Infected wscript.exe causing malware URL

[sunbun]

Here is the log. ccleaner, OTL and adwcleaner can be opened now. wscript.exe can no longer be seen running in the process tab in the task manager. I think you have done it!

[argus]

Please new OTL log.

[sunbun]

Here is the new OTL log.

[argus]

This looks good.



Re-run OTL.exe.

• Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  
  

Code: [Select]

:files
C:\81758
C:\Users\Sunbun\AppData\Roaming\80ed
C:\Users\Sunbun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js

:commands
[emptytemp]


• Then click the Run Fix button at the top.
  
• Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

.


Step2



Please download Malwarebytes AntiRootkit and save it to your desktop.
http://www.malwarebytes.org/products/mbar/

Full instructions how to use MBAR
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit
    Please note: This is a beta version so please be sure to read the disclaimer and note of it.

• Unzip/unrar MBAR in a folder to your Desktop
• Open the folder where the contents were unzipped to run mbar.exe
  
  
• Click on Next > then on Update button to download fresh definitions.
  
• When database updates click Next
  
• In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"
  
  
• If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
  Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.
  
  
• The Clean up procedure will be Scheduled for process.
• When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
  

>> Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.

[sunbun]

It says that no cleanup is required.

[argus]

Do you have any reports?

[sunbun]

You mean this log? There no longer any detection. I think its fine now. Thanks so much. What do I do all these files now? The OTL folder in C drive.

[Pondus]

You mean this log? There no longer any detection. I think its fine now. Thanks so much. What do I do all these files now? The OTL folder in C drive.

argus will remove the tools used when he is back.   

[argus]

I'm back 

Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.

[sunbun]

Sorry it took so long I was sleeping. That's done, anything else?

[argus]

That's done, anything else?

Remove the F partition autorun.inf.vir file.

14/6/2013 6:45:22 PM > Drive F: - scan started (Elements ~932 GB, NTFS HDD )...

>>> F:\autorun.inf > Suspicious > Renamed.


=> Suspicious files  : 1/1 renamed.

You mark as on the image:





How's your computer behaving now?

[sunbun]

I removed it. It's behaving fine. Thanks so much for your help!

[argus]

Cheers