I currently have two laptops infected with the so called short cut virus (wscript.exe/ituneshelper.vbs) and need help fully cleaning them,
Laptop 1 (lenovo) exhibited large ram usage by wscript.exe (0.5GB) and hid all files on USB/SD cards attached to it and making only shortcuts visible, it also loaded ituneshelper.vbs onto them,
Laptop 2 (toshiba) has exibited no performance loss but still has the infected wscript.exe in the system32 folder
My first question is would it be better to have one thread for each laptop or use one thread for both with well labelled attachments and replies?
currently in the process of aquiring mbam and OTL logs
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that MCShield has created.
Start → All Programs → MCShield → Logs
Attach here → AllScans.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
USB drives appear to be clean when connected and ejected and the rogue process is gone so i’d say not,
would it be advantageous to run McShield before connecting USB devices in future to prevent this occurring again?
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.