My USB drive changes all its files to shortcuts.
Solved/Closed
MoxieFran
Posted messages
7
Status
Membre
-
sonson -
sonson -
Hello or good evening,
I recently connected my USB drive to a computer at the Taxiphone (to print) and when I reopened it on my computer, I noticed that all the files it contained had been changed into shortcuts with the same names. I can still open them.
When I delete the shortcuts, they come back/reappear, and I can still open them even after trying to delete them.
I copied all the files/shortcuts from my USB drive to my computer; then I deleted them from my USB drive; I then formatted my USB drive and this time the deleted shortcuts did not reappear.
But it didn't last... I tested by placing other files on my USB drive and within seconds they turned into shortcuts, still accessible even after attempting to delete them.
Also, the files on my computer copied from my USB drive (and permanently deleted from my USB drive afterward due to formatting) can no longer be opened and display "Windows could not find 'iTunesHelper.vbe'" or "Windows could not open/find *filename*".
I ran a scan with Antivir (the antivirus) but according to it, "no virus detected".
Being able to access my files even if they are in shortcut form shouldn't bother me, however, I have read on other forums that it may be a virus, and I also found that one needs a "guide" to help follow up and resolve the issue. That's why I am seeking your help and thank you in advance for your attention.
I recently connected my USB drive to a computer at the Taxiphone (to print) and when I reopened it on my computer, I noticed that all the files it contained had been changed into shortcuts with the same names. I can still open them.
When I delete the shortcuts, they come back/reappear, and I can still open them even after trying to delete them.
I copied all the files/shortcuts from my USB drive to my computer; then I deleted them from my USB drive; I then formatted my USB drive and this time the deleted shortcuts did not reappear.
But it didn't last... I tested by placing other files on my USB drive and within seconds they turned into shortcuts, still accessible even after attempting to delete them.
Also, the files on my computer copied from my USB drive (and permanently deleted from my USB drive afterward due to formatting) can no longer be opened and display "Windows could not find 'iTunesHelper.vbe'" or "Windows could not open/find *filename*".
I ran a scan with Antivir (the antivirus) but according to it, "no virus detected".
Being able to access my files even if they are in shortcut form shouldn't bother me, however, I have read on other forums that it may be a virus, and I also found that one needs a "guide" to help follow up and resolve the issue. That's why I am seeking your help and thank you in advance for your attention.
18 réponses
Hello,
Download (created by El Desaparecido) to your Desktop.
If your antivirus displays an alert, ignore it and temporarily disable the antivirus.
Connect all your external data sources to your PC (USB flash drive, external hard drive, etc...) without opening them.
Double-click on "UsbFix.exe".
Click on [Search].
Let the tool work.
The scan will then begin and a report will be displayed at the end of the scan.
post it here => https://www.cjoint.com/ and provide the link
The report is also saved at the root of the system drive (C:\UsbFix.txt).
Note: => If it doesn't work in normal mode, switch to safe mode
Upon restarting your PC, tap the "F8" or "F5" key in the menu that appears choose "safe mode with networking support"
=> How to reboot in safe mode
--
** Go all the way through your disinfection, even if you notice an improvement after the first tools used **
Download (created by El Desaparecido) to your Desktop.
If your antivirus displays an alert, ignore it and temporarily disable the antivirus.
Connect all your external data sources to your PC (USB flash drive, external hard drive, etc...) without opening them.
Double-click on "UsbFix.exe".
Click on [Search].
Let the tool work.
The scan will then begin and a report will be displayed at the end of the scan.
post it here => https://www.cjoint.com/ and provide the link
The report is also saved at the root of the system drive (C:\UsbFix.txt).
Note: => If it doesn't work in normal mode, switch to safe mode
Upon restarting your PC, tap the "F8" or "F5" key in the menu that appears choose "safe mode with networking support"
=> How to reboot in safe mode
--
** Go all the way through your disinfection, even if you notice an improvement after the first tools used **
Hello,
==> Connect all your external data sources to your PC (USB stick, external hard drive, etc...) without opening them. Double-click on "UsbFix.exe".
Click on [Removal].
Let the tool work.
The analysis will then begin, and a report will be displayed at the end of the scan.
Post its report / please
The report is also saved at the root of the system drive ( C:\UsbFix.txt ).
--
** Go all the way with your disinfection, even if you notice an improvement after the first tools have been run **
==> Connect all your external data sources to your PC (USB stick, external hard drive, etc...) without opening them. Double-click on "UsbFix.exe".
Click on [Removal].
Let the tool work.
The analysis will then begin, and a report will be displayed at the end of the scan.
Post its report / please
The report is also saved at the root of the system drive ( C:\UsbFix.txt ).
--
** Go all the way with your disinfection, even if you notice an improvement after the first tools have been run **
ok go ;)
the rest with MBAM
--
** Go all the way through your disinfection, even if you notice an improvement after the first tools used **
the rest with MBAM
--
** Go all the way through your disinfection, even if you notice an improvement after the first tools used **
<bold>==> Do you still have any issues?
--
** Go through with your disinfection, even if you notice an improvement after the first tools used **
--
** Go through with your disinfection, even if you notice an improvement after the first tools used **
The files are no longer shortcuts, and they do not reappear when I delete them. The problem seems to be resolved, thank you so much for your valuable help :D
Is there also a need for cleaning on the computer? I had also connected my infected USB drive to my notebook, is there anything that needs to be done on it as well?
Thanks again.
Is there also a need for cleaning on the computer? I had also connected my infected USB drive to my notebook, is there anything that needs to be done on it as well?
Thanks again.
We can do a general check if you want! me.. one PC at a time! do this =>
Scan ZHPDiag:
We are going to use this diagnostic tool now to see all the issues and ensure nothing remains
Download ZHPDiag (by Nicolas Coolman) to your desktop
Then click on the downloaded file to run the software installation.
Follow the prompts during the installation, keeping the default settings,
==> Above all, don’t forget to install its icon on the desktop; the icon is in the shape of a parchment
As a result of these actions, the tool created "2°" shortcuts (ZHPFix, ZHPDiag)
To run a complete scan, click the desktop icon "ZHPDiag" representing a "parchment".
In the software interface, click the "Configure" button to access the settings.
Then click the "Magnifying Glass +" button at the bottom left to start a Full Options Diagnostic. ==> HERE IMAGE
The scan will take place, please wait a few minutes while the tool works as indicated by "Processing in progress..."
At the end of the scan, which will be indicated in the program interface, 100%, the report will open in Notepad. =>
==>NOTE: You need to host this report that is on the desktop, as it is too long to be posted on the forum. To host the report Go to the Cjoint site ==> https://www.cjoint.com/
=> To help you http://www.pc-infopratique.com/forum-informatique/tutoriel-heberger-rapport-vt-67934.html
click here tutorial zhpdiag
The ZHPDiag.txt report will also be on your desktop. If necessary, it is saved in C:\ZHP\ZHPDiag.txt.
--
** Go all the way through your disinfection, even if you notice an improvement after the first tools**
Scan ZHPDiag:
We are going to use this diagnostic tool now to see all the issues and ensure nothing remains
Download ZHPDiag (by Nicolas Coolman) to your desktop
Then click on the downloaded file to run the software installation.
Follow the prompts during the installation, keeping the default settings,
==> Above all, don’t forget to install its icon on the desktop; the icon is in the shape of a parchment
As a result of these actions, the tool created "2°" shortcuts (ZHPFix, ZHPDiag)
To run a complete scan, click the desktop icon "ZHPDiag" representing a "parchment".
In the software interface, click the "Configure" button to access the settings.
Then click the "Magnifying Glass +" button at the bottom left to start a Full Options Diagnostic. ==> HERE IMAGE
The scan will take place, please wait a few minutes while the tool works as indicated by "Processing in progress..."
At the end of the scan, which will be indicated in the program interface, 100%, the report will open in Notepad. =>
==>NOTE: You need to host this report that is on the desktop, as it is too long to be posted on the forum. To host the report Go to the Cjoint site ==> https://www.cjoint.com/
=> To help you http://www.pc-infopratique.com/forum-informatique/tutoriel-heberger-rapport-vt-67934.html
click here tutorial zhpdiag
The ZHPDiag.txt report will also be on your desktop. If necessary, it is saved in C:\ZHP\ZHPDiag.txt.
--
** Go all the way through your disinfection, even if you notice an improvement after the first tools**
Thank you for the instructions, here is the report issued by ZHPDiag following the full options diagnosis https://www.cjoint.com/c/CKeudjdijCX
You did well to do it! ;)
If you have adware, follow these steps in order
1) Download ==> AdwCleaner (by Xplode) to your desktop
Double-click the icon on your desktop to launch it (Vista/7/8 --> Right-click and "Run as administrator"
Click the "Scan" button
When the scan is finished, it says "Pending. Please uncheck the items...." above the progress bar
Click the Clean button
Accept the message about closing applications
Confirm, after reading, the information window about PUP/LPI
Accept the restart message
Wait during the removal
The PC will restart and a report will open automatically in Notepad after restart Copy/paste its content into your next response
Note: The report is also saved under C:\AdwCleaner[S1].txt
___________________________________________________________>>>
We will use a tool to complement AdwCleaner:
==> 2) Download here ==>Junkware Removal Tool
==> (do not click on download, the download will start automatically)
==> Save it to your desktop.
==> Close all running applications.
