Shortcut Virus! That Bastard!

Discussion in 'Software Discussion' started by Hy-Def, Jul 1, 2016.

  1. Hy-Def

    Hy-Def Chubbychu. (AKA Pikachu-bby (AKA Pikachu-BBW))

    Messages:
    3,325
    Likes Received:
    188
    Hey folks.

    Trying to fix up a girl's laptop. She's got the Shortcut Virus. I'm typically experienced with it, using USBFix to clear it out like a charm, but there were some complications this time around.

    THe log indicated that the offending file wasn't deleted. I located the file from the log, and attempted to delete it. No bacon. Using Unlocker, I did that.

    There was also a Registry Key making reference to it, so I deleted that too.

    After that, the scan came up with 0 infected items, but reconnecting the flash, or connecting any external media, will suddenly spawn the virus out of (supposedly) nowhere, to claim the removable drive.

    Any idea folks? Avast doesn't catch anything.

    Perhaps Malwarebytes? Or any better remedy? Cuz there's obviously somewhere on the drive that the virus still is, and even the USBFix program can't fix.

    Thanks folks.
  2. NGEmu.com Advertisement

  3. shinra358

    shinra358 Member

    Messages:
    1,067
    Likes Received:
    47
    can't believe ppl still get viruses on win7 and above after UAC :p
    I use superantispyware, malwarebytes antimalware, and microsoft security essentials and I haven't had a virus problem since 2005. Keep the drives in and do a full system scan with everything while disconnected from the net and your body will be ready.
    Hy-Def likes this.
  4. u3L05 vh9jV

    u3L05 vh9jV ...

    Messages:
    98
    Likes Received:
    9
    This only works in certain variants...

    Code:
    echo off
    :ab
    cls
    set ac=
    for /f "tokens=2*" %%a in ('reg query "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load 2^>nul ^| find /i "REG_"') do set ac=%%b
    if defined ac (
    title WARNING!
    color 0e
    if exist "%ac%"(
    color 4f
    echo %ac%
    taskkill /im msiexec.exe /f
    attrib -r -s -h "%ac%"
    del "%ac%"
    )
    reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f
    if errorlevel 1 echo Inherited permissions on registry keys is needed.
    pause
    goto ab)
    echo Nothing...
    pause
    exit
    
    Good luck.

    Edit: I can't use "@echo off" in the code... it's a bug?
    Last edited: Jul 3, 2016
    Hy-Def and Gladiator@ like this.
  5. Hy-Def

    Hy-Def Chubbychu. (AKA Pikachu-bby (AKA Pikachu-BBW))

    Messages:
    3,325
    Likes Received:
    188
    Unfortunately, where I live, people are still very amateur with the computer stuff. I don't know where they get them from, but I'll try Malwarebytes out. Although she's lived with the virus for nearly a year. Figures.
  6. Hard core Rikki

    Hard core Rikki Super Moderator Staff Member Award Winner!

    Messages:
    12,913
    Likes Received:
    311
    Make sure to get at least a quick run with EmsisoftEmergencyKit (portable version) and SupaerAntiSpyware.

    But seriously, if it's too sticky, the quickest fix would be to salvage the personal data (files, photos, passwords) and reinstall the OS on a fully reformatted partition. Just don't forget to fully clean other partitions or format them too, as residues of infections can be hidden is alternate streams.
    Hy-Def likes this.
  7. Hy-Def

    Hy-Def Chubbychu. (AKA Pikachu-bby (AKA Pikachu-BBW))

    Messages:
    3,325
    Likes Received:
    188
    Thanks everyone! SuperAntiSpyware seemed to do the trick!
  8. shinra358

    shinra358 Member

    Messages:
    1,067
    Likes Received:
    47
    Cool. You still shoulda used the rest just in case. Some have better techniques than the others. Also, be sure to check your msconfig to see if there are any ghost startup entries and delete the suspicious ones. Just to reaffirm. Some viruses like hide stuff so it can easily find it's way back. Leave them porn site alone! xD j/k
    Hy-Def likes this.
  9. Hy-Def

    Hy-Def Chubbychu. (AKA Pikachu-bby (AKA Pikachu-BBW))

    Messages:
    3,325
    Likes Received:
    188
    I'll do that right away. Thanks dude.

    Leave that site???

    But it's the best for cross dressing shemale midget porn!
    shinra358 likes this.
  10. shinra358

    shinra358 Member

    Messages:
    1,067
    Likes Received:
    47
    lol. lastly, a cclean wouldn't hurt when all the scanning is done ;)
    But that's up to you. Make sure you go through and select what it gets rid of though. You don't want it to erase all your saved browser passwords.
    Hy-Def likes this.

Share This Page