Infection date and initial symptoms
The infection started on my father's Windows 7 desktop PC sometime in late 2013 - early 2014. The biggest symptom was an incredibly slow PC - slow to boot, slow to open any software or browser. I also noticed almost constant HD activity and 100% CPU usage but very few processes were running. Just opening Windows Explorer took forever. **I copied his data files off onto a new USB drive.**
Current issues and symptoms
After reformatting and reinstalling Windows, I inserted the USB drive to copy back his files...and reinfected the PC. I accidentally inserted the same USB into another laptop and suddenly it had the same symptoms, so I believe the USB itself is infected.
Steps taken in order to remove the infection
I used Chiron's article on techsupportalert.com, "How to Clean an Infected Computer"...but even after working through that article and getting seemingly clean reports, the pc was still painfully slow. My son suggested that maybe it was a zombie bot, which actually made some sense with the symptoms I was seeing. So I saved the data files off onto a USB drive and reformatted the PC, reinstalling Windows 7, patching, and then upgrading to Windows 8.1. Everything ran quickly and normally until I reinserted the USB with the data files, when all the symptoms came back.

puffball

New Member
So here's the question: my father has Family Treemaker files on that USB that we really need to recover.

Because of the speed of the reinfection (none of the data files were opened after I copied them back on the the PC), I'm going to guess that the malware traveled on the USB, either in the folder structure or the firmware. (As a side question, can this USB be cleaned and safely used again?)

If the data files themselves are not infected, I thought about possibly copying them up to an online Dropbox or other account to strip off the malware (copying just the files, not the folders), then downloading them to a PC running Ubuntu (not Windows)...then transferring them to a fresh (never used) USB and back to the original (reformatted again) Windows PC. Or is there a way I could try to clean the data files themselves?

These files are not encrypted (no cryptolocker or ransomware), and they had their original creation dates when I copied them onto the USB, though that may not mean much.
 

TwinHeadedEagle

Removal Expert
Verified
Staff member
Hello,

Let's check if USB is infected.


Please download MCShield from one of the following links:

MCShield -Official download link
  • Double click on MCShield-Setup to install the application.
    Next => I Agree => Next => Install ... per installation click on Run! button.
  • Wait a few seconds to MCShield finish initial HDD scan...
  • Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
  • When all scanning is done, you need to post a logreport that MCShield has created.
Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.

=> Post here AllScanst.txt


Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.