Infected wscript.exe

Viruses and worms
1

Hey!

This is a new replaced harddisk. I keep getting 2-3 messages a minute from avast saying: Avast shield has blocked a harmful webpage or file:
object: http://dz47.myq-see.com:224/is-ready
infection: URL:MAL
Process: C:\Windows\System32\wscript.exe
no further details

These messqges started since ever i plugged in a flash drive with google.exe on it.
Now i ran the required scans.
Thanks for your help and time!

2
These messqges started since ever i plugged in a [b]flash drive [/b]with google.exe on it.
go back to the guide here https://forum.avast.com/index.php?topic=53253.0 scroll down to[b] SPECIFIC INFECTIONS LOGS[/b] follow instructions for MCShield

copy and paste that log (if attached it sometimes does not display correct)

removal team is notified and will be online later today …

3

The flash drive is no longer available
I ran mcshield however

4

MCShield will clean and protect you against infected USB drives so a tool to keep

was it somone elses?
he need to install MCShield and check his computer for infections

5

Could you let me know if this stops it

Hi there, first you must uninstall Chrome, you can re-install when we have finished

Avast should start after the FRST reboot

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-2872681868-3158625737-2755142481-1000\...\Run: [iexplore] => wscript.exe //B "C:\Users\USER\AppData\Roaming\Internet Explorer\\iexplore.vbs" Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iexplore.lnk ShortcutTarget: iexplore.lnk -> C:\Users\USER\AppData\Roaming\Internet Explorer\iexplore.vbs () SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 2015-01-13 23:58 - 2015-01-13 23:58 - 00000000 ____D () C:\Users\USER\AppData\Local\{2A82324E-1E3C-4E88-A68A-8BA11B0417FE} C:\Users\USER\AppData\Roaming\Internet Explorer\iexplore.vbs EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

6

Hey!!

Well i am sending this from my phone because my laptop can no longer connect to the internet. Windows troubleshooting says there is a problem with the driver of the wireless network adapter. This happened after rebooting once adwcleaner identified hotspotshielf as a malware. When given the possibility to untick the files

i want to keep i did… Reboot… No connection. Adwcleaner s1 (pic with my phone)

I opened device manager, that showed problems with two drivers installed under network relating to an horfree software hotspot shield. I tried to disable the … No connection.
I ran adwcleaner again this time the same fikes were identified and i deleted them as suggested adwcleaner R1 (pic) reboot… No connection… Same message by windows troobleshooting this time i went and uninstalled anchorfree drivers completely, same problem… Dont know what to do now please help… Included the fixlog of frst (pic)

Pics are too big to attach…

7

This will reset the DNS and winsocks

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

After the reboot go to Control panel > Internet Options
Select Connections
Select LAN settings
Ensure there is no tick in the Proxy settings
OK out

Now try to connect again