Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't remove WIN32/Injector.AFFI Trojan

Started by hbnew92 , May 01 2013 06:26 AM

  • Please log in to reply

#16
hbnew92
Posted 07 May 2013 - 11:29 PM

hbnew92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
this is the report,but the files are still shortcuts

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
user :: USER-PC [administrator]

8/5/2013 12:05:11 PM
mbam-log-2013-05-08 (12-05-11).txt

Scan type: Full scan (C:\|D:\|H:\|J:\|K:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 524206
Time elapsed: 59 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
H:\.Trashes.exe (Trojan.Inject) -> Quarantined and deleted successfully.
H:\.Trashes\48aa4276.scr (Backdoor.Bot) -> Quarantined and deleted successfully.
H:\.Trashes\b3fdadef.com (Trojan.Ranver) -> Quarantined and deleted successfully.
K:\.Trashes\b3fdadef.com (Trojan.Ranver) -> Quarantined and deleted successfully.

(end)
  • 0

Advertisements

#17
JSntgRvr
Posted 08 May 2013 - 10:12 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
I found this fix on the net:

Connect your pen/flash/external drive to your computer.
  • Go to Computer and check what drive it is assigned for example F: or G: drive. Lets assume its G: (replace it with correct letter as applicable in your case).
  • Click on “Start” –> type cmd on the search box and press CTRL+SHIFT+ENTER. This will start the command prompt.
  • Enter the following command and hit “Enter”.
  • attrib -H -R -S /S /D G:\*.* (Replace G with the letter assigned to your affected drive)
    Posted Image

Check if that solves the issue.
  • 0

#18
hbnew92
Posted 09 May 2013 - 06:42 AM

hbnew92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
thanks so much! tried this before, I think it's due to the virus that was still inside my computer, that's why the shortcuts keep reappearing. tried this again and it works! thank you so much :)
  • 0

#19
JSntgRvr
Posted 09 May 2013 - 11:03 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Congratulations.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

The following will implement some cleanup procedures as well as reset System Restore points:


  • Press the Windows key + R. At the Run command type or copy and paste the following:

    Combofix /uninstall


Run OTL. Click on the Cleanup button and follow the prompts.

Manually remove any tool left.

Here are some suggestions.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image
  • 0

#20
hbnew92
Posted 10 May 2013 - 10:15 AM

hbnew92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
thank you so much again :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP