Remove AntiShortCut AntiUsbShortCut

New USB Worm AntiUsbShortCut.zip !

It installs in the system root folder:

  • C:\AntiShortCut\AntiUsb.exe
  • C:\AntiShortCut\AntiUsbShortCut.zip

Create autostart files:

  • %USERSTARTUP%\AntiShortCutUpdate.lnK
  • %USERSTARTUP%\AntiUsbShortCutUpdate.lnK

It makes persistent with windows registry/h4>

  • 04 – HKCU\..\Run : [AntiShortCutUpdate] C:\AntiShortCut\AntiUsb.exe “C:\AntiShortCut\AntiUsbShortCut.zip”
  • 04 – HKCU\..\Run : [AntiUsbShortCut] C:\WINDOWS\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe “C:\AntiShortCut\AntiUsbShortCut.zip” & exit

Propagation

The infection will then spread on removable media by trapping its contents in order to deceive you and to spread to other computers.

Solution :

UsbFix Our software will get rid of this infection. UsbFix can also restore your data become inaccessible. Download UsbFix.

Malware USB, What is it ?

Read More ..

Download USBFix.

Download

Example USBFIX Report

################## | Startup |

F2 – HKLM\..\Winlogon :

[Shell] Explorer.exe
F2 – HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 – HKCU\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 – HKCU\..\Run : [AntiShortCutUpdate] C:\AntiShortCut\AntiUsb.exe “C:\AntiShortCut\AntiUsbShortCut.zip”
04 – HKCU\..\Run : [AntiUsbShortCut] C:\WINDOWS\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe “C:\AntiShortCut\AntiUsbShortCut.zip” & exit
04 – HKLM\..\Run : [AvastUI.exe] “C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe” /nogui
04 – HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE
04 – HKLM\..\Run : [AntiShortCutUpdate] C:\AntiShortCut\AntiUsb.exe “C:\AntiShortCut\AntiUsbShortCut.zip”
04 – HKLM\..\Run : [AntiUsbShortCut] C:\WINDOWS\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe “C:\AntiShortCut\AntiUsbShortCut.zip” & exit
04 – HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 – HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 – HKU\S-1-5-21-329068152-1960408961-839522115-1009\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 – HKU\S-1-5-21-329068152-1960408961-839522115-1009\..\Run : [AntiShortCutUpdate] C:\AntiShortCut\AntiUsb.exe “C:\AntiShortCut\AntiUsbShortCut.zip”
04 – HKU\S-1-5-21-329068152-1960408961-839522115-1009\..\Run : [AntiUsbShortCut] C:\WINDOWS\system32\cmd.exe /c start C:\AntiShortCut\AntiUsb.exe “C:\AntiShortCut\AntiUsbShortCut.zip” & exit
04 – HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 – HKU\S-1-5-19\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 – HKU\S-1-5-20\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 – HKU\S-1-5-18\..\RunOnce : [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04GS – AntiShortCutUpdate.lnk : C:\AntiShortCut\AntiUsb.exe C:\AntiShortCut\AntiUsbShortCut.zip &
04GS – AntiUsbShortCutUpdate.lnk : C:\AntiShortCut\AntiUsbShortCut.zip

################## | C:\ %SystemDrive% – Disco fijo (NTFS) |

[22/05/2010 – 14:17:27 | RASH | 0 Ko] – C:\MSDOS.SYS[22/05/2010 – 14:17:27 | A | 0 Ko] – C:\CONFIG.SYS[22/05/2010 – 14:17:27 | RASH | 0 Ko] – C:\IO.SYS[13/04/2016 – 12:22:28 | ASH | 1548288 Ko] – C:\pagefile.sys[13/04/2016 – 11:59:40 | D] – C:\Config.Msi[18/02/2014 – 10:43:24 | A | 69 Ko] – C:\P1005.log[07/09/2015 – 11:11:56 | A | 45 Ko] – C:\1020.log[17/09/2015 – 11:52:42 | A | 1 Ko] – C:\INSTPDTLOG_9-17-2015_11-51-24.LOG[28/09/2015 – 11:24:49 | A | 1 Ko] – C:\INSTPDTLOG_9-28-2015_11-24-12.LOG[22/05/2010 – 14:12:22 | SH | 0 Ko] – C:\boot.ini[01/05/2009 – 22:56:12 | A | 114 Ko] – C:\USB Show.exe[21/02/2003 – 04:42:22 | A | 340 Ko] – C:\msvcr71.dll[03/08/2004 – 22:38:34 | N | 46 Ko] – C:\NTDETECT.COM[28/09/2001 – 07:00:00 | N | 5 Ko] – C:\Bootfont.bin[13/04/2016 – 11:59:39 | SHD] – C:\$RECYCLE.BIN[22/05/2010 – 14:17:27 | A | 0 Ko] – C:\AUTOEXEC.BAT[22/05/2010 – 15:44:06 | RASH | 245 Ko] – C:\ntldr[13/04/2016 – 11:59:40 | D] – C:\DESCARTES[13/04/2016 – 11:59:40 | D] – C:\Documents and Settings[13/04/2016 – 11:59:40 | D] – C:\hp_LJ1018_Full_Solution[13/04/2016 – 11:59:40 | D] – C:\Instalar[13/04/2016 – 11:59:40 | D] – C:\Intel[13/04/2016 – 11:59:41 | RHD] – C:\MSOCache[13/04/2016 – 11:59:41 | SHD] – C:\RECYCLER[13/04/2016 – 11:59:41 | D] – C:\spoolerlogs[13/04/2016 – 11:59:41 | D] – C:\SUNATPDT[13/04/2016 – 12:04:20 | D] – C:\AntiUsbShortCut[13/04/2016 – 12:15:24 | D] – C:\AntiShortCut[13/04/2016 – 12:26:12 | D] – C:\Archivos de programa[13/04/2016 – 12:27:43 | D] – C:\UsbFix[13/04/2016 – 12:28:38 | D] – C:\WINDOWS

################## | F:\ – Disco fijo (NTFS) |

[13/04/2016 – 11:59:41 | D] – F:\AntiUsbShortCut[13/04/2016 – 12:28:42 | SHD] – F:\RECYCLER
By | 2016-12-14T06:18:21+00:00 April 14th, 2016|news|0 Comments

Leave A Comment