Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Malicious files on USB

  • Please log in to reply
1 reply to this topic

#1 Geo98


  • Members
  • 1 posts
  • Local time:08:56 PM

Posted 29 December 2013 - 09:07 AM

So when i insert my usb, i get a shotcut of my hard drive and when i click it, my files are there. I format it, the problem persists.

I ran MC Shield, and i got me that report:

>>> G:\desktop.ini - Malware > Deleted. (13.12.29. 15.39 desktop.ini.235867; MD5: e04f47911bb0f94ad5f8e417a8deefe9)
>>> G:\GEORGIO (4GB).lnk - Malware > Deleted. (13.12.29. 15.39 GEORGIO (4GB).lnk.606804; MD5: 83d594f268fd58bee2b9c9f1c9faa7ac)
>>> G:\_WBINIFVKKH.init - Malware > Deleted. (13.12.29. 15.39 _WBINIFVKKH.init.947393; MD5: 61d6d4bce26a6c83381b386639eaae21)
>>> G:\Thumbs.db - Malware > Deleted. (13.12.29. 15.39 Thumbs.db.955319; MD5: 0243c4cb1ef9f3f5a1a9c200c5597b77)
> Resetting attributes: G:\  < Successful.
=> Malicious files   : 4/4 deleted.
=> Hidden folders    : 1/1 unhidden.
I though it was fixed but it wasn't, everytime i get the same report

Edited by Geo98, 29 December 2013 - 09:16 AM.

BC AdBot (Login to Remove)


#2 Aaflac


    Doin' Dis 'n Dat...

  • Malware Response Team
  • 2,307 posts
  • Gender:Not Telling
  • Location:USA
  • Local time:01:56 PM

Posted 29 December 2013 - 01:29 PM

:welcome: to BC forums, Geo98!

Please do the following

:step1: Click on the Windows 7 Start button and then on Control Panel

In Control Panel, select the Folder Options link.
Click on the View tab in the Folder Options window.

In the Advanced settings: area, locate the Hidden files and folders category.
Check: Show hidden files, folders, and drives
Uncheck: Hide protected operating system files (Recommended)

Click Apply and OK at the bottom of the Folder Options window.

:step2: Next, use UsbFix:
Download > http://www.en.usbfix.net
Save to the Desktop.

Right-click the downloaded USBFix file and select: Run as Administrator

When a window requesting the connection of removable drives appears, please connect the problem USB drive as requested!

Press: Research

This option scans the connected drives, and reports its infected Files and Folders

When done, the program closes on its own, and a report appears.
(The report file is also found at C:\UsbFix.txt)

>> Please post the UsbFix.txt (Research) report in your reply.

:step3: Once again, run USBFix as Administrator, but, this time, press: Listing

It creates a report of all the Folders and Files found at the root of every hard drive, partition, or removable drive connected.

>> Also post the UsbFix.txt (Listing) report in your reply.

Note 1: If USBFix does not run in normal Windows, please run in Safe Mode:

-Restart your computer.
-When the computer starts, tap the F8 key on the keyboard repeatedly until presented with the Advanced Boot Options menu
-Using the arrow keys, select: Safe Mode
-Press the Enter key on your keyboard to boot into the selected mode.

Note 2: If your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program:
Info - http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
When done with USBFix, re-enable your AV!

:step4: Last, please use the Farbar Recovery Scan Tool

Download > http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Select the version that applies to your system.
Save to your Desktop.
Double-click the downloaded file to run it.
When the tool opens click Yes to the disclaimer.

Press the Scan button.

At completion of its scan, the tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

>> Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt

>> Also post the Addition.txt in your reply.

Old duck...

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users