Files continue to show up on my external hard drive even after it was cleaned.
Files continue to show up on my external hard drive even after it was cleaned.
Hello. I connected my thumb drive to a computer in the university library, then all the existing files vanished and two new ones appeared unexpectedly. When I opened the file called 'FAISAL 4GB (Secured by Kaspersky Internet Security 2017).bat', a fresh Windows Explorer window displayed the contents of the missing files. At home, I attempted to format the thumb drive with my Windows desktop, but those two files kept reappearing each time. When I formatted it using a Macbook, they disappeared, but reappeared when I connected a clean thumb drive to my Windows desktop. Whenever I plugged in other new drives, those files showed up on all of them. Is my desktop infected with malware? Should I consider installing a good antivirus? P.S.: I also tried making a Windows 10 installation media using either the infected desktops or the thumb drives, but that didn’t work. So far, I managed to create the media only with a clean Windows desktop and a working thumb drive.
Reset the PC through the settings menu instead of a complete reinstall. Others report success with this method; if not, try generating a USB installation key from a friend’s computer using a different key and then reinstalling.
Sorry, the image in my initial message didn't show up until I performed some edits recently. Thank you for your response. Ideally, I'd like to remove the infection without changing the layout. If that's not possible, I'll reformat my Windows desktop. Could you tell me how to reset this from the PC settings?
TROSAN: <name>#GB(Secured by Kaspersky Internet Security 2017).bat ===== Checking for infection? =====
Obtain a blank USB stick.
Format it properly.
After formatting, ensure no files remain on the drive.
If you discover two files—<name>#GB(Secured by Kaspersky Internet Security 2017).bat and Readme—you’re compromised. How to remove? (You need internet access until step 4). =====
1. Download CCleaner: https://www.piriform.com/ccleaner/download
1.1 Launch the Cleaner menu to clear internet cache, temporary files, etc.
1.2 Use the Registry tool to scrub your registry without backup.
1.3 Open Tools>>Startup. If it shows *AppData\Roaming\Kaspersky Internet Security 2017*, proceed.
1.4 Add Norton Power Eraser: https://security.symantec.com/npe.aspx
2.1 Execute the scan. It will initiate a rootkit check and prompt for a restart. NPE will detect multiple virus entries. If possible, create a restore point. (Sometimes unavailable.) Delete the malware. The PC will restart.
2.2 Post-restart, run NPE once more. Usually it finds additional infected files (*.exe). Upload them to cloud storage and delete.
2.3 Use adwcleaner: https://www.malwarebytes.com/adwcleaner/
3.1 Start the scan for adware/PUPs. You’ll see entries like PUP.Optional.Legacy, [Key] -HKU, HKCU, or HKLM. Reboot to remove them.
4. Delete these files and restart your PC. Once done, run CCleaner again. If you still can’t locate the files, follow the same steps.
3.2 Install SMADAV: http://www.smadav.net/?page=download
It will clean hidden files and confirm completion. All data is now accessible. STILL UNABLE TO LOCATE THEM? =====
1. Open your computer. Navigate to system volume info.
2. Transfer the files you wish to keep onto your desktop. Avoid cutting them.
3. Paste them into a new folder on the desktop.
4. Format the USB stick.
5. Reinsert the drive and format it again.
6. Transfer the files back to the USB.
One final tip: =====
If you can’t find anything, install SMADAV for thorough cleanup. Task complete.
Notify the library's IT staff as well. Their computers could be infected.
Did you already wipe the thumb drive from the Kaspersky internet security 2017 version? I’m facing the same issue too—I’ve reformatted it, but it still shows up.