.Trashes virus on USB & PC, won't let me install/run some programs, can't restore Windows.

  Eliwi 19:18 12 Mar 15
Locked

Hello. I recently noticed that when I plug in my USB, I got this weird folder named ".Trashes" along with a lot of shortcuts to the same folders that were already in there. I didn't know what it was so I left it alone, but a few days ago when I turned on my computer, I got a message from Windows Based Script Host asking for permission to run (or something). I clicked no because I didn't know what it was. After researching a bit I found out it was a virus, and the first thing someone suggested was to get an antivirus to see how I could get rid of it.

I couldn't install the antivirus, I also can't run CCleaner, and I keep getting the message every time I turn on my computer. I decided to just restore windows or something, thinking that would work... but I can't do that either.

I've followed tons of tutorials online about how to get rid of it but nothing has worked so far. I can't access safe mode (I tried three different ways), and I would hate to have to format my computer yet again. I want to try that only as a last resort.

Can someone help me get rid of this thing? From my USB and my computer. I don't know what else to do, if the tutorials don't work and I can't install anything! I haven't been able to work because of this.

I have Windows 7 Professional, AMD A6-6400K APU with Radeon(tm) HD Graphics 3.90 GHz Processor and 4 GB RAM, if that helps anything.

Thank you!

  tullie 20:53 12 Mar 15

Are you saying that you dont have AV installed?

  bumpkin 21:18 12 Mar 15

someone suggested was to get an antivirus to see how I could get rid of it.

Antivirus of some kind is the first thing you should instal, not much point in getting it once you have a virus which will prevent you installing it.

  Fruit Bat /\0/\ 21:32 12 Mar 15

Can you connect to the internet on the infected machine?

if so go to eset and run the online scanner.

  Fruit Bat /\0/\ 21:33 12 Mar 15
  Eliwi 22:36 12 Mar 15

Thank you for answering.

Tullie, sorry, I don't know what you mean by AV.

bumpkin, I used to but I just recently formatted my computer and wasn't able to install it before this happened, unfortunately. Your answer, however, didn't help much :/.

Fruit bat, thanks, the link you provided doesn't work (I'm not in the US), but I looked for another one and it's currently scanning. The first one that has actually worked! Hopefully it will help. Thank you!

  Eliwi 22:55 12 Mar 15

The scan is done but I don't see any weird files or programs, and I'm not sure if I should delete everything it shows. How do I know which to erase and which to leave as it is? Thanks.

  lotvic 23:49 12 Mar 15

We can't answer that as we don't know what you scanned with or what the results were - which would also depend on what it found, you may have more viruses than just the shortcut virus.

If you didn't use the Eset online scanner as per Fruit Bat /\0/\'s link, what did you scan with?

I advise using the Eset scan with the settings as stated in a thread on bleepingcomputer.com ClickHere and it should do the deleting/quarantining for you.

info notes for those reading thread:

AV = AntiVirus program

weird folder named ".Trashes" along with a lot of shortcuts = also known as USB Shortcut Virus, Recycler Virus

Symptoms: autorun.ini Virus hides all the files and folders on the USB flash drive and displays a Trash/recycle folder and shortcuts instead. If you click on the shortcut.exe to view your files the virus starts spreading and hiding files and folders on pc and any other attached drives.

You can unhide the files and folders by running the command:

Click the Start button and select the Run option. Type cmd. Then type this command: attrib -h -r -s /s /d f:*.* and press Enter. Note: The "f:" in the command refers to the drive the usb is using, in this case the F: drive. If, when you open the "My Computer" window, the usb drive is using a different drive (for example, H:) remember to replace f: with the correct letter. Your files or folders should show normal. The normal files should appear in the drive window along with the bad shortcut files.

  lotvic 00:07 13 Mar 15

This has a good guide to follow to remove the shortcut virus from a flash drive click here

  Eliwi 01:14 13 Mar 15

lotvic, thank you for the information. I will be trying that tomorrow first thing.

I did use the ESET online scanner to scan my computer, and it copied the report into a text file. I could show you but it's a lot of stuff lol. Here it is:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir Win32/Thinknice.E potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir Win64/Thinknice.F potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir a variant of Win32/Thinknice.F potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir Win32/Thinknice.E potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir Win64/Thinknice.E potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir Win32/Thinknice.G potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir a variant of Win32/Thinknice.E potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir Win64/Thinknice.F potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir a variant of Win32/ELEX.AV potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Win32/Thinknice.B potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir Win32/Thinknice.E potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir a variant of Win32/Thinknice.F potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir a variant of Win32/Thinknice.F potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir a variant of Win32/ELEX.AV potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.BH potentially unwanted application deleted - quarantined

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application deleted - quarantined

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined

C:\Users\Eliwi\Downloads\imagetopdf_softn.exe Win32/BundleLoader.B potentially unwanted application deleted - quarantined

C:\Windows\Installer\5e16b.msi a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined

After that, I tried following another tut. and the computer restarted. When it came back on, I could open Ccleaner, I was able to install AVG and other programs normally. Scanned PC and it shows no problems. I don't know what happened lol.

  hiwatt 11:32 13 Mar 15

Eset has ran,found and deleted malware.Always run with an anti virus software.Download malwarebytes free click here and run this too.Let it delete what it finds(if anything)

This thread is now locked and can not be replied to.

Qualcomm Snapdragon 835 benchmarks: Antutu, Geekbench 4, GFXBench and PCMark results

1995-2015: How technology has changed the world in 20 years

This stop-frame animation tells a moving story of domestic violence for Refuge

New iPad 2017 preview: Apple's affordable but underspecced new iPad may appeal to the education…