How to Remove VBS/Ritart.worm?

[shaythong]

I have Windows Defender, Vista Home Premium, and Avast Home Edition. Then I downloaded a game then the next startup I saw stuff in all of my document folders, and desktop with names like "Readme.vbs", "Girls.vbs", and "Money.vbs" I think.

I'm not really sure how to remove this "VBS/Ritart.worm". I might have another virus/worm but I'm not really sure. This is a new computer and I really need help on how to remove and clean out the weird files. Thanks.

[essexboy]

First off I will need to see what is what

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
  
• When it has finished, dss will open two Notepads main.txt and extra.txt  -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[shaythong]

First off I will need to see what is what

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
  
• When it has finished, dss will open two Notepads main.txt and extra.txt  -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Also when I start my computer some Microsoft Office 07 opens up with "Cannot open C:\Windows\System32\.doc".
Plus the files have gotten onto my Flash drive and iPod? What do I do?

[essexboy]

Found it.  The following programmes must be run by Right clicking and selecting Run as Adminstrator

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt2.exe to run it.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

Code: [Select]

C:\Users\Admin\Money.vbs
C:\Users\All Users\Girls.vbs
C:\Users\All Users\Readme.vbs
C:\Users\All Users\Money.vbs
C:\Users\Admin\.thumbnails
C:\Users\Admin\AppData\Roaming\Tartule.vbs
C:\Users\Admin\AppData\Roaming\Girls.vbs


• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code: [Select]
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Tartule

  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
    
    
  • Click the red Moveit! button.
    
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    
  • Close OTMoveIt2
    
  If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  
  THEN
  
  Download ComboFix from Here or Here to your Desktop.
  
  • Double click combofix.exe and follow the prompts.
    
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    
  Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  
  
  Combofix may take up to 2 minutes to Initialise on Vista