==> Open JRT.exe and press Enter: if you are using Windows Vista, 7, or 8, open it by right-clicking => Run as administrator.
==> Wait for the tool to work: the desktop will disappear for a moment, this is completely normal.
-> At the end of the scan, a report named JRT.txt will open. Upload it like this http://www.forum-entraide-informatique.com/support/cjoint-com-tutoriel-t2939.html and post the link obtained in your next response.
==>Tutorial :=> HERE JRT
------------------------------------------------------------------------------->>>>
Then do this ==>
3) Download =>> Malwarebytes' Anti-Malware
Proceed with the installation, uncheck "Activate the free trial of Malwarebytes Anti-Malware PRO"
The program will update automatically; if not, click on Check for updates
=> If MBAM is already installed, go directly to the update and then to the scan.<=
=> Perform a full scan by clicking on Run a complete scan
Select the drives to scan and click on Start scan
The scan may take some time
When the scan is complete,
=> click on OK then on View results
/!\ "IMPORTANT" Make sure everything is checked and click on "Delete" the selection then on "OK" /!\
Notepad will open containing a report
Copy (Ctrl+C)/Paste (Ctrl+V) the report into your next response
/!\ It is possible that some files will need to be deleted upon PC restart. You must do this by clicking Yes to the question asked
To find the report open MBAM +> reports/logs tab The most recent one
mbam........log => image=> reports/logs tab
=> If you need help, check this tutorial ==>
http://sosvirus.net/viewtopic.php?f=281&t=594malware-tutoriel or here => malware-tutorial
(Keep Malwarebytes on your PC for regular scans from time to time)
--
** Go all the way through your cleanup, even if you notice an improvement after the first tools used **
If you have adware, follow these steps in order
1) Download ==> AdwCleaner (by Xplode) to your desktop
Double-click the icon on your desktop to launch it (Vista/7/8 --> Right-click and "Run as administrator"
Click the "Scan" button
When the scan is finished, it says "Pending. Please uncheck the items...." above the progress bar
Click the Clean button
Accept the message about closing applications
Confirm, after reading, the information window about PUP/LPI
Accept the restart message
Wait during the removal
The PC will restart and a report will open automatically in Notepad after restart Copy/paste its content into your next response
Note: The report is also saved under C:\AdwCleaner[S1].txt
___________________________________________________________>>>
We will use a tool to complement AdwCleaner:
==> 2) Download here ==>Junkware Removal Tool
==> (do not click on download, the download will start automatically)
==> Save it to your desktop.
==> Close all running applications.
==> Open JRT.exe and press Enter: if you are using Windows Vista, 7, or 8, open it by right-clicking => Run as administrator.
==> Wait for the tool to work: the desktop will disappear for a moment, this is completely normal.
-> At the end of the scan, a report named JRT.txt will open. Upload it like this http://www.forum-entraide-informatique.com/support/cjoint-com-tutoriel-t2939.html and post the link obtained in your next response.
==>Tutorial :=> HERE JRT
------------------------------------------------------------------------------->>>>
Then do this ==>
3) Download =>> Malwarebytes' Anti-Malware
Proceed with the installation, uncheck "Activate the free trial of Malwarebytes Anti-Malware PRO"
The program will update automatically; if not, click on Check for updates
=> If MBAM is already installed, go directly to the update and then to the scan.<=
=> Perform a full scan by clicking on Run a complete scan
Select the drives to scan and click on Start scan
The scan may take some time
When the scan is complete,
=> click on OK then on View results
/!\ "IMPORTANT" Make sure everything is checked and click on "Delete" the selection then on "OK" /!\
Notepad will open containing a report
Copy (Ctrl+C)/Paste (Ctrl+V) the report into your next response
/!\ It is possible that some files will need to be deleted upon PC restart. You must do this by clicking Yes to the question asked
To find the report open MBAM +> reports/logs tab The most recent one
mbam........log => image=> reports/logs tab
=> If you need help, check this tutorial ==>
http://sosvirus.net/viewtopic.php?f=281&t=594malware-tutoriel or here => malware-tutorial
(Keep Malwarebytes on your PC for regular scans from time to time)
--
** Go all the way through your cleanup, even if you notice an improvement after the first tools used **
First of all, here is the report from the first scan with AdwCleaner https://www.cjoint.com/c/CKevqZFsHXR
Next, here is the report generated by JRT https://www.cjoint.com/c/CKevHAlj15O
Finally, here is the report produced by Malwarebytes after the analysis and removal of quarantined files:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.04.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
BUN :: BUN-PC [Administrator]
04/11/2013 21:45:37
mbam-log-2013-11-04 (21-45-37).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File system | Heuristic/Extra | Heuristic/Shuriken | PUP | PUM
Scan options disabled: P2P
Item(s) scanned: 314359
Time elapsed: 1 hour(s), 3 minute(s), 22 second(s)
Memory processes detected: 0
(No malicious items detected)
Memory modules detected: 0
(No malicious items detected)
Registry key(s) detected: 0
(No malicious items detected)
Registry value(s) detected: 0
(No malicious items detected)
Registry data item(s) detected: 0
(No malicious items detected)
Folder(s) detected: 0
(No malicious items detected)
File(s) detected: 2
C:\AdwCleaner\Quarantine\C\Users\BUN\AppData\Local\Bundled software uninstaller\biclient.exe.vir (PUP.Optional.Somoto.A) -> Successfully quarantined and removed.
C:\AdwCleaner\Quarantine\C\Users\BUN\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize.A) -> Successfully quarantined and removed.
(end)
Okay, thank you for the advice and for your help.
:D
Next, here is the report generated by JRT https://www.cjoint.com/c/CKevHAlj15O
Finally, here is the report produced by Malwarebytes after the analysis and removal of quarantined files:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.04.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
BUN :: BUN-PC [Administrator]
04/11/2013 21:45:37
mbam-log-2013-11-04 (21-45-37).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File system | Heuristic/Extra | Heuristic/Shuriken | PUP | PUM
Scan options disabled: P2P
Item(s) scanned: 314359
Time elapsed: 1 hour(s), 3 minute(s), 22 second(s)
Memory processes detected: 0
(No malicious items detected)
Memory modules detected: 0
(No malicious items detected)
Registry key(s) detected: 0
(No malicious items detected)
Registry value(s) detected: 0
(No malicious items detected)
Registry data item(s) detected: 0
(No malicious items detected)
Folder(s) detected: 0
(No malicious items detected)
File(s) detected: 2
C:\AdwCleaner\Quarantine\C\Users\BUN\AppData\Local\Bundled software uninstaller\biclient.exe.vir (PUP.Optional.Somoto.A) -> Successfully quarantined and removed.
C:\AdwCleaner\Quarantine\C\Users\BUN\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize.A) -> Successfully quarantined and removed.
(end)
Okay, thank you for the advice and for your help.
:D
ok, go ;)
for control, make a new ZHPDiag log:
check the image here =>
https://www.cjoint.com/c/CJukFzALKYy
Then post the generated report to me in your next message. :). => To host the report, go to the Cjoint site ==> https://www.cjoint.com/
--
** Go all the way through your disinfection, even if you notice an improvement after the first tools **
for control, make a new ZHPDiag log:
check the image here =>
https://www.cjoint.com/c/CJukFzALKYy
Then post the generated report to me in your next message. :). => To host the report, go to the Cjoint site ==> https://www.cjoint.com/
--
** Go all the way through your disinfection, even if you notice an improvement after the first tools **
ok it's all good ;)
thank you Be careful and happy surfing! -)
--
** Go all the way with your disinfection, even if you notice an improvement after the first tools used **
thank you Be careful and happy surfing! -)
--
** Go all the way with your disinfection, even if you notice an improvement after the first tools used **
Hello, feyo
==> Connect all your external data sources to your PC (USB drive, external hard drive, etc...) without opening them. Double-click on "UsbFix.exe".
Click on [Delete].
Let the tool work.
The analysis will then begin and a report will be displayed at the end of the scan.
Post its report / please
The report is also saved in the root of the system drive ( C:\UsbFix.txt ).
==> Connect all your external data sources to your PC (USB drive, external hard drive, etc...) without opening them. Double-click on "UsbFix.exe".
Click on [Delete].
Let the tool work.
The analysis will then begin and a report will be displayed at the end of the scan.
Post its report / please
The report is also saved in the root of the system drive ( C:\UsbFix.txt ).
https://www.cjoint.com/c/CLElxXp0DtD
I don’t know if it works, but I followed the instructions and I’m posting the link here.
I don’t know if it works, but I followed the instructions and I’m posting the link here.
to continue, open a new topic here https://forums.commentcamarche.net/forum/virus-securite-7 and post the report
@+
@+
you have Spybot S&D as antimalware. This software may interfere with the disinfection, it is preferable to uninstall it as it does not help against the latest generation of malware and slows down the PC => please uninstall
1) uninstall Spybot - Search
** Go all the way through your disinfection, even if you notice an improvement after the first tools used **
1) uninstall Spybot - Search
** Go all the way through your disinfection, even if you notice an improvement after the first tools used **
puis fais ceci
2)
___________________________________________________________
Using the ZHPFix tool: Follow this procedure in the order indicated:
This script will target certain elements to delete :
==> Select and copy the bold lines below located between the two lines:
==> Only copy the lines indicated in bold below to the clipboard (highlight with the mouse and right-click copy from Script ZHPFix to the end Emptytemp)
__________________________________________________________
ZHPFix Script
ShortcutFix
Spybot - Search & Destroy v1.6.2
[MD5.896A1DB9A972AD2339C2E8569EC926D1] - (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088] [PID.2860]
O4 - GS\Desktop [BUN]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2637158324-2203775089-3494527545-1000\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 => Internet Explorer Allows Proxy Settings Remotely
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 => Disable Vista UIAccess applications (UAC)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 => The account "Administrator" is not subject to approvals
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake
[HKLM\Software\Classes\CLSID\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Orphan key
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook installer.) -- C:\Users\BUN\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2637158324-2203775089-3494527545-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook installer.) -- C:\Users\BUN\AppData\Local\Facebook\Update\FacebookUpdate.exe
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (...) -- C:\Users\BUN\AppData\Local\Temp\Quarantine.exe [350259]
O51 - MPSK:{f666b96b-a83b-11e2-af96-aad62ad0f81b}\AutoRun\command. (...) -- E:\Startme.exe (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Not Key.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <>[HKLM\..\Shell\open\Command] (.Not Key.)
[MD5.00000000000000000000000000000000] [APT] [{E413F927-DE1A-4190-937F-EEC5E589BFEF}] (...) -- C:\Users\BUN\Desktop\office2007sp2-kb953195-fullfile-fr-fr.exe (.not file.) [0] => Missing file
O45 - LFCP:[MD5.19A6EF32A1E5AEBE667BB14087E2B753] - 04/11/2013 - 21:31:35 ---A- - C:\Windows\Prefetch\SED.DAT-B4E9E4E5.pf => Prefetcher folder file
O51 - MPSK:{f666b96b-a83b-11e2-af96-aad62ad0f81b}\AutoRun\command. (...) -- E:\Startme.exe (.not file.) => Missing file
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (...) -- C:\Users\BUN\AppData\Local\Temp\Quarantine.exe [350259] => Temporary file not necessary
SysRestore
EmptyFlash
Hostfix
Firewallraz
EmptyTemp
______________________________________________________
==>Run ZHPFix (syringe icon) from the shortcut on your Desktop (if you are on Windows Vista or Windows 7, do it by right-clicking ==> Run as administrator)
- If you don't have it, download it from this link: https://www.zebulon.fr/telechargements/securite/systeme/zhpfix.html
==> Click on the icon representing the clipboard ("paste clipboard")
the script should automatically appear in ZHPFix, if not, paste it (Ctrl+v) image here
==> Click on the "GO" button to start the cleaning
==> Copy/paste the entire report in your next response.
==> https://www.cjoint.com/ Copy the link in your next response.
==> Let the tool work and do not touch anything ...
==> If you are asked to restart the PC to finish the cleaning, do it!
Restart the PC and post the report please.
>>> tutorial ZHPFix, How to use it <<<
--
** Go through your disinfection, even if you note an improvement after the first tools run **
2)
___________________________________________________________
/!\Attention custom script, do not reproduce on another computer risk of crashing/!\
Using the ZHPFix tool: Follow this procedure in the order indicated:
This script will target certain elements to delete :
==> Select and copy the bold lines below located between the two lines:
==> Only copy the lines indicated in bold below to the clipboard (highlight with the mouse and right-click copy from Script ZHPFix to the end Emptytemp)
__________________________________________________________
ZHPFix Script
ShortcutFix
Spybot - Search & Destroy v1.6.2
[MD5.896A1DB9A972AD2339C2E8569EC926D1] - (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088] [PID.2860]
O4 - GS\Desktop [BUN]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2637158324-2203775089-3494527545-1000\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 => Internet Explorer Allows Proxy Settings Remotely
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 => Disable Vista UIAccess applications (UAC)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 => The account "Administrator" is not subject to approvals
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake
[HKLM\Software\Classes\CLSID\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Orphan key
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook installer.) -- C:\Users\BUN\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2637158324-2203775089-3494527545-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook installer.) -- C:\Users\BUN\AppData\Local\Facebook\Update\FacebookUpdate.exe
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (...) -- C:\Users\BUN\AppData\Local\Temp\Quarantine.exe [350259]
O51 - MPSK:{f666b96b-a83b-11e2-af96-aad62ad0f81b}\AutoRun\command. (...) -- E:\Startme.exe (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Not Key.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <>[HKLM\..\Shell\open\Command] (.Not Key.)
[MD5.00000000000000000000000000000000] [APT] [{E413F927-DE1A-4190-937F-EEC5E589BFEF}] (...) -- C:\Users\BUN\Desktop\office2007sp2-kb953195-fullfile-fr-fr.exe (.not file.) [0] => Missing file
O45 - LFCP:[MD5.19A6EF32A1E5AEBE667BB14087E2B753] - 04/11/2013 - 21:31:35 ---A- - C:\Windows\Prefetch\SED.DAT-B4E9E4E5.pf => Prefetcher folder file
O51 - MPSK:{f666b96b-a83b-11e2-af96-aad62ad0f81b}\AutoRun\command. (...) -- E:\Startme.exe (.not file.) => Missing file
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (...) -- C:\Users\BUN\AppData\Local\Temp\Quarantine.exe [350259] => Temporary file not necessary
SysRestore
EmptyFlash
Hostfix
Firewallraz
EmptyTemp
______________________________________________________
==>Run ZHPFix (syringe icon) from the shortcut on your Desktop (if you are on Windows Vista or Windows 7, do it by right-clicking ==> Run as administrator)
- If you don't have it, download it from this link: https://www.zebulon.fr/telechargements/securite/systeme/zhpfix.html
==> Click on the icon representing the clipboard ("paste clipboard")
the script should automatically appear in ZHPFix, if not, paste it (Ctrl+v) image here
==> Click on the "GO" button to start the cleaning
==> Copy/paste the entire report in your next response.
==> https://www.cjoint.com/ Copy the link in your next response.
==> Let the tool work and do not touch anything ...
==> If you are asked to restart the PC to finish the cleaning, do it!
( this report is also saved in this folder > C:\Program files\ZHPDiag\ ZHPFixReport.txt )
Restart the PC and post the report please.
>>> tutorial ZHPFix, How to use it <<<
--
** Go through your disinfection, even if you note an improvement after the first tools run **
The computer has been restarted. Here is the report https://www.cjoint.com/c/CKfmT1EU8aw
Oh yes, and at the end of the analysis, an Antivir balloon popped up with something like "for your safety, we have blocked access to the host files."
Oh yes, and at the end of the analysis, an Antivir balloon popped up with something like "for your safety, we have blocked access to the host files."
ok ve ;)
Oh yes, and at the end of the analysis, an Antivir bubble opened where it said something like "for your security, we have blocked access to the host files"
no worries!
did you uninstall Spybot - Search?
==> Do you still have any issues? - otherwise we move on to the final phase "Uninstallation of cleaning tools"!
--
** Go all the way through your cleaning, even if you notice an improvement after the first tools have been run **
Oh yes, and at the end of the analysis, an Antivir bubble opened where it said something like "for your security, we have blocked access to the host files"
no worries!
did you uninstall Spybot - Search?
==> Do you still have any issues? - otherwise we move on to the final phase "Uninstallation of cleaning tools"!
--
** Go all the way through your cleaning, even if you notice an improvement after the first tools have been run **
not finished we're going to the final!
ok great it's off to the final ;)
we still have a few things to finalize, here’s the procedure =>
=>SFTGC: (simply allows you to delete temporary files.)
=>Download SFTGC.exe Save the file on your desktop.
=> SFTGC is compatible with XP, Vista, Windows 7, and 8 in 32 and 64 bits.
Under XP:
=> Double-click the file.
=> Under other versions of Windows:
=> Right-click the file and choose Run as administrator.
=> Begin the cleaning, click Go.
=> After the cleaning, a report will open.
=> The report is on the desktop (SFT.txt)
=> To post it, host it here => https://www.cjoint.com/
Important! If SFTGC prompts you to restart, please do so immediately. If not prompted, manually restart the machine anyway to ensure complete cleaning.
then: ==>
1)Uninstalling disinfecting tools
Download Delfix here Delfix
Run it as an administrator (if you are using XP, double-click the downloaded file) then once on the interface check the following boxes
=> Reactivate Uac (just for Vista, Seven, and W8)
=> Remove disinfecting tools (checked by default)
=> Reset system settings
=> purge system restore
Click then on Run and wait during the deletion process.
The report will be saved to the clipboard and on the hard drive (C:\DelFix.txt).
Post the report ==> https://www.cjoint.com/
2)Don't forget to update java adobe reader and flashplayer for IE (chrome already integrates it)
A useful link to read https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite java => https://www.java.com/fr/download/
Don't forget to keep Windows updated via Windows update
here is the official "adobe" link to download flashplayer ;) (except for google chrome which integrates directly
https://get.adobe.com/flashplayer/?loc=fr for the firefox version
http://get.adobe.com/fr/flashplayer/otherversions/ for other versions
==> Don't forget to uncheck Macfee!!!
