wscript.exe/ituneshelper.vbs infected laptops (shortcut virus) help needed

hello all,

I currently have two laptops infected with the so called short cut virus (wscript.exe/ituneshelper.vbs) and need help fully cleaning them,
Laptop 1 (lenovo) exhibited large ram usage by wscript.exe (0.5GB) and hid all files on USB/SD cards attached to it and making only shortcuts visible, it also loaded ituneshelper.vbs onto them,
Laptop 2 (toshiba) has exibited no performance loss but still has the infected wscript.exe in the system32 folder

My first question is would it be better to have one thread for each laptop or use one thread for both with well labelled attachments and replies?

currently in the process of aquiring mbam and OTL logs

regards

Pizza

http://forum.avast.com/index.php?topic=53253.0

You can use one topic …but clean one computer first then the next

Removal experts are notified

Hi,

Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

.

lenovo mbam and OTL logs

farbar logs

Please download Anti-VBSVBEx64.exe on your Desktop

[*]Double click to run the tool and wait until it finishes.
[*]It will make a log named Anti-VBSVBE.txt. Please attach it to your reply.

Rerun FRST (Farbar Recovery Scan Tool)

Please attach it to your reply.

anti-vb an farbar 2

Check USB storage devices / removable drives

Download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.

When all scanning is done, you need to attach a logreport that MCShield has created.

Start → All Programs → MCShield → Logs

Attach here → AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

mcshield all scan

Do you have a problem now?

USB drives appear to be clean when connected and ejected and the rogue process is gone so i’d say not,
would it be advantageous to run McShield before connecting USB devices in future to prevent this occurring again?

I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

this i shall do,
thank you very much for the help in fixing my computer
you guys are fighting the good fight
regards and thanks
Pizza

Mods please feel free to close this topic as i believe my problems to be solved