Shortcut virus in my removable drive?

Earlier this morning, I was asked by my friend to help him to print some documents from his pendrive. I plugged in the pendrive and scan it with NIS 2014 first before opening it.


Not long later, Norton notified me that the pendrive is free from threat, I then proceed to open the pendrive. This is a 16GB Kingston pendrive with almost 1GB spaces used, but what curious me the most is there were only 2 word documents and 1 PDF I can see.

 

I've seen shortcut viruses before, they usually hidden most of your files but they (the virus) will still be visible to its users as an auto run file and will also show a shortcut icon that is inaccessible. But this is different.

 

The virus itself is not visible to its user as an autorun file neither the shortcut icon is. The only documents I can see (mentioned above) is probably being added by my friend after the infection.

 

Since Norton can't detect the shortcut virus, I then tried to download the free Malwarebytes anti-malware to try to remove the virus. But even Malwarebytes failed to detect a single threat.

 

The last resolve I took was to download a file known as the "auto-run exterminator 1.8" from the Internet. I was glad that this tool worked and the hidden files are now visible again. (I would be glad if anyone can show me how to find the name of the threat this tool removed.)

 

So here's the question:
1. Why shortcut virus is so hard to be detectable even by 2 major anti virus softwares?
2. I would like to gather some opinions from the community on how you all deal with this situation? (to make hidden files visible again)
3. Will Norton release updates if there's any chance we can submit such copy of viruses to Norton?

 

Thank you.

The link to the log file generated by power eraser:http://sdrv.ms/1gJgBSA

Not even I know whether I can get the files back after your work, let alone if all the infection is removed.

 

Quads

If nobody has a better suggestion.

 

Try viewing the drive in Linux.

Linux has no need to respect Windows file permissions or attributes, if the files are still there you will be able to see them.

 

Maybe one of your friends at school use Apple or Linux.

Or download and boot to a Linux Live CD like Ubuntu.  (You may need to disable secure boot in your BIOS to boot to the CD).

 

If the files are visible in Linux, copy them (not move) to the hard drive somewhere under your user folder so they end up with inherited permissions for your windows user account. 

Or use the browser on the CD to transfer the files through Sydrive or a flash drive formatted in FAT.

 

Best of Luck,

Dave

 

 

So that's not other simple workaround?

I have done a system and Flash Drive for a User in France, by making sure the system  and Flash Drive is clean first and then also scripting to list and have hidden files show.

 

But due to what you have already done I am unsure what will work or if any of your files due to your actions are actually damaged or gone. 

 

 

Quads

But when I performed on-demand scan, I can see Norton scanned my power-point and word documents.

If you go here and sign up for the Protected malware board  I will deal with it.   You have to create the first post of the thread for the protection to see you are the thread creator so can reply to your own thread.

 

http://qmalwareremoval.freeforums.net/

 

Quads

I have the same problem, but NIS and the power eraser didnt find any thing !!!

I used Microsoft Safety Scanner and it founds a Worm:VBS/Jenxcus.CB

glad to see you are fixed sort of then.

 

Quads

The question is why NIS 2014 didnt detected it !

Earlier this morning, I was asked by my friend to help him to print some documents from his pendrive. I plugged in the pendrive and scan it with NIS 2014 first before opening it.


Not long later, Norton notified me that the pendrive is free from threat, I then proceed to open the pendrive. This is a 16GB Kingston pendrive with almost 1GB spaces used, but what curious me the most is there were only 2 word documents and 1 PDF I can see.

 

I've seen shortcut viruses before, they usually hidden most of your files but they (the virus) will still be visible to its users as an auto run file and will also show a shortcut icon that is inaccessible. But this is different.

 

The virus itself is not visible to its user as an autorun file neither the shortcut icon is. The only documents I can see (mentioned above) is probably being added by my friend after the infection.

 

Since Norton can't detect the shortcut virus, I then tried to download the free Malwarebytes anti-malware to try to remove the virus. But even Malwarebytes failed to detect a single threat.

 

The last resolve I took was to download a file known as the "auto-run exterminator 1.8" from the Internet. I was glad that this tool worked and the hidden files are now visible again. (I would be glad if anyone can show me how to find the name of the threat this tool removed.)

 

So here's the question:
1. Why shortcut virus is so hard to be detectable even by 2 major anti virus softwares?
2. I would like to gather some opinions from the community on how you all deal with this situation? (to make hidden files visible again)
3. Will Norton release updates if there's any chance we can submit such copy of viruses to Norton?

 

Thank you.

Thanks for the reply but the link does not work.


tancheeping wrote:

Thanks for the reply but the link does not work.


Hi,
I can confirm that the link is broken. It may be that one of the moderators disabled it for safety's sake.

http://www.bleepingcomputer.com
http://forums.whatthetech.com/
http://www.geekstogo.com/forum/
http://www.cybertechhelp.com/forums/
These are free malware removal forums. Choose one and stick with the trained volunteer that starts helping you. They can get the job done right the first time

Keep us posted

Here is the link, it is a safe site to visit according to SucuriSitecheck, but I can not vouch for the effectiveness of the process nor the programs the article links to.

 

I agree with Dick, you are better off visiting one of the malware removal sites.

 

http://www.techchore.com/2013/03/Flashdrive-Shortcut-Virus-and-two-2-methods-to-get-rid-of-it.html