Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: balraj on February 23, 2014, 07:14:24 PM

Title: wscript.exe
Post by: balraj on February 23, 2014, 07:14:24 PM

Hi,
      I need help
      When i insert my pendrive iTunesHelper.vbe is automatically generated in it
     I found this is generated due to wscript.exe

       Please help in solving the issue.

Title: Re: wscript.exe
Post by: essexboy on February 23, 2014, 07:29:45 PM

Hi there we will need to clean all USBs and remove the bad boys

Download MCShield (http://www.mcshield.net/) to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
(https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG)
Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

THEN

Download  Anti VBS/VBE (http://www.mcshield.net/download/tools/Anti-VBSVBE/) to your desktop

• download the appropriate version (32 bit or 64 bit) and double click the file to run it.
• After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
• Post that report

Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run

FINALLY

Download OTL (http://oldtimer.geekstogo.com/OTL.exe)  to your Desktop
Secondary link (http://www.itxassociates.com/OT-Tools/OTL.exe)

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

(https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif)

• Select All Users
  
• Select LOP and Purity
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach  both logs

Title: Re: wscript.exe
Post by: balraj on February 23, 2014, 09:03:20 PM

Hai..

  As you have instructed i have attached the files.

Title: Re: wscript.exe
Post by: balraj on February 23, 2014, 09:07:26 PM

Hi.

    I have missed a file.

Title: Re: wscript.exe
Post by: essexboy on February 23, 2014, 10:20:09 PM

Could you confirm that the USB's are now OK

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  (https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2014/01/30 14:30:08 | 000,063,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobogenie\MgAssist.exe -- (MgAssistService)
IE - HKU\S-1-5-21-1208941511-1268642884-337046589-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/?q={searchTerms}&affID=120307&babsrc=SP_ss&mntrId=441929210000000000005a3e8eb35443
IE - HKU\S-1-5-21-1208941511-1268642884-337046589-1001\..\SearchScopes\{975E8216-47E6-473D-9735-56F2656E1B65}: "URL" = http://www.mysearchresults.com/search?c=2402&t=15&q={searchTerms}
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
[2014/02/23 16:52:42 | 000,000,000 | ---D | M] -- C:\Users\balraj\AppData\Roaming\newnext.me
[2013/10/08 22:19:56 | 000,000,000 | ---D | M] -- C:\Users\balraj\AppData\Roaming\OpenCandy
[2013/08/04 19:43:37 | 000,000,000 | ---D | M] -- C:\Users\balraj\AppData\Roaming\systweak

:Files
C:\Program Files (x86)\Mobogenie

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

Title: Re: wscript.exe
Post by: balraj on February 24, 2014, 06:51:59 AM

Hello...

     Thanks there is some improvement.
     by the help of mcshield the pendrive was blocked from that.
     But now too i should follow the last reply by you.

Title: Re: wscript.exe
Post by: essexboy on February 24, 2014, 02:42:08 PM

Yes continue the fixes to get you clean

Title: Re: wscript.exe
Post by: balraj on February 24, 2014, 07:13:10 PM

Hai..

  AS you have instructed i have attached

Title: Re: wscript.exe
Post by: essexboy on February 24, 2014, 07:22:44 PM

That looks better, how is the computer behaving now ?

Title: Re: wscript.exe
Post by: balraj on February 24, 2014, 07:28:42 PM

Hai..

       Thank a lot.....
       But the start menu icons (windows 8) are disabled it dosent matter i will get back.

      Thank you once again if i found any issue i will come back.
Thank you................