Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Shorcut file malware??

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Shorcut file malware??

Unread postby Hpa123 » March 24th, 2012, 9:14 am

Hello, i would like some assistance regarding an issue. My problem, Connecting external devices like External Hard discs and pendrive, it keeps creating a shourcut file and hides the original file, here is an example of target location currently infected with it.

%windir%\system32\cmd.exe /c "start %cd%RECYCLER\18cb2562.exe &&%windir%\explorer.exe %cd%Minecraft


ComboFix 12-03-22.01 - aaa 24-Mar-12 5:37.1.2 - x86
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.1.1033.18.2047.1016 [GMT 5.5:30]
Running from: c:\users\aaa\Downloads\Programs\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\aaa\AppData\Local\assembly\tmp
c:\users\aaa\AppData\Local\TempDIR
c:\users\aaa\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\aaa\AppData\Roaming\chrtmp
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc64.dll
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
K:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2019-08-20 05:43 . 2019-11-27 19:29 -------- d-----w- c:\users\aaa\AppData\Local\ElevatedDiagnostics
2012-03-24 00:16 . 2012-03-24 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-23 21:41 . 2012-03-23 21:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-23 21:41 . 2011-12-10 09:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 06:52 . 2012-03-21 06:52 -------- d-----w- c:\users\aaa\AppData\Local\BigHugeEngine
2012-03-20 05:35 . 2012-03-20 05:35 -------- d-----w- C:\Ikinari Osananajimi
2012-03-20 05:33 . 2012-03-20 05:34 -------- d-----w- C:\Minamoto-kun Monogatari
2012-03-15 08:40 . 2012-03-15 08:40 -------- d-----w- C:\Unbalance X Unbalance
2012-03-15 08:10 . 2012-03-15 08:43 -------- d-----w- C:\Rika
2012-03-15 07:31 . 2012-03-15 07:48 -------- d-----w- C:\Mahou no Iroha!
2012-03-15 06:38 . 2012-03-15 10:21 -------- d-----w- C:\Archlord
2012-03-15 00:22 . 2012-03-15 00:22 -------- d-----w- c:\program files\Common Files\Steam
2012-03-15 00:22 . 2012-03-24 00:07 -------- d-----w- c:\program files\Steams
2012-03-14 23:17 . 2012-03-21 08:26 -------- d-----w- c:\users\UpdatusUser
2012-03-14 23:15 . 2012-02-29 23:59 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-14 23:15 . 2012-02-29 23:59 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-14 23:15 . 2012-02-29 23:59 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-14 23:15 . 2012-02-29 23:59 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-14 23:15 . 2012-02-29 23:59 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-03-14 23:15 . 2012-02-29 23:59 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-14 23:15 . 2012-02-29 23:59 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-14 09:34 . 2012-03-14 09:34 -------- d-----w- C:\found.000
2012-03-03 09:26 . 2012-03-05 10:11 -------- d-----w- C:\ID
2012-03-03 08:53 . 2012-03-03 09:00 -------- d-----w- C:\Onikirisama No Hakoirimusume
2012-03-03 08:38 . 2012-03-03 08:50 -------- d-----w- C:\Umi No Misaki
2012-02-29 07:56 . 2012-02-29 07:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-28 07:36 . 2012-02-28 08:09 -------- d-----w- C:\Omamori Himari
2012-02-25 12:42 . 2012-02-25 12:42 -------- d-----w- C:\Pokemon Black & White PC[Hyperdrive25]
2012-02-25 12:37 . 2012-03-24 04:20 -------- d-----w- C:\Downloads
2012-02-23 15:32 . 2012-02-23 15:56 -------- d-----w- C:\Seikoku No Ryuu Kishi
2012-02-23 15:11 . 2012-02-23 15:17 -------- d-----w- C:\Onihime VS
2012-02-23 15:10 . 2012-02-23 15:12 -------- d-----w- C:\Nyankoi!
2012-02-23 13:38 . 2012-02-23 14:07 -------- d-----w- C:\Hekikai no AiON
2012-02-23 13:30 . 2012-02-23 14:58 -------- d-----w- C:\Dragon Who
2012-02-23 12:33 . 2012-02-23 13:26 -------- d-----w- C:\Momoiro Sango
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 23:59 . 2011-09-04 08:56 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:59 . 2011-09-04 08:56 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2011-09-04 08:56 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:59 . 2009-07-13 22:09 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59 . 2009-06-10 21:19 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 20:56 . 2011-09-04 08:56 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2011-09-04 08:56 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2011-09-04 08:56 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-09-04 08:56 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2011-09-04 08:56 62272 ----a-w- c:\windows\system32\nvshext.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-04-04 3278232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-13 39408]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-08-18 67456]
"Steam"="c:\program files\Steams\steam.exe" [2012-03-15 1242448]
"Steam"="c:\program files\Steams\steam.exe" [2012-03-15 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-08-15 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Razer Naga Driver"="c:\program files\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 135664]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 135664]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-13 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-13 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-08-15 136360]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-03-28 86792]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 103424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 06:07]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 06:07]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1875463198-1878521284-4275246811-1000Core.job
- c:\users\aaa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-13 06:07]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1875463198-1878521284-4275246811-1000UA.job
- c:\users\aaa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-13 06:07]
.
2012-03-24 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\smartd~1\Messages\SDNotify.exe [2011-12-18 18:22]
.
.
------- Supplementary Scan -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{33A22B2D-55BA-4508-B767-BF2E9C21A73F} - c:\program files (x86)\InstallShield Installation Information\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}\setup.exe
.
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bdbybz"="c:\\Users\\aaa\\AppData\\Roaming\\Bdbybz.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1875463198-1878521284-4275246811-1000_Classes\CLSID\{017900f3-dc7e-4318-97f8-7651578f8fde}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e8
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,3d,f6,71,65,13,40,c1,17,05,5d,b7,6b,69,6e,15,db,b0,3e,d7,50,a3,8d,\
.
[HKEY_USERS\S-1-5-21-1875463198-1878521284-4275246811-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):b3,04,2c,73,32,71,72,f8,89,e9,34,3c,03,83,3c,68,ca,06,63,f5,1e,
11,75,d0,b4,53,f0,6a,7c,6a,4c,d9,04,cd,30,9d,8e,a5,33,8d,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-24 05:52:54
ComboFix-quarantined-files.txt 2012-03-24 00:22
.
Pre-Run: 30,828,048,384 bytes free
Post-Run: 30,679,367,680 bytes free
.
- - End Of File - - 11EB41EC044356C1B95E852AA163DBD8
Hpa123
Active Member
 
Posts: 1
Joined: March 24th, 2012, 8:59 am
Advertisement
Register to Remove

Re: Shorcut file malware??

Unread postby NonSuch » March 24th, 2012, 3:16 pm

ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own is to court disaster for your computer. Please stop all attempts at self-fixes for your system's issues as that may only confuse the issue further and cause additional problems as well.

In order for us to help you it is necessary that you provide us with a DDS log. Please follow the guideline at the link below to start a new topic and post your log. Also include your ComboFix log in the same post.

This topic is now closed. Please start a new topic by following the Guideline posted here: >Guideline for posting your DDS log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware