Whenever I start my computer, Avast opens a red and says “A threat has been detected” and shows this:
URL: http://copertps.com/k/
evil
C System32/wscript.exe
I’ve tried cleaning with CCleaner and install Malwarebytes Anti-Malware as a solution, but Avast blocks them and they do not open, because even with the full scan does not detect the malware, what do I do? I need to send a technician to clean my PC, I really want to fix this without sending a technician,
Well his English is poor so maybe he means every time he clicks on that page. Not sure I could be wrong. But your right. Something could be calling home.
I think it is quite obvious that there is definitely something on the OP’s system that is calling home and the OP should follow the instructions that Pondus has laid out in reply 2.
You only have to look at the avast alert information to see that the OP isn’t clicking on that website. The process responsible for trying to connect to a malicious site is c:/ System32/wscript.exe and that is highly unusual/suspicious.
Some malware camouflages itself as wscript.exe, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the wscript.exe process on your PC to see if it is a threat.
Yes, I think the virus was passed on to my computer by a digital camera from a friend of mine … but as this retreat Malware from my computer? For the winscript.exe is a trustworthy file from Windows, but it is infected, how to remove this malware?
Follow the instructions in reply2 by Pondus and attach the logs back here in this thread for one of the malware specialists to help you ( essexboy probably since he has now noticed this thread ).
Well thousands before you have been able to download/run these tools, if you are experiencing a problem downloading and running these then post the error/alert that you are receiving.
Yes, all of them, I turn off the computer and turn on again, then the programs work correctly, but after a few minutes, appears “The threat has been detected”, and there’s more to use porgramas, they close themselves … and always when I go off is as if open programs, but as they were invisible. Would solve the problem if I did a system restore to another date?
OK we will need to temporarily delete the wscript file
Go to C:\Windows\system32
Right click Wscript.exe
Select Properties
Select Security Tab
Select Advanced
Select Owner
Select Edit
Select your account
Click Apply
OK the warning
Click OK
Then delete the file
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs