Wscript.exe infection

yesterday it said my wscript was infected with cmd downloader trj now and had been moved to chest but nothing was in there and i kept getting pop ups. Now my avast has been telling me that it has these in chest every hour : “wscript.exe infected with vbs:downloader-atj [trj]” AND “cete.txt” ). It keeps popping every hour :cry:

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

This is it

Hi Deli,

you have to remove task “Chromium medor” via autoruns.
This is in Addition.txt - Task: C:\WINDOWS\Tasks\Chromium medor.job => Wscript.exe C:\ProgramData{419984FA-CBDB-0E3C-4D1D-907ED75F1BB0}\cete.txt <==== ATTENTION

Regards,
PDI

I was able to delete it when I run as admin but it reappeared in tasks and now says access denied

Try to restart the PC and check it once again.

Regards,
PDI

  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
Task: {0123F5BA-CB11-4F06-9A09-6FA8914AD985} - \Chromium medor -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Chromium medor.job => Wscript.exe  C:\ProgramData\{419984FA-CBDB-0E3C-4D1D-907ED75F1BB0}\cete.txt <==== ATTENTION
VirusTotal: C:\ProgramData\{419984FA-CBDB-0E3C-4D1D-907ED75F1BB0}\cete.txt
C:\ProgramData\{419984FA-CBDB-0E3C-4D1D-907ED75F1BB0}
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Here

cete.txt is in my avast virus chest now
and i can’t find chromium in my tasks

What is system status now? Does Avast still detect “Wscript.exe infection”?

No the avast notifications stopped.
I don’t know if it has anything to do with the restarting difficulty but I guess that’s windows

In that case

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.