Files turned into shortcuts on USB drive
Solved
DB10123
-
Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention -
Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention -
Hello,
Since I used my USB drive on a public computer, all the folders it contains have turned into shortcuts.
So, when I click on one of them, a Windows dialog box briefly appears, closes, and finally my folder opens in a new window (however, the folders and files contained within this famous folder are not in the form of a shortcut).
After some research on Google, it seems that this is due to a virus and that, having used my USB drive on my laptop, it might also be infected...
However, I have noticed that there is often a "particular diagnosis" specific to each case that allows one to permanently get rid of this virus, whether on a USB drive or a computer.
That's why I am seeking your help; could someone guide me through the various steps to restore the shortcuts to folders on my USB drive and to get rid of this virus once and for all?
Thank you in advance!
Since I used my USB drive on a public computer, all the folders it contains have turned into shortcuts.
So, when I click on one of them, a Windows dialog box briefly appears, closes, and finally my folder opens in a new window (however, the folders and files contained within this famous folder are not in the form of a shortcut).
After some research on Google, it seems that this is due to a virus and that, having used my USB drive on my laptop, it might also be infected...
However, I have noticed that there is often a "particular diagnosis" specific to each case that allows one to permanently get rid of this virus, whether on a USB drive or a computer.
That's why I am seeking your help; could someone guide me through the various steps to restore the shortcuts to folders on my USB drive and to get rid of this virus once and for all?
Thank you in advance!
4 réponses
yes =)
It is strongly recommended to disable VBS / WSH scripts, as explained in the file: Malware VBS/WSH/Windows Script Host
The rest of the security: http://forum.malekal.com/comment-securiser-son-ordinateur.html
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
It is strongly recommended to disable VBS / WSH scripts, as explained in the file: Malware VBS/WSH/Windows Script Host
The rest of the security: http://forum.malekal.com/comment-securiser-son-ordinateur.html
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Hello,
Your infection is indeed one that spreads through removable drives (USB keys, external hard drives, flash cards, etc.).
The removable drives that you inserted into the computer when it was infected have been infected in turn.
Simply opening My Computer and double-clicking on your USB key/external hard drive will reinfect your system.
You will find an explanatory link on the propagation of these infections, how to protect yourself, etc., from the following links:
Understanding infections through removable drives: https://forum.malekal.com/viewtopic.php?t=3350&start=
You now need to clean your USB keys/external hard drives.
Be sure to follow the tutorial in order: insert your USB keys and external hard drive that you have to clean.
Post the reports on http://pjjoint.malekal.com and provide the addresses.
Connect all your USB keys and other removable devices.
Download Remediate VBS Worm: https://forum.malekal.com/viewtopic.php?t=48588&start=
Run option A
then restart the program, run option B.
Type the letter of the USB key, for example, E and press enter - DO NOT INDICATE THE DRIVE OF YOUR DISK.
This will clean the USB key.
Similarly, open My Computer then drive C, there should be a Rem-VBS.log report there, provide the content here.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left.
Your infection is indeed one that spreads through removable drives (USB keys, external hard drives, flash cards, etc.).
The removable drives that you inserted into the computer when it was infected have been infected in turn.
Simply opening My Computer and double-clicking on your USB key/external hard drive will reinfect your system.
You will find an explanatory link on the propagation of these infections, how to protect yourself, etc., from the following links:
Understanding infections through removable drives: https://forum.malekal.com/viewtopic.php?t=3350&start=
You now need to clean your USB keys/external hard drives.
Be sure to follow the tutorial in order: insert your USB keys and external hard drive that you have to clean.
Post the reports on http://pjjoint.malekal.com and provide the addresses.
Connect all your USB keys and other removable devices.
Download Remediate VBS Worm: https://forum.malekal.com/viewtopic.php?t=48588&start=
Run option A
then restart the program, run option B.
Type the letter of the USB key, for example, E and press enter - DO NOT INDICATE THE DRIVE OF YOUR DISK.
This will clean the USB key.
Similarly, open My Computer then drive C, there should be a Rem-VBS.log report there, provide the content here.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left.
oki, for checking the computer:
Follow the FRST tutorial.
(and make sure to take the time to read in order to apply it correctly - everything is explained there).
Download and run the FRST scan, it will generate three FRST reports:
Send, as explained, these three reports to the site http://pjjoint.malekal.com and in return provide the three pjjoint links leading to the reports here in a new reply so that we can consult them.
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Follow the FRST tutorial.
(and make sure to take the time to read in order to apply it correctly - everything is explained there).
Download and run the FRST scan, it will generate three FRST reports:
- FRST.txt
- Shortcut.txt
- Additionnal.txt
Send, as explained, these three reports to the site http://pjjoint.malekal.com and in return provide the three pjjoint links leading to the reports here in a new reply so that we can consult them.
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Two antivirus programs are useless except for causing problems and slowing down the computer.
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
Here’s the fix to perform with FRST.
You can refer to this explanatory note with screenshots to help you: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix
Open Notepad: Press Windows + R, in the run field, type notepad and OK.
Copy/paste the following into it:
HKU\S-1-5-21-541518943-239913646-3126759647-1000\...\Run: [winlogon] => C:\Users\Damien\AppData\Local\Temp\winlogon.bat [82 2015-11-30] () <===== ATTENTION
reg: reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings" /v Enabled /d 0 /f
reg: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings" /v Enabled /d 0 /f
Reboot:
Once you have pasted the text into Notepad.
File menu then Save As.
On the left, navigate to the desktop.
In the bottom field, file name put: fixlist.txt
Click on Save - this will create a fixlist.txt file on the desktop.
Restart FRST and click the Fix button
Depending on how it goes, a reboot may be necessary (not mandatory).
A text file appears, copy/paste the content here in a new message.
Restart the computer
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
Here’s the fix to perform with FRST.
You can refer to this explanatory note with screenshots to help you: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix
Open Notepad: Press Windows + R, in the run field, type notepad and OK.
Copy/paste the following into it:
HKU\S-1-5-21-541518943-239913646-3126759647-1000\...\Run: [winlogon] => C:\Users\Damien\AppData\Local\Temp\winlogon.bat [82 2015-11-30] () <===== ATTENTION
reg: reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings" /v Enabled /d 0 /f
reg: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings" /v Enabled /d 0 /f
Reboot:
Once you have pasted the text into Notepad.
File menu then Save As.
On the left, navigate to the desktop.
In the bottom field, file name put: fixlist.txt
Click on Save - this will create a fixlist.txt file on the desktop.
Restart FRST and click the Fix button
Depending on how it goes, a reboot may be necessary (not mandatory).
A text file appears, copy/paste the content here in a new message.
Restart the computer
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
You can remove the winlogon.bat.
The System Volume Information normally contains system restore folders.
If you have enabled the display of hidden & system files, remove it: https://www.commentcamarche.net/informatique/windows/185-afficher-les-extensions-et-les-fichiers-caches-sous-windows/
The System Volume Information normally contains system restore folders.
If you have enabled the display of hidden & system files, remove it: https://www.commentcamarche.net/informatique/windows/185-afficher-les-extensions-et-les-fichiers-caches-sous-windows/