Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My USB has a virus and puts files as shortcuts


  • This topic is locked This topic is locked
7 replies to this topic

#1 keorynx

keorynx

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 27 June 2015 - 12:18 PM

Hello, I have a 32GB Kingston USB that has been given me problems lately.

 

Everytime I try to put a folder or a file or anything in it, when I put it on another pc, those files are transformed into shortcuts so I cant really open them at all.

 

Another thing that has been happening is that when I connect the USB to a laptop it always gets recognized as a virus. When I analyze it with an antivirus,  it gets scanned and cleaned but when I connect it again to a computer or anything, the antivirus always identifies it as a virus.

 

I have tried formatting the USB and running multiple antivirus but these problems still continue emerging.



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:53 AM

Posted 28 June 2015 - 01:16 AM

USBfix......

http://www.en.usbfix.net/download/usbfix/



#3 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:53 AM

Posted 28 June 2015 - 03:29 AM

 

I have tried formatting the USB and running multiple antivirus but these problems still continue emerging.

 

This is probably because other computers are also infected and they reinfect USB. Or your computer is not cleaned properly. 

 

You can try with USBfix, and I can recommend MCShield.

 

MCShield Anti-Malware USB Tool is a lightweight scanner designed to prevent infections transmitted via removable drives (usb, external, camera cards). It's real-time protection is only real-time when you plug-in an external.

 MSChield Documentation & Program Features

 

If you want to check:

Please download MCShield from the following link:

MCShield -Official download link 
 

  • Double click on MCShield-Setup to install the application.
    Next => I Agree => Next => Install ... per installation click on Run! button.
  • Wait a few seconds to MCShield finish initial HDD scan...
  • Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
  • When all scanning is done, you need to post a logreport that MCShield has created.

Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.

=> Post here AllScanst.txt


Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#4 keorynx

keorynx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 28 June 2015 - 05:56 AM

This is the report from usbfix:

 

############################## | UsbFix V 7.965 | [Research]
 
User: Keoryn (Administrator) # KEORYN-PC
Updated 25/06/2015 by El Desaparecido - SosVirus
Started at 06:33:09 | 28/06/2015
 
Live detection : http://how-to-remove.us/
 
################## | System information |
 
MB: Dell Inc. (0XFXDP) 
CPU: Intel® Core™ i7-4500U CPU @ 1.80GHz
RAM -> [Total : 7916 Mo | Free : 5700 Mo]
Bios: Dell Inc.
Boot: Normal boot
 
OS: Microsoft™ Windows 7 Enterprise (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Google Chrome : 43.0.2357.130
WB: Mozilla Firefox : 38.0.5
WB: Opera : 30.0.1835.88
 
################## | Security Information |
 
AV: Webroot SecureAnywhere [(!) Disabled |Updated]
AS: Webroot SecureAnywhere [(!) Disabled |Updated]
AS: Windows Defender [(!) Disabled |(!) Outdated]
AS: Malwarebytes Anti-Malware : 2.0.4.1028
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
 
################## | Disk Information |
 
C:\ (%SystemDrive%) -> Fixed disk # 931 Gb (235 Gb free - 25%) [] # NTFS
F:\ -> Fixed disk # 931 Gb (414 Gb free - 44%) [Keoryn's External Hard Drive] # NTFS
G:\ -> Removable disk # 29 Gb (29 Gb free - 100%) [KEORYN] # FAT32
 
################## | Startup |
 
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Multi EMail Notifier] "C:\Program Files (x86)\Multi EMail Notifier\MultiEMailNotifier.exe" -startup
04 - HKCU\..\Run : [WizMouse] "C:\Program Files (x86)\WizMouse\WizMouse.exe"
04 - HKCU\..\Run : [Spotify Web Helper] "C:\Users\Keoryn\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
04 - HKCU\..\Run : [KeyboardLeds.exe] "C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe"
04 - HKCU\..\Run : [Spotify] "C:\Users\Keoryn\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
04 - HKCU\..\Run : [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
04 - HKLM\..\Run : [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
04 - HKLM\..\Run : [Syncios device service] C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
04 - HKLM\..\Run : [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
04 - HKLM\..\Policies\Explorer\run : [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
04 - HKLM\..\Policies\Explorer\run : [2121930226] C:\ProgramData\msitb.exe
04 - [x64] HKLM\..\Run : [IgfxTray] "C:\Windows\system32\igfxtray.exe"
04 - [x64] HKLM\..\Run : [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
04 - [x64] HKLM\..\Run : [Persistence] "C:\Windows\system32\igfxpers.exe"
04 - [x64] HKLM\..\Run : [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
04 - [x64] HKLM\..\Run : [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4P1
04 - [x64] HKLM\..\Run : [RtHDVBg_PushButton] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
04 - [x64] HKLM\..\Run : [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
04 - [x64] HKLM\..\Run : [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
04 - [x64] HKLM\..\Policies\Explorer\run : [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
04 - [x64] HKLM\..\Policies\Explorer\run : [2121930226] C:\ProgramData\msitb.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\..\Run : [Multi EMail Notifier] "C:\Program Files (x86)\Multi EMail Notifier\MultiEMailNotifier.exe" -startup
04 - HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\..\Run : [WizMouse] "C:\Program Files (x86)\WizMouse\WizMouse.exe"
04 - HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\..\Run : [Spotify Web Helper] "C:\Users\Keoryn\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\..\Run : [KeyboardLeds.exe] "C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe"
04 - HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\..\Run : [Spotify] "C:\Users\Keoryn\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
04 - HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\..\Run : [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04GS - Compuware Peer.lnk : C:\Program Files (x86)\Compuware\Compuware Peer\bin\GomezPEER.exe
 
################## | Generic Research |
 
Found! G:\KEORYN (30GB).lnk
Found! G:\ \xosoonkyycvtgkibdz.gvi
Found! C:\ProgramData\msitb.exe
Found! C:\Users\All Users\msitb.exe
Found! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|2121930226
Found! [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|2121930226
 
################## | UsbFix - Information |
 
Live detection : http://how-to-remove.us/
 
################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |
 
 
By the way, when I tried using Mcshield, it shuts down. I haven't been able to actually scan with it, it just closes before I can scan with it. I only managed to scan with usbfix and I posted the report above.


#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:53 AM

Posted 28 June 2015 - 05:59 AM

Have you cleaned the items with usb fix?



#6 keorynx

keorynx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 28 June 2015 - 06:19 AM

When I pressed the clean button on usbfix, my computer restarted and it got the Blue Screen of Death. No actual clean could be done.

 

This is the same thing that has been happening for a while now. I also have a thread posted on the virus removal log, here it is: http://www.bleepingcomputer.com/forums/t/580673/cant-open-any-of-my-antivirus-or-antispyware-programs/

 

Someone tried to help me and they recommended me to download and clean my pc using adware cleaner and when I tried to clean it, my computer restarted and got the Blue Screen of Death. Someone else also recommended me to download a spyware removal program called: rkill and when I pressed the clean button on that, my computer restarted and got the Blue Screen of Death.

 

I think i'm gonna need professional help or something :(

 

I dont know what's wrong with my pc and usb. Both of them have problems.



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:53 AM

Posted 28 June 2015 - 06:22 AM

Run a full scan with Reason Core Security

 

pd9wnxI.jpg

Remove infections reboot.

 

 

Run an advanced scan with  Crystal Security.

 

YwB0fU0.jpg

Remove infections reboot.

 

 

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

http://9-lab.com/download/

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt


#8 hamluis

hamluis

    Moderator


  • Moderator
  • 55,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:53 AM

Posted 28 June 2015 - 07:05 AM

Open MRL topic:  http://www.bleepingcomputer.com/forums/t/580673/cant-open-any-of-my-antivirus-or-antispyware-programs/ .

 

Please complete that topic before beginning any new or duplicate-issue topics.

 

This topic is now closed.  If you have any questions about my actions, please contact me via PM.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users