ESET Smart Security can't protect me from .lnk malware
- Thread starter Maxxx58
- Start date
- Status
- Jul 16, 2014
- 443
Then open a thread in the removal section asap!Just pluged in new USB and it has the same problem with both USB before
I'm sure that my machine got infected
http://malwaretips.com/forums/malware-removal-assistance.10/
(I'm not a huge fan of "removing" malware but this one seems easy enough...)
Last edited:
- Dec 20, 2014
- 619
Hi yigido,
Thanks very much for supporting me. My files in my USB don't important, so I don't care if they lost. But my problem is my computer is infected and when I plug USB in, all file in that computer will turn to USB shorcut
I will tell you what you have to do. It is very easy to solve problem. My many of friends had this issue before.Hi yigido,
Thanks very much for supporting me. My files in my USB don't important, so I don't care if they lost. But my problem is my computer is infected and when I plug USB in, all file in that computer will turn to USB shorcut
Easy way is open a new topic on malware removal. I have to go out now sorry for this, you have no luck
- Dec 20, 2014
- 619
PM sent!I will tell you what you have to do. It is very easy to solve problem. My many of friends had this issue before.
Easy way is open a new topic on malware removal. I have to go out now sorry for this, you have no luck
- Jul 10, 2014
- 917
umm .ink files are harmless as they just point to somewhere in this case malware, but it shall be detected as a malware trace, i can tell that eset is not good detecting such... i wonder how is your problem now.. it seems that an undetected malware is messing your pc :/
Do you have this March 2015 patch installed, because all Windows PC were exposed even with the 2010 patch.
Source, March 2015: https://threatpost.com/patched-windows-machines-exposed-to-stuxnet-lnk-flaw-all-along/111558
https://technet.microsoft.com/en-us/library/security/ms15-mar.aspx
Source, March 2015: https://threatpost.com/patched-windows-machines-exposed-to-stuxnet-lnk-flaw-all-along/111558
https://technet.microsoft.com/en-us/library/security/ms15-mar.aspx
- Dec 20, 2014
- 619
@yigido @jamescv7 I've just done a full format of it, but when I plug my USB in, ESET still detects threats . Last night, I do full scan by ESET, Zemana and EEK. But they found nothing . I think my computer is still infected, because when I plug a new USB in, it has the same problem. What can I do to clean totally this threat now, I'm confused! What a bad nightmare!
@Huracan My Windows is always up-to-date
. Last night, I do full scan by ESET, Zemana and EEK. But they found nothing . I think my computer is still infected, because when I plug a new USB in, it has the same problem. What can I do to clean totally this threat now, I'm confused! What a bad nightmare!
@Huracan My Windows is always up-to-date
- Mar 15, 2011
- 13,070
@Maxxx58 : Upon researching many users experience such that problems and solutions are as provided.
1) Try this part:
http://en.kioskea.net/forum/affich-714535-shortcut-lnk-virus-on-usb-and-phone-keep-reappearing-help
2) Or use command prompt for deletion, remember make it as Administration to avoid access denied operation.
http://www.groldz.com/2013/05/how-to-remove-shortcut-virus-from-pen.html
1) Try this part:
http://en.kioskea.net/forum/affich-714535-shortcut-lnk-virus-on-usb-and-phone-keep-reappearing-help
2) Or use command prompt for deletion, remember make it as Administration to avoid access denied operation.
http://www.groldz.com/2013/05/how-to-remove-shortcut-virus-from-pen.html
- Dec 20, 2014
- 619
I've just tried method 1, and the problem seems to be solved. Thank you very much, jamescv7!
- Jan 9, 2013
- 1,457
I'm not backreading, but this is all I can say. ESET is not that good when it comes .lnk worms.
Here are two of my tutorials in removing these kind of worms.
Ultimate Guide in Removing VBS Worms
How to Remove a VBS Worm
If it's a VBS. you can terminate wscript.exe process prior to disinfection. If it's other than that, you can submit a sample so I can provide specific steps in dealing with that kind of malware. The tutorial is easy to follow. In less that 5 minutes, you're done.
Here are two of my tutorials in removing these kind of worms.
Ultimate Guide in Removing VBS Worms
How to Remove a VBS Worm
If it's a VBS. you can terminate wscript.exe process prior to disinfection. If it's other than that, you can submit a sample so I can provide specific steps in dealing with that kind of malware. The tutorial is easy to follow. In less that 5 minutes, you're done.
- Jul 10, 2014
- 917
indeed it may sound as an infection i can help you to find out so, or post a new topic in malware help, however try to look up in start up folders to see if you got something... (if the .ink detection persist from eset when you plug your drive it seems that a live worm is alive)UPDATE:
I've just installed Malwarebytes Anti-Malware, and it detected 1 threats on my computer (ESET, Zemana, EEK missed). I don't know if it related with my USB prolem
PST: please remember that most .vbs are hard to detect from most of the vendors...
- Dec 20, 2014
- 619
I've just done the guide of @jamescv7 above and seems problem is solved
- Jul 10, 2014
- 917
sounds great, but if you can save a copy of the malware may be you may consider submission to AV vendor to help more people
- Dec 20, 2014
- 619
I can't find this malware on USB, only .ink file which is uploaded to virustotal in previous comment abovesounds great, but if you can save a copy of the malware may be you may consider submission to AV vendor to help more people
- Jan 9, 2013
- 1,457
yup because it runs under the process wscript.exe which is a legit Windows program.
Last edited:
- May 18, 2015
- 54
May need to format USB drives. Also, Installing Panda USB Vaccine may be beneficial. Mainly to disable autorun. Also repeated infection could mean you have a rootkit or a Worm on your pc somewhere. Would recommend running MBAM, and TDSSKiller. SuperAntiSpyware may be beneficial to check for adware. From the sounds of it its some sort of Autorun worm. Very common tactic, and Depending on other issues with the PC, could Mean a Sality or Gamarue Infection. Gamarue is quite common. so is Sality. Despite MSE's downfalls, Microsoft safety Scanner In personal experiences has detected Gamarue pretty consistently. So its worth a shot.
Last edited by a moderator:
- Status
Similar threads