3)To keep your software updated I recommend using Filehippo update checker
You can download it here https://www.commentcamarche.net/telecharger/utilitaires/9771-filehippo-app-manager/
For the installation of filehippo only uncheck the option to put the icon in the quick launch bar
4)To clean temporary files (note no registry cleaning) you can use Ccleaner with a tutorial to configure it properly (https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/#tutoriel-ccleaner
Download link https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
You can also use the windows disk cleaner
Don't forget to defragment your hard drive from time to time either through the utility or through third-party software like Defraggler or Auslogic Disk Defrag
Forget about cleaners like Tuneup, Glary and other miracle cleaners as they will only slow down your machine and cleaning too thoroughly can cause serious malfunctions
5)Secure your browsers for example with WOT and simple adblock for Internet Explorer
To download WOT for IE it's here https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
For simple adblock it's here http://simple-adblock.com/downloadpage/ (click on Download Installer and not the link below!)
For chrome (if you have Chrome)
WOT available here https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp?hl=fr
Adblock available here https://www.commentcamarche.net/telecharger/web-internet/2555-adblock-plus-pour-chrome/
Download link for WOT on firefox
https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/
Link to download adblock +
https://addons.mozilla.org/fr/firefox/addon/adblock-plus/?src=ss
6)Be careful about what you download and where
Try to avoid downloading from O1net, tom's guide, télécharger.com and Softonic and the like because they repackage software with potentially unwanted programs
To read
http://www.stoppublicites.fr/
https://www.malekal.com/adwares-pup-protection/
https://www.malekal.com/qvo6-en-v9-com-isafe-et-trojan-win32-staser/
7)Why you should avoid downloading on p2p
The risks are high your machine could become a zombie PC
A little reading about the dangers and risks
https://forum.malekal.com/viewtopic.php?t=3208&start=
https://forum.malekal.com/viewtopic.php?t=893&start=
https://www.commentcamarche.net/faq/2981-j-utilise-une-version-piratee-de-windows
sign up on the forum to mark the topic as resolved if you haven't already done so!
Don't forget to mark your topic as resolved thank you.=>
https://www.commentcamarche.net/infos/25917-forum-ccm-mode-d-emploi-marquer-mon-sujet-comme-resolu/
Be careful and happy surfing! Don't forget to mark your topic as resolved thank you.
--
** Go all the way through your disinfection, even if you notice an improvement after using the first tools **
ok great it's off to the final ;)
we still have a few things to finalize, here’s the procedure =>
=>SFTGC: (simply allows you to delete temporary files.)
=>Download SFTGC.exe Save the file on your desktop.
=> SFTGC is compatible with XP, Vista, Windows 7, and 8 in 32 and 64 bits.
Under XP:
=> Double-click the file.
=> Under other versions of Windows:
=> Right-click the file and choose Run as administrator.
=> Begin the cleaning, click Go.
=> After the cleaning, a report will open.
=> The report is on the desktop (SFT.txt)
=> To post it, host it here => https://www.cjoint.com/
Important! If SFTGC prompts you to restart, please do so immediately. If not prompted, manually restart the machine anyway to ensure complete cleaning.
then: ==>
1)Uninstalling disinfecting tools
Download Delfix here Delfix
Run it as an administrator (if you are using XP, double-click the downloaded file) then once on the interface check the following boxes
=> Reactivate Uac (just for Vista, Seven, and W8)
=> Remove disinfecting tools (checked by default)
=> Reset system settings
=> purge system restore
Click then on Run and wait during the deletion process.
The report will be saved to the clipboard and on the hard drive (C:\DelFix.txt).
Post the report ==> https://www.cjoint.com/
2)Don't forget to update java adobe reader and flashplayer for IE (chrome already integrates it)
A useful link to read https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite java => https://www.java.com/fr/download/
Don't forget to keep Windows updated via Windows update
here is the official "adobe" link to download flashplayer ;) (except for google chrome which integrates directly
https://get.adobe.com/flashplayer/?loc=fr for the firefox version
http://get.adobe.com/fr/flashplayer/otherversions/ for other versions
==> Don't forget to uncheck Macfee!!!
3)To keep your software updated I recommend using Filehippo update checker
You can download it here https://www.commentcamarche.net/telecharger/utilitaires/9771-filehippo-app-manager/
For the installation of filehippo only uncheck the option to put the icon in the quick launch bar
4)To clean temporary files (note no registry cleaning) you can use Ccleaner with a tutorial to configure it properly (https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/#tutoriel-ccleaner
Download link https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
You can also use the windows disk cleaner
Don't forget to defragment your hard drive from time to time either through the utility or through third-party software like Defraggler or Auslogic Disk Defrag
Forget about cleaners like Tuneup, Glary and other miracle cleaners as they will only slow down your machine and cleaning too thoroughly can cause serious malfunctions
5)Secure your browsers for example with WOT and simple adblock for Internet Explorer
To download WOT for IE it's here https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
For simple adblock it's here http://simple-adblock.com/downloadpage/ (click on Download Installer and not the link below!)
