Solved .Trashes Virus

[Abdelrahman Ibrahim]

My drive got infected by the virus (.Trashes) it hides all the contents inside a hidden folder named (.Trashes) contains hidden folder named (560) and make shortcuts for every thing instead of the org. one plus another shortcut called System Volume Information but it doesn't move it of course.

 

[argus]

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[Abdelrahman Ibrahim]

It doesn't start, or to be more specific something close it directly after I double click it! so ?!

 

[argus]

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download new version to desktop

 

[argus]

Disable AV

http://www.bleepingcomputer.com/forums/topic114351.html

 

[argus]

Scan with McSield

Please download McShield by dr_bora and save it to your desktop.

• Install it on your machine.
• It will initially run a scan and show the result as a toaster by the system clock.
• Start the Control Centre by clicking on the
  
  icon in your system tray.
• Go to the Scanner tab and tick unhide items on flash drives.
• Plug in the drive and McShield will start a scan.
• A logfile of this scan may be found in the Logs tab of the main screen.

Please include that log in your next reply.

 

[Abdelrahman Ibrahim]

The same thing happens after disabling the security prog, both of farbar ver. and McShield processes get terminated after it start the initial window, btw msconfig cmd is not executing at all!, do you recommend to try with safe mode (with/without) networking?!

 

[argus]

do you recommend to try with safe mode (with/without) networking?!

try.

 

[Abdelrahman Ibrahim]

Worked from safemode with networking!

 

[argus]

Uninstall
Ask Toolbar



Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

• Baidu
• ESET NOD32

Uninstallation procedure:

• Press the
  
  + R on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for each uninstalled entry, right-click it and select Uninstall.

This should be done until any other steps will be taken.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Abdelrahman Ibrahim]

Btw the problem solved with the McShield thx a lot, do I still need to make the fix file or not ?
and could you learn me what you did in order to solve this issue ?

 

[Abdelrahman Ibrahim]

I mean in that fixlist txt

 

[argus]

Attach here Fixlog and MCShield log.

 

[Abdelrahman Ibrahim]

OMG the fix you told me to do, broke down the windows and i can't log to the windows even to safemode...
what did you done to my system bro ? I'm trusting you btw!

 

[argus]

Btw the problem solved with the McShield thx a lot, do I still need to make the fix file or not ?
and could you learn me what you did in order to solve this issue ?

i dont understad what you did? i just told you to give me a logs, what is the problem now?

 

[Abdelrahman Ibrahim]

after I put the fixlist in the same folder of the farber scan tool and pressed Fix, it finshed and told me press ok to restart. after pressing ok, the windows won't open at all.

 

[argus]

Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
  
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• Wait for the CD to detect your hardware and load the operating system
• Your system should now display a Reatogo desktop
  Note : as you are running from CD it is not exactly speedy
• Insert the USB with FRST
• Locate the flash drive with FRST and double click
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Copy Windows Explorer.lnk into the Search: field in FRST then click the Search Files button.
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
• Please attach it to your reply.

 

[Abdelrahman Ibrahim]

right now ive burned win 7 to my flash memory and made the boot from the usb and i tried to repair win .. but the problem still .. now i have another option to upgarde newr ver and keep files, settings, and programs!
so do you recommend to make the upgrade option or your previous comment steps ?!

 

[Abdelrahman Ibrahim]

can we speak on Skype or WhatsApp or Viber ?

 

[argus]

Windows Explorer.lnk is problem, we will try to bring him back.