ESET Smart Security can't protect me from .lnk malware

Status
Not open for further replies.

Maxxx58

Level 13
Dec 20, 2014
619
Just pluged in new USB and it has the same problem with both USB before
nUc27j7.png

I'm sure that my machine got infected :(
 
Y

yigido

I can help you on this matter. Can you please send me your Teamviewer ID and password via PM?
I will recover your all files.
Solution guaranteed
 
  • Like
Reactions: frogboy

Maxxx58

Level 13
Dec 20, 2014
619
I can help you on this matter. Can you please send me your Teamviewer ID and password via PM?
I will recover your all files.
Solution guaranteed
Hi yigido,
Thanks very much for supporting me. My files in my USB don't important, so I don't care if they lost. But my problem is my computer is infected and when I plug USB in, all file in that computer will turn to USB shorcut :(
 
Y

yigido

Hi yigido,
Thanks very much for supporting me. My files in my USB don't important, so I don't care if they lost. But my problem is my computer is infected and when I plug USB in, all file in that computer will turn to USB shorcut :(
I will tell you what you have to do. It is very easy to solve problem. My many of friends had this issue before.
Easy way is open a new topic on malware removal. I have to go out now sorry for this, you have no luck :(
 
  • Like
Reactions: Maxxx58

Maxxx58

Level 13
Dec 20, 2014
619
I will tell you what you have to do. It is very easy to solve problem. My many of friends had this issue before.
Easy way is open a new topic on malware removal. I have to go out now sorry for this, you have no luck :(
PM sent!
 

kiric96

Level 19
Verified
Jul 10, 2014
917
umm .ink files are harmless as they just point to somewhere in this case malware, but it shall be detected as a malware trace, i can tell that eset is not good detecting such... i wonder how is your problem now.. it seems that an undetected malware is messing your pc :/
 

jamescv7

Level 85
Verified
Trusted
Mar 15, 2011
13,088
@Maxxx58 : If not important from the files on USB then why not conduct a reformat? If its still persist then considered of something infection went through.
 

Maxxx58

Level 13
Dec 20, 2014
619
@yigido @jamescv7 I've just done a full format of it, but when I plug my USB in, ESET still detects threats :(. Last night, I do full scan by ESET, Zemana and EEK. But they found nothing :(. I think my computer is still infected, because when I plug a new USB in, it has the same problem. What can I do to clean totally this threat now, I'm confused! What a bad nightmare!
1Vo4838.png

@Huracan My Windows is always up-to-date
 

Maxxx58

Level 13
Dec 20, 2014
619
UPDATE:
I've just installed Malwarebytes Anti-Malware, and it detected 1 threats on my computer (ESET, Zemana, EEK missed). I don't know if it related with my USB prolem
dWYCR2m.png

SHbGWJi.png
 

jamescv7

Level 85
Verified
Trusted
Mar 15, 2011
13,088
@Maxxx58 : Upon researching many users experience such that problems and solutions are as provided.

1) Try this part:

>>Open Device Manager (in all windows)
>>Expand "Universal Serial Bus Controller"
>>Uninstall all components under "Universal Serial Bus Controller"
>>Restart computer and let it be idle for 3-5 minutes (windows will automatically reinstall all hardware which will free of viruses).

http://en.kioskea.net/forum/affich-714535-shortcut-lnk-virus-on-usb-and-phone-keep-reappearing-help

2) Or use command prompt for deletion, remember make it as Administration to avoid access denied operation.

First of all Click on Start >> Run >> and type cmd and click on OK.
Here I assume your pen drive letter as G:

Enter this command.

attrib -h -r -s /s /d g:\*.*

You can copy the above command >> Right click in the Command Prompt and
paste it.

Note : Don't forget to replace the letter g with your pen drive letter.
Now press Enter

http://www.groldz.com/2013/05/how-to-remove-shortcut-virus-from-pen.html
 
  • Like
Reactions: Maxxx58

Maxxx58

Level 13
Dec 20, 2014
619
@Maxxx58 : Upon researching many users experience such that problems and solutions are as provided.

1) Try this part:



http://en.kioskea.net/forum/affich-714535-shortcut-lnk-virus-on-usb-and-phone-keep-reappearing-help

2) Or use command prompt for deletion, remember make it as Administration to avoid access denied operation.



http://www.groldz.com/2013/05/how-to-remove-shortcut-virus-from-pen.html
I've just tried method 1, and the problem seems to be solved. Thank you very much, jamescv7!
 
  • Like
Reactions: jamescv7

WinXPert

Level 25
Verified
Trusted
Malware Hunter
Jan 9, 2013
1,461
I'm not backreading, but this is all I can say. ESET is not that good when it comes .lnk worms.

Here are two of my tutorials in removing these kind of worms.

Ultimate Guide in Removing VBS Worms

How to Remove a VBS Worm

If it's a VBS. you can terminate wscript.exe process prior to disinfection. If it's other than that, you can submit a sample so I can provide specific steps in dealing with that kind of malware. The tutorial is easy to follow. In less that 5 minutes, you're done.
 

kiric96

Level 19
Verified
Jul 10, 2014
917
UPDATE:
I've just installed Malwarebytes Anti-Malware, and it detected 1 threats on my computer (ESET, Zemana, EEK missed). I don't know if it related with my USB prolem
dWYCR2m.png

SHbGWJi.png
indeed it may sound as an infection i can help you to find out so, or post a new topic in malware help, however try to look up in start up folders to see if you got something... (if the .ink detection persist from eset when you plug your drive it seems that a live worm is alive)

PST: please remember that most .vbs are hard to detect from most of the vendors...
 

Maxxx58

Level 13
Dec 20, 2014
619
indeed it may sound as an infection i can help you to find out so, or post a new topic in malware help, however try to look up in start up folders to see if you got something... (if the .ink detection persist from eset when you plug your drive it seems that a live worm is alive)

PST: please remember that most .vbs are hard to detect from most of the vendors...
I've just done the guide of @jamescv7 above and seems problem is solved
 

Maxxx58

Level 13
Dec 20, 2014
619
sounds great, but if you can save a copy of the malware may be you may consider submission to AV vendor to help more people :D
I can't find this malware on USB, only .ink file which is uploaded to virustotal in previous comment above
 

WinXPert

Level 25
Verified
Trusted
Malware Hunter
Jan 9, 2013
1,461
indeed it may sound as an infection i can help you to find out so, or post a new topic in malware help, however try to look up in start up folders to see if you got something... (if the .ink detection persist from eset when you plug your drive it seems that a live worm is alive)

PST: please remember that most .vbs are hard to detect from most of the vendors...

yup because it runs under the process wscript.exe which is a legit Windows program.
 
Last edited:
May 18, 2015
54
May need to format USB drives. Also, Installing Panda USB Vaccine may be beneficial. Mainly to disable autorun. Also repeated infection could mean you have a rootkit or a Worm on your pc somewhere. Would recommend running MBAM, and TDSSKiller. SuperAntiSpyware may be beneficial to check for adware. From the sounds of it its some sort of Autorun worm. Very common tactic, and Depending on other issues with the PC, could Mean a Sality or Gamarue Infection. Gamarue is quite common. so is Sality. Despite MSE's downfalls, Microsoft safety Scanner In personal experiences has detected Gamarue pretty consistently. So its worth a shot.
 
Last edited by a moderator:
Status
Not open for further replies.
Top