wscript.exe

Hi,
I need help
When i insert my pendrive iTunesHelper.vbe is automatically generated in it
I found this is generated due to wscript.exe

   Please help in solving the issue.

Hi there we will need to clean all USBs and remove the bad boys

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG

Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

THEN

Download Anti VBS/VBE to your desktop

[]download the appropriate version (32 bit or 64 bit) and double click the file to run it.
[
]After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
[*]Post that report

Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run

FINALLY

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[]Select LOP and Purity
[
]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir “%systemdrive%*” /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

Hai…

As you have instructed i have attached the files.

Hi.

I have missed a file.

Could you confirm that the USB’s are now OK

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2014/01/30 14:30:08 | 000,063,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobogenie\MgAssist.exe -- (MgAssistService)
IE - HKU\S-1-5-21-1208941511-1268642884-337046589-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/?q={searchTerms}&affID=120307&babsrc=SP_ss&mntrId=441929210000000000005a3e8eb35443
IE - HKU\S-1-5-21-1208941511-1268642884-337046589-1001\..\SearchScopes\{975E8216-47E6-473D-9735-56F2656E1B65}: "URL" = http://www.mysearchresults.com/search?c=2402&t=15&q={searchTerms}
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
[2014/02/23 16:52:42 | 000,000,000 | ---D | M] -- C:\Users\balraj\AppData\Roaming\newnext.me
[2013/10/08 22:19:56 | 000,000,000 | ---D | M] -- C:\Users\balraj\AppData\Roaming\OpenCandy
[2013/08/04 19:43:37 | 000,000,000 | ---D | M] -- C:\Users\balraj\AppData\Roaming\systweak

:Files
C:\Program Files (x86)\Mobogenie

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Hello…

 Thanks there is some improvement.
 by the help of mcshield the pendrive was blocked from that.
 But now too i should follow the last reply by you.

Yes continue the fixes to get you clean

Hai…

AS you have instructed i have attached

That looks better, how is the computer behaving now ?

Hai…

   Thank a lot.....
   But the start menu icons (windows 8) are disabled it dosent matter i will get back.

  Thank you once again if i found any issue i will come back.

Thank you…