User Tag List

Usb Virus

This is a discussion on Usb Virus within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi guys, so basically I have a few usb's which are infected with the folder virus, as in the folder


Closed Thread
 
Thread Tools Search this Thread
Old 03-16-2017, 01:24 PM   #1
Registered Member
 
Join Date: Jan 2011
Posts: 63
OS: Windows XP SP2



Hi guys, so basically I have a few usb's which are infected with the folder virus, as in the folder has become an .exe and I cannot view the files inside. Now I'm pretty sure it's in this laptop as well because I inserted the usb and used it.

Much thanks!

Here is the dds:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514
Run by fareed ali at 1:20:25 on 2017-03-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1022.160 [GMT 5:00]
.
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\fareed ali\AppData\Local\winlogon.exe
C:\Users\fareed ali\AppData\Local\services.exe
C:\Users\fareed ali\AppData\Local\lsass.exe
C:\Users\fareed ali\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\fareed ali\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\fareed ali\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe
C:\UsbFix\UsbFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\UsbFix\UsbFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\UsbFix\UsbFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uRun: [uTorrent] "c:\users\fareed ali\appdata\roaming\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Tok-Cirrhatus] "c:\users\fareed ali\appdata\local\smss.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Malwarebytes TrayApp] c:\program files\malwarebytes\anti-malware\mbamtray.exe
StartupFolder: c:\users\fareed ali\appdata\roaming\microsoft\windows\start menu\programs\startup\Empty.pif
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{44CC3E3C-AD27-4472-845B-D554415B0842} : DHCPNameServer = 10.101.10.5 10.101.10.10
TCP: Interfaces\{86F3D0D8-94D0-40B4-A881-D438BD1EC3E3} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\56.0.2924.87\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
============= SERVICES / DRIVERS ===============
.
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae.sys [2017-3-17 59968]
R2 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys [2017-3-17 161216]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
R3 MBAMFarflt;MBAMFarflt;c:\windows\system32\drivers\farflt.sys [2017-3-17 95672]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys [2017-3-17 39360]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-3-17 219584]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys [2017-3-17 64288]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S2 MBAMService;Malwarebytes Service;c:\program files\malwarebytes\anti-malware\MBAMService.exe [2017-3-17 3303888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-9 1343400]
.
=============== Created Last 30 ================
.
2017-03-16 20:17:20 448202 ----a-w- c:\users\fareed ali\appdata\local\Bron.tok.A12.em.bin
2017-03-16 20:16:44 448212 ----a-w- c:\users\fareed ali\appdata\local\Update.12.Bron.Tok.bin
2017-03-16 20:10:47 -------- d-----w- C:\UsbFix
2017-03-16 19:32:04 161216 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-03-16 19:31:52 95672 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-03-16 19:31:51 64288 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-03-16 19:31:38 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-03-16 19:31:32 219584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-03-16 19:30:40 59968 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-03-16 19:30:29 -------- d-----w- c:\programdata\Malwarebytes
2017-03-16 19:30:29 -------- d-----w- c:\program files\Malwarebytes
2017-03-16 19:29:43 -------- d-----w- c:\users\fareed ali\appdata\local\Programs
2017-03-16 19:11:06 -------- d-----w- c:\users\fareed ali\appdata\local\Bron.tok-12-17
2017-03-15 20:19:04 -------- d-----w- c:\users\fareed ali\appdata\local\Bron.tok-12-16
2017-03-15 10:40:05 -------- d-----w- c:\users\fareed ali\appdata\local\Bron.tok-12-15
2017-03-13 19:00:01 -------- d-----w- c:\users\fareed ali\appdata\local\Bron.tok-12-14
2017-03-12 19:14:07 -------- d-----w- c:\users\fareed ali\appdata\local\Bron.tok-12-13
2017-03-12 09:22:33 -------- d-----w- c:\users\fareed ali\appdata\local\Bron.tok-12-12
2017-03-11 10:55:51 -------- d-----w- c:\users\fareed ali\appdata\local\Microsoft Games
2017-03-10 19:25:03 -------- d-----w- c:\users\fareed ali\appdata\local\Loc.Mail.Bron.Tok
2017-03-10 19:24:23 -------- d-----w- c:\users\fareed ali\appdata\local\Ok-SendMail-Bron-tok
2017-03-10 19:19:01 -------- d-----w- c:\users\fareed ali\appdata\local\Bron.tok-12-11
2017-03-10 15:58:23 -------- d-----w- c:\users\fareed ali\appdata\roaming\uTorrent
2017-03-09 17:47:26 9992952 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{85b45b92-d33e-4dc5-b5f2-8c4555ba49fa}\mpengine.dll
2017-03-09 17:47:26 407720 ------w- c:\windows\system32\MpSigStub.exe
.
==================== Find3M ====================
.
.
============= FINISH: 1:21:17.86 ===============
Attached Files
File Type: txt attach.txt (1.7 KB, 25 views)
Shahzal is offline  
Sponsored Links
Advertisement
 
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trouble Getting ISO To Thumb Drive
Acer Aspire M1641 Vista Premium SP2 32 bit I have been trying to put Windows10_TechnicalPreview_x32_EN-US_9926.iso on a thumb drive, using the latest version of Rufus. I got an error message while using two perfectly good drives. After getting the error message when trying with a third drive,...
likekinds Removable Media Drives 79 02-19-2015 03:05 PM
Trojan Alureon Virus?
My WIN 7 Home Premium machine keeps losing internet access, and MS Security essentials identifies the Trojan as the Alureon Virus. I ran the DDS, but when I scan with GMER, my machine Blue Screens every time with the header "BAD_POOL_CALLER". DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet...
snhprepper Virus/Trojan/Spyware Help 1 02-12-2013 07:58 PM
Removed xp security 2012 & sys32 -still having issues want to make sure it's all gone
Hi and thanks in advance for the help Dell dimension e520 Win XP media edition SP2 Have a Dell Win xp media edition reinstallation CD Malwarebytes and Avira antivir for security latest updates and scans show no infections Had an xp security 2012 infection and a sys32 virus after digging...
Zappafrank Virus/Trojan/Spyware Help 214 01-09-2012 10:35 AM
PLEASE HELP Stubborn Malware
Hey, early this week these messages from a fake program called Security Guard 2012 started popping up, it wanted me to pay for it and it made fake blue screens and reboot screens..it also redirected sites sometimes, didn't let me use certain programs, wouldn't let McAfee Real-Time scanning stay on...
Mike_Jack's_Gal Inactive Malware Help Topics 16 10-28-2011 04:17 PM
[SOLVED] Yet Another Antivira Av Virus :(
so I've gotten this virus Antivira Av that will pop up and say that I'm under attack... obviously fake. right now I'm in safe mode as i can't open anything other than the internet without Antivira closing it out. I couldn't find a save button for the Gmer log, so if necessary i can run it again...
chuckles3 Resolved HJT Threads 22 03-05-2011 10:39 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:09 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts