Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious files on USB


  • Please log in to reply
1 reply to this topic

#1 Geo98

Geo98

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 29 December 2013 - 09:07 AM

So when i insert my usb, i get a shotcut of my hard drive and when i click it, my files are there. I format it, the problem persists.

I ran MC Shield, and i got me that report:

 
 
>>> G:\desktop.ini - Malware > Deleted. (13.12.29. 15.39 desktop.ini.235867; MD5: e04f47911bb0f94ad5f8e417a8deefe9)
 
>>> G:\GEORGIO (4GB).lnk - Malware > Deleted. (13.12.29. 15.39 GEORGIO (4GB).lnk.606804; MD5: 83d594f268fd58bee2b9c9f1c9faa7ac)
 
>>> G:\_WBINIFVKKH.init - Malware > Deleted. (13.12.29. 15.39 _WBINIFVKKH.init.947393; MD5: 61d6d4bce26a6c83381b386639eaae21)
 
>>> G:\Thumbs.db - Malware > Deleted. (13.12.29. 15.39 Thumbs.db.955319; MD5: 0243c4cb1ef9f3f5a1a9c200c5597b77)
 
> Resetting attributes: G:\  < Successful.
 
 
=> Malicious files   : 4/4 deleted.
=> Hidden folders    : 1/1 unhidden.
 
.
.
.
.
I though it was fixed but it wasn't, everytime i get the same report

Edited by Geo98, 29 December 2013 - 09:16 AM.


BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:02:26 AM

Posted 29 December 2013 - 01:29 PM

:welcome: to BC forums, Geo98!


Please do the following

:step1: Click on the Windows 7 Start button and then on Control Panel

In Control Panel, select the Folder Options link.
Click on the View tab in the Folder Options window.

In the Advanced settings: area, locate the Hidden files and folders category.
Check: Show hidden files, folders, and drives
Uncheck: Hide protected operating system files (Recommended)

Click Apply and OK at the bottom of the Folder Options window.


:step2: Next, use UsbFix:
Download > http://www.en.usbfix.net
Save to the Desktop.

Right-click the downloaded USBFix file and select: Run as Administrator

When a window requesting the connection of removable drives appears, please connect the problem USB drive as requested!

Press: Research

This option scans the connected drives, and reports its infected Files and Folders

When done, the program closes on its own, and a report appears.
(The report file is also found at C:\UsbFix.txt)

>> Please post the UsbFix.txt (Research) report in your reply.


:step3: Once again, run USBFix as Administrator, but, this time, press: Listing

It creates a report of all the Folders and Files found at the root of every hard drive, partition, or removable drive connected.

>> Also post the UsbFix.txt (Listing) report in your reply.

Note 1: If USBFix does not run in normal Windows, please run in Safe Mode:

-Restart your computer.
-When the computer starts, tap the F8 key on the keyboard repeatedly until presented with the Advanced Boot Options menu
-Using the arrow keys, select: Safe Mode
-Press the Enter key on your keyboard to boot into the selected mode.

Note 2: If your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program:
Info - http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
When done with USBFix, re-enable your AV!


:step4: Last, please use the Farbar Recovery Scan Tool

Download > http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Select the version that applies to your system.
Save to your Desktop.
Double-click the downloaded file to run it.
When the tool opens click Yes to the disclaimer.

Press the Scan button.

At completion of its scan, the tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

>> Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt

>> Also post the Addition.txt in your reply.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users