Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't remove WIN32/Injector.AFFI Trojan


  • Please log in to reply

#16
hbnew92

hbnew92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
this is the report,but the files are still shortcuts

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
user :: USER-PC [administrator]

8/5/2013 12:05:11 PM
mbam-log-2013-05-08 (12-05-11).txt

Scan type: Full scan (C:\|D:\|H:\|J:\|K:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 524206
Time elapsed: 59 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
H:\.Trashes.exe (Trojan.Inject) -> Quarantined and deleted successfully.
H:\.Trashes\48aa4276.scr (Backdoor.Bot) -> Quarantined and deleted successfully.
H:\.Trashes\b3fdadef.com (Trojan.Ranver) -> Quarantined and deleted successfully.
K:\.Trashes\b3fdadef.com (Trojan.Ranver) -> Quarantined and deleted successfully.

(end)
  • 0

Advertisements


#17
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
I found this fix on the net:

Connect your pen/flash/external drive to your computer.
  • Go to Computer and check what drive it is assigned for example F: or G: drive. Lets assume its G: (replace it with correct letter as applicable in your case).
  • Click on “Start” –> type cmd on the search box and press CTRL+SHIFT+ENTER. This will start the command prompt.
  • Enter the following command and hit “Enter”.
  • attrib -H -R -S /S /D G:\*.* (Replace G with the letter assigned to your affected drive)
    Posted Image

Check if that solves the issue.
  • 0

#18
hbnew92

hbnew92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
thanks so much! tried this before, I think it's due to the virus that was still inside my computer, that's why the shortcuts keep reappearing. tried this again and it works! thank you so much :)
  • 0

#19
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
Congratulations.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

The following will implement some cleanup procedures as well as reset System Restore points:


  • Press the Windows key + R. At the Run command type or copy and paste the following:

    Combofix /uninstall


Run OTL. Click on the Cleanup button and follow the prompts.

Manually remove any tool left.

Here are some suggestions.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image
  • 0

#20
hbnew92

hbnew92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
thank you so much again :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP