maybe a flashdrive infection?

hi chaslang or anybodody else

// I FOLLOWED THE MALWARE REMOVAL GUIDE //

i 'm dual booting (MacOSX & XP sp2) and i bought a new external hd i that i formatted for mac (HFS+), for that i tried to use macdrive to be able to read and write when i am on xp
when i tried to use it i saw some strange things in the right click menu and when i tried to open the new drive or the mac partition, avast detected VBS small.
after that i started some scans. I remember the first times i tried with spybot, was detecting vbs small a and some other variant i think, but was stuck in the registry, and i had to force quit it. Then i did some bitDefender scans and it also found some VBS. I think after the second BitDef scan it found something in the registry and after that spybot was able to complete the scan but after all these was clean, also bit defender was also clean.
I was never able to complete an active Panda, without quitting IE with no msg, so i can't post this log (i also tried in the past ith the same results)

also after the first cleaning process and while i still had the macdrive app i remember when i tried to open the new drive or the partition of the internal drive or a usb there was an error, something with like script error. I know that this happen when an AV deletes something and something in the registry has to change (sorry for the somethings!)

so i am attaching the latest logs that are clean! (i think)

and what do you think is the best approach for checking the removable drives and fixing the errors

thanks for your amazing help in advance , you 've helped in the past once!

 

the other logs

 

forgot to add

Sorry i forgot to to say that the online BitDefender scan was in normal mode because wifi and my keyboard doesn't work on safe mode, spybot and counterspy was in safe

thanks

 

hi chaslang

i 'm sorry about the "rather confusing post", but i was very tired!

about your question:

these :
O4 - HKLM\..\Run: [Brightness] C:\WINDOWS\system32\Brightness.exe
O4 - HKLM\..\Run: [arc] C:\WINDOWS\system32\arc.exe
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe

are connected to the dual boot as you mentioned.

i will try now to express my question better.

As you said my logs are clean, but all my removable drives are infected but all these tests checked the ntfs partition of the drive, the other partition (mac formatted) that i have never ran it, this drive can be read and written with an application called macdrive, that i just downloaded the trial version to run a some tests because i want to be able to use it when i work on Xp.
i also Mac formatted a new external HD that i also run a test and two USB mass storage devices.

i run these tests with avast and all were infected and i am attaching the logs from avast,

is it is safe to open these drives after deletion with avast?
or i have to do all the other tests with the macdrive enabled?
so i can scan the mac formatted partition and the new external drive?
(i can format this one because it's empty)

and i think that i after the deletion of some viruses(you van see that on the log) that are found in autorun.bat you have an error message when you try to access them, i don't want to try till it is safe to reproduce the error mesage,

i hope it was less confusing!

thanks again

 

hmm some of them are trial and one it was given by someone but i don't use them anyway and i already delete them.

I formatted e: drive so i cannot find anything,

the f: is the mac partition of the internal drive and i have not open it after infection's apearrance. I did a Search from the windows side and it didn't find anything. Ss there a better way than search from windows? I 'm going to search it from the mac side that is realtime fast and reliable to see if it is there , the freshly formatted disk works great without the error that i had once after deleting these infected files.

so...what do you suggest to do,

do you think it is a good idea to do the "Usual Scans" in the F drive only? (if it is possible)

 

i think it is the same like scanning an NTFS disk

i tried to do a scan with Bitdefender but cause there are many files ,the time needed was to much. I am going to do it over the night and see what's happening

thanks

 

some of them exist and Avast did not delete them, these files were in the new western digital HD for some properties to work.

i run the online scan (BD), only in the F and G (it is a usb drive that Avast found infected).
it found the a trojan in both : trojan.reggger.q as you going to see on the bdscan log

thank you

 

as you saw in the bdscan, disinfection failed ,so the files were deleted. or am i wrong?

but as i told you they were 2 usb flash drives infected so i was able to find the file in the non bdscanned usb so i am attaching this file


thank you again

 

i cannot find it,
this file was found by Avast and deleted,

My claim that all(mac partition,mac external and the 2 usb flashdrives) were infected was based on Avast scan. Then i scanned them all with bdscan except Cthat was already scanned) and the last usb.

i am sorry if i repeat things you already know!

thanks

 

the smilie is a typo

 

ok i am going to fix them and post a hijackthis log if you don't mind.

thank you

 

ok this is the last HJT log.

thank you so much for your help. It is so good to have someone for professional assistance

unfortunately i am going to need you, to check my other pc (MacBookPro) that has a similar setup. i have already done the required scans but i am thinking of doing them after installing macdrive so it is able to check the mac disk(i 've never done that in that pc so the windows side has never "seen" the files that are on he mac side, the macosx can of course read by default the NTFS(windows) partition.

so do you think it is more convenient to post these logs in the same thread or start a new one?