps-win32_3.exe    Win32/OpenCandy application
C:\Users\HappySunny\Downloads\Programs\smplayer-0.8.5-ps-win32_4.exe    Win32/OpenCandy application
C:\Users\HappySunny\Downloads\Programs\utorrent.exe    a variant of Win32/Bunndle application

 

now i notice that the virus is a worm.do i need to just delete it or use the ESET again?
 



#4 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 PM

Posted 31 July 2013 - 02:24 AM

If you run Eset again with delete parameters, it can broke Avira, because this AV has a toolbar init called Ask.

 

Remove the following files by just deleting them and then clean the Recycle bin:

 

C:\Users\HappySunny\AppData\Local\Temp\publgdnzsz.vbs    VBS/Agent.NDE worm
C:\Users\HappySunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\publgdnzsz.vbs    VBS/Agent.NDE worm

C:\Users\HappySunny\Downloads\Programs\CheatEngine62.exe    multiple threats

The others is your own choice, but don't delete the Avira it's toolbar.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#5 happysunny90

happysunny90
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 31 July 2013 - 03:45 AM

ok thanks



#6 apit_77

apit_77

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 15 November 2013 - 03:28 AM

i've done the ESET and from it i got some list of potential infected files and its result is

 

C:\Program Files\Ss.Helper\sprotector.dll    Win32/SProtector.A application
C:\Program Files\Ss.Helper\uninstall.exe    Win32/SProtector.B application
C:\Program Files\Survivor Squad v1.07\steam_api.dll    a variant of Win32/HackTool.Crack.BL application
C:\Program Files\WebSearch\sprotector.dll    a variant of Win32/SProtector.A application
C:\Program Files\WebSearch\uninstall.exe    Win32/SProtector.B application
C:\Users\syafiq\AppData\Local\Babylon\Setup\BExternal.dll    a variant of Win32/Toolbar.Babylon.F application
C:\Users\syafiq\AppData\Local\Babylon\Setup\IECookieLow.dll    a variant of Win32/Toolbar.Babylon.E application
C:\Users\syafiq\AppData\Local\Babylon\Setup\Setup.exe    a variant of Win32/Toolbar.Babylon.H application
C:\Users\syafiq\Desktop\New folder\35815494-ALATAN-TANGAN-ENJIN.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\38819782-Kemalangan-Di-Tempat-Kerja.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\57802512-Kelab-Bola-Sepak.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\86664852-Wild-Cats.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\Alamat.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\Book1.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\Borang Permohonan Pengiktirafan Personel JPK - PPKSPP.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\Brutal Dubstep Mix 2013 - YouTube.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\Carta organisasi PENGURUSAN KEBAJIKAN DAN KAUNSELING 2013.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\cimb_direct_debit_form.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\duty 08 1.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\duty 09 ASSEMBLE EXTERNAL ACCESSORIES.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\duty8 INTERNAL ACCESSORIES UPDATE 2013.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\duty9 EXTERNAL ACCESSORIES UPDATE 2013.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\E4008T1.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\How To Wire Fog And Driving Lights.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\info HID XENON HEAD LIGHTS.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\info Lampu Neon.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\info wiring.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\interview ahad nie.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\KeepVid_ Download and save any video from Youtube, Dailymotion, Metacafe, iFilm and more!.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\kehadiran tahap 1 (sesi JULY 2013).lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\kehadiran tahap 1 (sesi may 2013).lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\kERTAS KERJA.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\kERTAS KERJA_2.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\kERTAS KERJA_3.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\kERTAS KERJA_4.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\kERTAS KERJA_5.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\KP(1)M02-L2-120607.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\KP(1)M04-L2-140607.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\KP(2)M04-L2-140607.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\kuliah3teorisistem-120228030718-phpapp01.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\Lampiran 2 - Senarai Semak PPKSPP.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\M01_PP_door trim baru 2013.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\muka depan kehadiran LEVEL 1.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\muka depan kehadiran LEVEL 2.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\PENGURUSAN SISTEM.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\PENILAIAN PENGETAHUAN - MODULE 01 (L2).lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\PENILAIAN PENGETAHUAN - MODULE 04 (L2).lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\PERATUSAN layak dapat sijil.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\PERNILAIAN PENGETAHUAN - MODULE 02 (L2).lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\PERNILAIAN PENGETAHUAN - MODULE 03 (L2).lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\rujukan pelatih.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\SENARAI PELAJAR TERKINI.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\Setinggi PenghargaaN.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\Skil Belajar.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\SURAT IRINGAN PTPK SESI jan 2013 2-2.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\SURAT kemas kini alamat.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\SURAT maklumat tukar no akaun 1.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\SURAT maklumat tukar no akaun 2.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\SURAT PERMOHONAN barang exam.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\SURAT PERMOHONAN elaun mkn1.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\SURAT TAWARAN INTAKE SEPTEMBER 2011.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\SURAT TAWARAN INTAKE SEPTEMBER 2012.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\word_document_53525550_canonical_e37f9442cd.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Desktop\New folder\yuran.lnk    LNK/Agent.AK trojan
C:\Users\syafiq\Downloads\Programs\bs_Exterminate_It.exe    multiple threats
C:\Users\syafiq\Downloads\Programs\GOMPLAYERENSETUP.EXE    Win32/OpenCandy application
C:\Users\syafiq\Downloads\Programs\wirebooster-setup.rar.exe    Win32/InstalleRex.K application

 

what i need to do...??

plez help me...



#7 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:56 AM

Posted 15 November 2013 - 05:47 PM

Try MCShield for USB protection, you do not need to format USB, just scan it with MCShield...


http://mcshield.net/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users