When I turned on my pc today avast started giving me messages that a threat was detected. I read on other topics that people got it from infected USB drives but i have not attached any usb drives and did not have this issue last night. The moment this message started was when i clicked on my homegroup under computer. I am not sure exactly what i need to run but i ran and attached logs from Mbam, aswMBR and Frst64.
URL hxxp://microsoftt.myvnc.com:1177/is-ready
Infection URL:Mal
Sorry for double post but would not let me post my screenshots as to many attachements
removal team is notified, it may take some hours before they are online
Thank you for the reply, this popup for threat detected has gone off over 400 times for me today lol.
Hello,
The first tool shall target this script worm and preform removal from hosts system. The second tool shall target the malware from USB devices as this is worm that like to spread using USB memory devices.
Please download Anti-VBSVBE and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double click to run the tool and wait until it finishes.
[*]It will make a log named Anti-VBSVBE.txt. Please attach it to your reply.
.
Please download MCShield from one of the following links:
MCShield -Official download link
[*]Double click on MCShield-Setup to install the application.
Next => I Agree => Next => Install … per installation click on Run! button.
[]Wait a few seconds to MCShield finish initial HDD scan…
[]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
[*]When all scanning is done, you need to post a logreport that MCShield has created.
Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.
=> Post here AllScanst.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
Sorry for taking to long had to run a errand. Logs attached.
Instructions how to disable avast:
• Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.
[i][size=7pt]- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
ComboFix shall also create addition log (typical location: C:\Qoobox\ComboFix-quarantined-files.txt)
=> Please attach that report (ComboFix-quarantined-files.txt) as well.
Logs attached
Hi,
We will execute CFScript but first you will need to opet TaskManager (right click on system tray > TaskManager) and under Processes kill any loaded wscript.exe process. This is legit process and we just need to stop that from running before we deploy CFScript.
Feel free to kill all wscript.exe you find. Then …
Open notepad and copy/paste the text present inside the code box below:
ClearJavaCache::
DirLook::
c:\program files\Common Files\Microsoft Shared\ink\journal.dll
c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
KillAll::
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft"=-
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
log attached
How is the computer running now?
It seems fine so far, message for detection hasn’t been coming up since running all that. Curious how i got it in the first place, did it come from a computer on my homegroup?
Edit: do i need to keep mc shield on my pc for now or was it only for the test?
Keep it. 
Thanks for the help magna86 and the rest of the avast team.
he is not finish yet … he will remove the tools used when all is OK
• The following will implement some post-cleanup procedures:
It is necessary to uninstall ComboFix :
[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
[*] In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
[*] then click OK (or press Enter ).
Wait for the uninstall process is complete.
.
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Thank you