Jump to content

USB unknown path


Recommended Posts

Hi

Im running windows Vista home premium 32bit OS.

Yesterday I had my USB inserted at a computer in a printing shop. The next thing after inserting the same USB at my own PC, when I clicked on the icon, a new window appeared containing only a shortcut to the contents of my USB. I got confused and so I check on the properties of that shortcut and the target file location is set to %homedrive%\WINDOWS\System32\rundll32.exe 4#FOUCXCKHWSY.ini,    rundll32

 

I got annoyed and so I formatted that USB using quick format. At first after the USB got formatted, I created a new folder to check whether the problem still persist and got glad that it does not. However, when I plugged that USB to my desktop PC, the problem started again. Ive formatted my USB several times however it solves nothing. I checked the drive for errors and found nothing. That USB is a 4GB Sandisk flash drive and got infected by a virus which I forgot the name last week. I though that maybe the virus still has an after effect on my USB. any help will do to fix my USB.

 

By the way my desktop PC is a windows 7 Ultimate 32Bit OS and the PC on the printing shop is a public computer running at windows XP. (which I assume my USB got infected by a virus there)

 

I attached a report from Rogue killer and RKill from my own PC running at Windows Vista Home Premium OS

post-142661-0-81441500-1373528689_thumb.

post-142661-0-78972100-1373528692_thumb.

post-142661-0-89350400-1373528696_thumb.

post-142661-0-84969700-1373528698_thumb.

Rkill.txt

RKreport0_S_07112013_155042.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
Looks like you´re a lucky guy - let´s check:
 
 
Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

 

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Link to post
Share on other sites

ESET Online scan found 2 threats and the scanning is still in progress... should I remove those threats after the scan finishes or shoild I rather leave it as is and reply the scan log?

Link to post
Share on other sites

ESET

C:\Users\Eternity\Downloads\Programs\FreeVideoConverterInstall.exe a variant of Win32/Somoto.A application

C:\Users\Eternity\Downloads\Programs\FreeVideoFlipAndRotate.exe Win32/OpenCandy application
 
MBAM
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.11.02
 
Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Eternity :: TIU-BROTHERS [administrator]
 
7/11/2013 5:57:48 PM
MBAM-log-2013-07-11 (19-50-51).txt
 
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300150
Time elapsed: 1 hour(s), 52 minute(s), 47 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Eternity\Downloads\Compressed\P.I.D.M.6.15.11.ZR.rar (PUP.Hacktool.Patcher) -> No action taken.
 
(end)
 
Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.07.11.02

 

Windows Vista x86 NTFS

Internet Explorer 7.0.6000.16982

Eternity :: TIU-BROTHERS [administrator]

 

7/11/2013 5:57:48 PM

mbam-log-2013-07-11 (17-57-48).txt

 

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 300150

Time elapsed: 1 hour(s), 52 minute(s), 47 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Users\Eternity\Downloads\Compressed\P.I.D.M.6.15.11.ZR.rar (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

 

(end)
Link to post
Share on other sites

C:\Users\Eternity\Downloads\Programs\FreeVideoConverterInstall.exeC:\Users\Eternity\Downloads\Programs\FreeVideoFlipAndRotate.exe C:\Users\Eternity\Downloads\Compressed\P.I.D.M.6.15.11.ZR.rar

Delete those files.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

# AdwCleaner v2.305 - Logfile created 07/12/2013 at 19:08:16

# Updated 11/07/2013 by Xplode

# Operating system : Windows Vista Home Premium  (32 bits)

# User : Eternity - TIU-BROTHERS

# Boot Mode : Normal

# Running from : C:\Users\Eternity\Downloads\Programs\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v7.0.6000.16982

 

[OK] Registry is clean.

 

*************************

 

AdwCleaner[R1].txt - [922 octets] - [12/07/2013 19:07:09]

AdwCleaner[s1].txt - [858 octets] - [12/07/2013 19:08:16]

 

########## EOF - C:\AdwCleaner[s1].txt - [917 octets] ##########

 

 

 

 

Results of screen317's Security Check version 0.99.68  

 Windows Vista  x86 (UAC is enabled)  


 Internet Explorer 7 Out of date! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

 Windows Firewall Enabled!  

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 CCleaner     

 Java 7 Update 25  

 Adobe Flash Player 9 Flash Player out of Date! 

 Adobe Flash Player 11.7.700.224  

 Adobe Reader 10.1.7 Adobe Reader out of Date!  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 29 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

I always install the update (SP1) for Windows Vista and the computer says installed successful however, every time I restart and run winver, My OS is still not running SP1 :((

 

also my USB problem is fixed already

Link to post
Share on other sites

System File Check

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"
  • Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Link to post
Share on other sites

errors were found but has not been fixed... it also said that a log can be found at windows>logs>cbs.log .... however when I tried to open it access is denied..

Link to post
Share on other sites

Please download Windows Repair (all in one) from here.

Install the program then run it.

Go to step 2 and allow it to run Disk check.

Capture3.gif

Once that is done then go to step 3 and allow it to run SFC by clicking Do it

Capture.gif


On the Start Repairs tab, click Start.
Within the opening window, hit unselect all.
Check only the following:



  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair Windows Firewall
  • Repair Windows Updates



then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know how that worked out for you.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.