For chrome (if you have Chrome)
WOT available here https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp?hl=fr
Adblock available here https://www.commentcamarche.net/telecharger/web-internet/2555-adblock-plus-pour-chrome/
Download link for WOT on firefox
https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/
Link to download adblock +
https://addons.mozilla.org/fr/firefox/addon/adblock-plus/?src=ss
6)Be careful about what you download and where
Try to avoid downloading from O1net, tom's guide, télécharger.com and Softonic and the like because they repackage software with potentially unwanted programs
To read
http://www.stoppublicites.fr/
https://www.malekal.com/adwares-pup-protection/
https://www.malekal.com/qvo6-en-v9-com-isafe-et-trojan-win32-staser/
7)Why you should avoid downloading on p2p
The risks are high your machine could become a zombie PC
A little reading about the dangers and risks
https://forum.malekal.com/viewtopic.php?t=3208&start=
https://forum.malekal.com/viewtopic.php?t=893&start=
https://www.commentcamarche.net/faq/2981-j-utilise-une-version-piratee-de-windows
sign up on the forum to mark the topic as resolved if you haven't already done so!
Don't forget to mark your topic as resolved thank you.=>
https://www.commentcamarche.net/infos/25917-forum-ccm-mode-d-emploi-marquer-mon-sujet-comme-resolu/
Be careful and happy surfing! Don't forget to mark your topic as resolved thank you.
--
** Go all the way through your disinfection, even if you notice an improvement after using the first tools **
Here is the SFTGC report https://www.cjoint.com/c/CKgxltdls1t
And the DelFix Report https://www.cjoint.com/c/CKgxqGnhASK
Thank you for these recommendations, I've installed everything ^^
And the DelFix Report https://www.cjoint.com/c/CKgxqGnhASK
Thank you for these recommendations, I've installed everything ^^
Hello, could you also lend me a hand? I have exactly the same virus. I'm also wondering if it can spread through a simple USB-connected mouse. Thank you for keeping me updated!
Hello, I need help, I have a qualification at school next week :-/
here is my link. I followed the first comment: http://cjoint.com/?3BmqG3JtQys
here is my link. I followed the first comment: http://cjoint.com/?3BmqG3JtQys
# DelFix v10.6 - Report created on 02/13/2014 at 21:08:46
# Updated on 11/11/2013 by Xplode
# Username: HP - HP-PC
# Operating system: Windows 7 Ultimate Service Pack 1 (64 bits)
~ Removal of disinfection tools ...
Removed: C:\USBFix
Removed: C:\UsbFix [Scan 1] HP-PC.txt
Removed: C:\Users\HP\Desktop\UsbFix.lnk
Removed: C:\Users\HP\Desktop\UsbFix_Report.txt
Removed: C:\Users\HP\Downloads\usbfix.exe
Removed: HKCU\Software\USBFix
Removed: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix
~ Purge of system restore ...
Removed: RP #43 [Installed Microsoft Visual C++ 2005 Redistributable | 01/12/2014 17:07:15]
Removed: RP #44 [Scheduled restore point | 01/19/2014 17:43:06]
Removed: RP #45 [Scheduled restore point | 01/29/2014 16:10:36]
Removed: RP #46 [Scheduled restore point | 02/09/2014 15:11:18]
Removed: RP #47 [Installed Microsoft Visual C++ 2005 Redistributable (x64) | 02/13/2014 10:32:30]
Removed: RP #48 [Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 | 02/13/2014 10:33:46]
New restore point created!
########## - EOF - ##########
Here is my report
# Updated on 11/11/2013 by Xplode
# Username: HP - HP-PC
# Operating system: Windows 7 Ultimate Service Pack 1 (64 bits)
~ Removal of disinfection tools ...
Removed: C:\USBFix
Removed: C:\UsbFix [Scan 1] HP-PC.txt
Removed: C:\Users\HP\Desktop\UsbFix.lnk
Removed: C:\Users\HP\Desktop\UsbFix_Report.txt
Removed: C:\Users\HP\Downloads\usbfix.exe
Removed: HKCU\Software\USBFix
Removed: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix
~ Purge of system restore ...
Removed: RP #43 [Installed Microsoft Visual C++ 2005 Redistributable | 01/12/2014 17:07:15]
Removed: RP #44 [Scheduled restore point | 01/19/2014 17:43:06]
Removed: RP #45 [Scheduled restore point | 01/29/2014 16:10:36]
Removed: RP #46 [Scheduled restore point | 02/09/2014 15:11:18]
Removed: RP #47 [Installed Microsoft Visual C++ 2005 Redistributable (x64) | 02/13/2014 10:32:30]
Removed: RP #48 [Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 | 02/13/2014 10:33:46]
New restore point created!
########## - EOF - ##########
Here is my report
Here is the report https://www.cjoint.com/c/CKesU0Yh3sU