Shortcut Virus infection

[Ugex]

Hello,

 

i have a laptop that is infected by a shortcut virus.

it appears that it's the cause of a my previous problem. as per :

it also suffers from the same symptoms as the link above, with the difference that the device in this case is running windows 8.1 x64

what should i do?

 

Thank you in advance,

Ugex

[Valinorum]

Post the logs after perusing this thread.  

[Ugex]

i can't run any antimalware software, nor FRST....i would try to run FRST through the recovery enviornment but i don't know how to do so on windows 8.1

any ideas?

[Valinorum]

Can you run from Safe Mode? Boot into Safe Mode by following this article.

[Ugex]

Hello,

FRST worked!, here is the log.

FRST.txt

Edit: forgot to mention, i was unable to run msconfig.exe for some reasonm i booted in safe mode from the second method

Edited February 22, 2017 by Ugex

[Valinorum]

is this a pirated version of Windows OS?

• Step #1 Fix with FRST
  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
  •  
  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --
    

    Start
    CreateRestorePoint:
    CloseProcesses:
    EmptyTemp:
    HKU\S-1-5-21-742594365-2421037321-3923363439-1001\...\MountPoints2: {22043414-edf1-11e6-82a9-9cb70d287112} - "G:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-742594365-2421037321-3923363439-1001\...\MountPoints2: {82a3a3fb-0f30-11e6-82a2-9cb70d287112} - "G:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-742594365-2421037321-3923363439-1001\...\MountPoints2: {82a3a45e-0f30-11e6-82a2-9cb70d287112} - "G:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-742594365-2421037321-3923363439-1001\...\MountPoints2: {8baa0d01-986f-11e6-82a7-9cb70d287112} - "G:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-742594365-2421037321-3923363439-1001\...\MountPoints2: {8fa1cf66-077e-11e4-8264-9cb70d287112} - "G:\Windows\AutoRun.exe" 
    HKU\S-1-5-21-742594365-2421037321-3923363439-1001\...\MountPoints2: {8fa1cfd8-077e-11e4-8264-9cb70d287112} - "G:\Windows\AutoRun.exe" 
    HKU\S-1-5-21-742594365-2421037321-3923363439-1001\...\MountPoints2: {fa328aff-fe1c-11e3-825d-9cb70d287112} - "G:\Windows\AutoRun.exe" 
    Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\atajo.lnk [2017-02-22]
    ShortcutTarget: atajo.lnk -> C:\Users\user\AppData\Roaming\oisysn\hdnfk.exe (Microsoft Corporation)
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    C:\Users\user\AppData\Roaming\oisysn\
    	End

  • Click on File > Save as...
    
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
    
    • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.

[AdvancedSetup]

Are you still with us? This topic will be closed soon if we do not hear back from you.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!