Hello!
I have a problem here. Two days ago i got notification on a facebook about someone posting something in one of public groups, just clicked on " mark as read" to remove notification and since then i keep having this pop up. It wont stop beeping and i tried scan, boot scan, anti malware and all kind of stuff to fix it, but not helping.
this is what i get:
" Object: http://ahmedmeissara.ddns.net:888/is-ready
Process: C: windows> system32> wscript.exe"
There’s no that " wscript. exe" that i can find in that folder system32.
Last thing i’ve tried was ComboFix that someone suggested on avast forum.
Please help T_T
Last thing i've tried was ComboFix that someone suggested on avast forum.Never run Combofix unless instructed to do so by a trained and certified malware remover
follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes / Farbar Recovery Scan Tool / aswMBR logs
Hi!
I did all that you asked from me and here are the logs.
Forgot to mention that i found a file ( document ) that is named the same as the one i saw that arabic guy posted in facebook group. I saved it as a text doc and attached, maybe helps. tywm!
First submission 2014-08-17 15:37:36 UTC ( 3 dager, 22 timer siden )
https://www.virustotal.com/nb/file/72858decd32430e9a820beab0b52e578d59ec25f42176b89d62da9b4ad58c273/analysis/1408629979/
malware removal team is notified…it may take some time before they are online
Let me know if this stops it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKLM\...\Run: [asda2 secrets] => wscript.exe //B "C:\Users\JOVANO~1\AppData\Local\Temp\asda2 secrets.vbs" <===== ATTENTION HKU\S-1-5-21-2093093177-4248395621-1716373638-1000\...\Run: [asda2 secrets] => wscript.exe //B "C:\Users\JOVANO~1\AppData\Local\Temp\asda2 secrets.vbs" <===== ATTENTION Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File 2014-08-21 14:46 - 2014-08-09 12:44 - 00069557 _____ () C:\asda2 secrets.vbs 2014-08-20 22:12 - 2014-01-01 11:35 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin 2014-08-09 12:44 - 2014-08-21 14:46 - 00069557 _____ () C:\asda2 secrets.vbs EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Download Anti VBS/VBE to your desktop
[]download the appropriate version (32 bit or 64 bit) and double click the file to run it.
[]After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
[*]Post that report
Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run
All finished. I noticed that file is gone. Thank you!
If all is well tomorrow let me know and I will tidy up