Uhh, so yeah. Title explains it all. Except the fix for it won’t work.
It’s a VBS worm. I’ve removed the attached USB devices, and Anti-VBS/VBE x64 will not remove it all. I can’t find anything like wscript.exe running in Task Manager. MCShield detects and removes just to be reinfected. I need my USB’s for school tomorrow. Ideas?
Do you guys need OTL?
OTL + Extra’s
MBAM Coming. Anti VBS/VBE attached.
THen 30 seconds later. Run Anti-VBS again.
Also who is this User? Taraneh
This computer has 1 user account, and that is me. Not Taraneh. User account name for me is Michael
Can you attach FRST report?
FRST + Addition.txt are attached.
Thanks Twin
- Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.
- Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.
Instructions how to disable avast:
[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.
- Run ComboFix. Click on I Agree!
[i][size=7pt]- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.[/size]
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
[/i]
- When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
At school right now. Will do that when I get home.
Thanks for the help. Time to report that to Magna86?
Is Magna not one of the authors of Anti-VBS/VBE? If not, Nevermind. I was going to tell him about Anti-VBS/VBE not removing the infection fully, and the fact it just comes back w/o anything plugged in…
Ohhhh. I see my mistake already. Anti-VBSVBE is posting the previous detections… Not redetecting it. I just need to let MCShield pick it up and remove it. Wow.
dr_Bora created this tool
Did you fixed issues you had?
- Oh, I thought Magna86 was a Author or co-author…
- No, Still at school. However, at this point my only question remains. Who is the User Account Taraneh? This is a personal PC that no one in my household has access to.
Regarding the VBS Worm. I was worried because I thought Anti-VBS/VBE was redetecting the Malware. But I didn’t see the dates of the scans. Thus I thought the malware was “Regenerating” hence my comment about not seeing wscript.exe in task Manager. At this point, all I need to do is attach my USB sticks for MCShield to clean them.
Yeah, I’m clean now. Thanks twin for the help