Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ulbloqmeed.vbs files turn into shortcuts


  • Please log in to reply
3 replies to this topic

#1 giuliacc

giuliacc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 30 September 2013 - 12:18 PM

hello, 

all my files and folders turn into shortcuts on my USB key.

i tried to follow instruction to remove the malware but it didn't work. i used combofix reading the instruction on this page so i will attach the result file. 

hope someone can help me. sorry for my English.

giulia

Attached Files

  • Attached File  log.txt   15.58KB   0 downloads


BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:53 AM

Posted 30 September 2013 - 11:18 PM

giuliacc,

 

:welcome: to BC forums!

 

Please do the following...

 

:step1:  To stop the Autorun feature, download and run the following:
Microsoft Fix It 50471:
http://support.microsoft.com/kb/967715

Scroll down to: How to disable or enable all Autorun features in Windows 7 and other operating systems
Click Run in the File Download dialog box, and follow the steps of the wizard.

 

Note: There is an option to enable Autorun automatically. You can do so later, if you wish.

 

Reboot the system after applying the Microsoft FixIt.

 

:step2:  Please click on the Windows 7 Start button and then on Control Panel
In Control Panel, select the Folder Options link.
Click on the View tab in the Folder Options window.

 

In the Advanced settings: area, locate the Hidden files and folders category.

Check: Show hidden files, folders, and drives
Uncheck: Hide protected operating system files (Recommended)
Click Apply and OK at the bottom of the Folder Options window.

 
:step3:  Next, download UsbFix:
http://www.infospyware.com/utiles/usbfix/

It is a Spanish language website, but the program is in English.
To download. press the button that says: Descagar  (It means: Download)
Save to the Desktop. 

:step4:   Next, right-click the downloaded USBFix file and select: Run as Administrator

Connect any problem USB drive!

Press: Research

When done, the program closes on its own, and a report appears.
(The report file is also found at C:\UsbFix.txt)

 

>> Please post the UsbFix.txt (Research Mode) report in your reply.

 

:step5:  Once again, run USBFix as Administrator, but, this time, press: Listing

>> Also post the UsbFix.txt (Listing Mode) report in your reply. 

 

Note 1: If USBFix does not run in normal Windows, please run in Safe Mode:

Restart your computer.
 When the computer starts, tap the F8 key on the keyboard repeatedly until presented with the Advanced Boot Options menu
 Using the arrow keys, select: Safe Mode
 Press the Enter key on your keyboard to boot into the selected mode.

 

Note 2: If your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program:

Info - http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

When done with USBFix, re-enable your AV!

 

:step6:  Last, please download the Farbar Recovery Scan Tool
Download: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Select the version that applies to your system.
Save it to your Desktop.

 

Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.

 

Press the Scan button.

 

The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

>> Please provide the FRST.txt in your reply.

 

The first time the tool is run, it also makes another log: Addition.txt

>> Also post the Addition.txt in your reply.


Old duck...


#3 giuliacc

giuliacc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 01 October 2013 - 07:35 AM

hello Aaflac, thanks for your answer!!   :thumbup2:

I attach all the reports. 

giuliacc

Attached Files



#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:53 AM

Posted 01 October 2013 - 04:43 PM

giuliacc,

 

Thanks for providing the reports.

 

Let's press on with FRST...

 

:step1:  Please open Notepad (Start > All Programs > Accessories > Notepad)
 Copy the entire contents of the code box below
 Save it to the Desktop, and name it: fixlist.txt

start
HKLM\...\Run: [ulbloqmeed] - C:\Users\Utente\AppData\Local\Temp\ulbloqmeed.vbs [197010 2013-07-22] () <===== ATTENTION
HKLM-x32\...\Runonce: [] -  [x]
HKCU\...\Run: [ulbloqmeed] - C:\Users\Utente\AppData\Local\Temp\ulbloqmeed.vbs [197010 2013-07-22] () <===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Utente\AppData\Local\Temp\ulbloqmeed.vbs
end

Once again, double-click FRST to run it.
When the tool opens click Yes to disclaimer.
Press the Fix button.

 When done, FRST produces Fixlog.txt on the Desktop.

>> Please provide the Fixlog.txt in your reply. 

 

 

:step2:  Next, please make sure your USB drive is connected.

Then, press the Windows key and the R key at the same time for the Run prompt to appear.
In the Run prompt, type the following in the Open area, and press Enter: cmd
 
When the Command Prompt opens, copy/paste (with the mouse) the following, and press: Enter

attrib -h -s -r -a /s /d X:\*.*

(Change the drive letter X to the letter corresponding to the problem USB removable drive.)
 

:step3:  Now, please run USBFix once again
Press: Deletion

 

When done, the program closes on its own, and a report appears.
The report file is also found at C:\UsbFix.txt

>> Please post the UsbFix.txt (Deletion Mode) report in your reply.

 

Note: If your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program.

 

Please check the USB drive and see if the shortcuts are gone.

 

Thanks!


Edited by Aaflac, 01 October 2013 - 04:45 PM.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users