Malware Causing defective USB?

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
I cannot access data on my USB, as it appears it's not being fully recognized by my computer. I need the data that was saved. About a week ago I was getting a prompt from Microsoft saying that one of my Word files may possibly be infected, but i kinda shrugged it off :(
Now i cant access anything on my USB and the computer says there is "no media" on the USB.
I need help because i REALLY need to access the information from my USB...please help!
 

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
may i add that when i click on the USB icon in "my computer" it keeps asking me to insert a disc :(
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hi,


Please do not use any USB, until i give you the green light. We'll deal with it later. Let's firts make sure that system is clean.


Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Like everyone, I have a private life, so be patient with me. Sometimes I will respond immediately, sometimes it will take a coupe hours.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

Because of this, I advise you to backup any personal files and folders before you start.


<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>



Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
  • Press Start Scan
  • If Suspicious object is detected, the default action will be Skip, click on Continue.
  • If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.




Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
Last edited by a moderator:

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
bravebird said:
may i add that when i click on the USB icon in "my computer" it keeps asking me to insert a disc :(

cant find the tdss log but it found nothing.
 

Attachments

  • AdwCleaner[S0].txt
    1.1 KB · Views: 66
  • FRST_03-11-2013_13-01-36.txt
    32.6 KB · Views: 87
  • Addition.txt
    21.1 KB · Views: 81

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.


[attachment=6152]





Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em> performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</>.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------------

How to run the Combofix scan :
  1. Double click on ComboFix.exe & follow the prompts.
  2. Accept the disclaimer and allow to update if it asks
  3. When finished, it shall produce a log for you.
    [*]Please include the C:\ComboFix.txt in your next reply.

Additional notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li> If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>

 

Attachments

  • fixlist.txt
    123 bytes · Views: 59
Last edited by a moderator:

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
Not sure if i did the fixlist.txt right. there was no link for me to download it so i created the same file by copying and pasting in notepad and saving the file in the same folder with frst.
logs are attached
 

Attachments

  • Fixlog.txt
    3.8 KB · Views: 75
  • combolog.txt
    11.6 KB · Views: 78

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
OK, the system is clean, let's take care of USB


> Check USB storage devices / removable drives


Download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

  • Double click MCShield-Setup to install the application.
  • Wait a few seconds to MCShield finish initial scan.
    Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
  • Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that MCShield has created.

Start -> All Programs -> MCShield -> Logs

Attach here -> AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
 

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
i connected my USB but it doesnt seem to be scanning it :(
the USB shows up as "removable disk G:" but i still cant access it and it doesnt seem to be in the scan. but mcshield did find something in my D: drive and couldnt delete it.
 

Attachments

  • temp_init_scan.txt
    1.1 KB · Views: 70
  • AllScans.txt
    2.3 KB · Views: 65

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
still nothing i guess. i dont think it scanned a thing. seems not to be recognizing the usb :(
ill attach allscans anyway

dont tell me my USb is fried :( :( :(
i have some REALLY important things on it i did not back up yet. any other options i might have?

the computer is still recognizing the drive as i plug it in but for some reason i cant access it...i dont think it's fried, just a virus or something strange. if it were fried wouldnt it be true that it wouldnt be recognized at all by the computer?

might i also add that the name of the drive changes often....
I have 3 different usb ports on my laptop and in each one the name is different for the same USB drive. i guess i renamed the usb on each different portal so now it changes whenever i switch the location of the USB stick


Also...i've been trying to remove the USB using the USB removal tool and it gives me this prompt:
"windows cant stop your "USB memory.." device because a programs is still using it. Close any programs that might be using the device and try again later."
 

Attachments

  • AllScans.txt
    5.7 KB · Views: 71

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
No, USB is just fine, Microsoft Security Essentials is blocking it, but we will take care of it.


Let's rescan the system again. Please do not use USB until I tell you.



Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.
  • Wait for initial scan to finish - if there is any query, click No;
  • Click Scan button and wait until the full scan is complete;
  • Click Save ... - save the report to the Desktop (named Gmer );

> Attach here Gmer logreports.



Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em> performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</>.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------------

How to run the Combofix scan :
  1. Double click on ComboFix.exe & follow the prompts.
  2. Accept the disclaimer and allow to update if it asks
  3. When finished, it shall produce a log for you.
    [*]Please include the C:\ComboFix.txt in your next reply.

Additional notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li> If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>

 
Last edited by a moderator:

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
the gmer didnt have a 'save' function so i just copied and pasted. i also notice it wasnt a "full" scan...just a quick one. on the second scan i tried scanning the D: drive and after that things went a little haywire.

ran combofix and it rebooted machine i guess...i had stepped away. when i tried getting on line the comp froze so i had to restart. just some fishy things happening but in any case the logs are attached.
 

Attachments

  • gmer.txt
    6.3 KB · Views: 118
  • logcombo.txt
    13.4 KB · Views: 80

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Ok, the system is clean...

I want you to do following now:


Open Microsoft Security Essentials, click on Settings --> Advanced

Uncheck Scan removable drives, and click on Save changes


Now plugin USB and attach me the MCShield report.
 

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
i dont think mcshield is acknowledging my USB.
attached a log but it doesnt even show that it scanned it. and the no scanning Option on the Microsoft Security Essentials was already unchecked. don't think i ever unchecked it tho, unless it did it on it's own.
 

Attachments

  • LastScan.txt
    708 bytes · Views: 68

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
well i just used a different USB in the computer and it works fine :(
maybe my other USB is just damaged? i didnt drop it or anything. is there anyway i can take it apart or do ANYTHING to get the data back? I tried Recuva and it wont even allow me to gather the data. anything! i just dont want to reformat it yet because i need the information on the drive
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top