Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Seemingly Unremovable Virus

  • Please log in to reply
1 reply to this topic

#1 Liamza2314


  • Members
  • 6 posts
  • Local time:06:42 AM

Posted 10 September 2015 - 11:50 AM

Hi everybody. My name is Liam and I run a general computer business. The other day a man came to me with a virus, it infects removable drives by creating a shortcut on the drive to itself. The target to the shortcut is an app called svchost.exe and ts a system item. I cant think of anything other than a reinstall! Of course because of data loss thats not a good idea, but unless I can find something here it may be the only way. I have, of course scoured the internet for information, but I found nothing.
Any help would be appreciated

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)


#2 dc3


    Bleeping Treehugger

  • Members
  • 30,714 posts
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:42 PM

Posted 10 September 2015 - 12:08 PM

The tool needed to resolve this cannot be used in the Windows forums, so this topic will be moved to the Am I Infected forum.
Please download Powelikscleaner (by ESET) and save it to your Desktop.
1.  Double-click on ESETPoweliksCleaner.exe to start the tool.
2.  Read the terms of the End-user license agreement and click Agree.
3.  The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
4.  If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
The tool will produce a log in the same directory the tool was run from.
Please copy and paste the log in your next reply.

Please run Malwarebytes AntiMalware
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
Click on Update Now, after Malwarebytes is updated click on Scan.
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
You will be prompted to update Malwarebytes, to do so click on Update Now.
3)  The scan will automatically run now.
4)  When the scan is complete the results will be displayed.  Click on Delete All.
5)  Please post the Malwarebytes log.
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.

Please download and run RogueKiller.
1.  roguekiller1_zpsvv6sclii.png
2.  roguekiller2_zpst1wtjxvk.png
3.  roguekiller3_zps98opu0as.png

Emsisoft Emergency Kit
Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note:  This option is only available if malicious objects were detected during the scan.  If this is the case select Delete selected.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

  • Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users