Author Topic: wscript.exe infected shortcut virus  (Read 64735 times)

0 Members and 1 Guest are viewing this topic.

zrex030

  • Guest
Re: wscript.exe infected shortcut virus
« Reply #30 on: December 11, 2013, 09:02:37 PM »
this latest instructions i will test tomorrow because yesterday i moved in to a dorm...
as soon as I use them,ill give zou all needed reports

Machiavelli

  • Guest
Re: wscript.exe infected shortcut virus
« Reply #31 on: December 12, 2013, 07:42:33 PM »
OK

topicnikola

  • Guest
Re: wscript.exe infected shortcut virus
« Reply #32 on: December 15, 2013, 01:47:44 AM »
Please help to solve the problem: WinUsbDriver.vbs on usb drive

I have the same problem as "zrex030"

I installed OTL.exe and in the next post, there are log files after OTL scan

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37614
  • Not a avast user
Re: wscript.exe infected shortcut virus
« Reply #33 on: December 15, 2013, 02:14:29 AM »
Please help to solve the problem: WinUsbDriver.vbs on usb drive

I have the same problem as "zrex030"

I installed OTL.exe and in the next post, there are log files after OTL scan
if you want help, start your own topic.....
helping multiple users in same topic will be chaos


Machiavelli

  • Guest
Re: wscript.exe infected shortcut virus
« Reply #34 on: December 15, 2013, 01:31:49 PM »
@ZREX) Any problems with the instructions?

zrex030

  • Guest
Re: wscript.exe infected shortcut virus
« Reply #35 on: December 26, 2013, 10:25:25 PM »
Pardon my delay in replying ,i had exams in these last weeks in december,ill go through instructions once I return to my home town...

Machiavelli

  • Guest
Re: wscript.exe infected shortcut virus
« Reply #36 on: December 27, 2013, 10:50:29 AM »
OK

Machiavelli

  • Guest
Re: wscript.exe infected shortcut virus
« Reply #37 on: January 05, 2014, 01:39:19 PM »
Sorry, but I can't wait always weeks for you? When are you at home?

zrex030

  • Guest
Re: wscript.exe infected shortcut virus
« Reply #38 on: February 05, 2014, 07:47:56 PM »
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-743841737-3555611461-1389555401-1001\Software\Microsoft\Windows\CurrentVersion\Run\\QuickDTV not found.
Registry value HKEY_USERS\S-1-5-21-743841737-3555611461-1389555401-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WinUsbDriver deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Dragan
->Temp folder emptied: 19169372 bytes
->Temporary Internet Files folder emptied: 5245897 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25197884 bytes
->Google Chrome cache emptied: 318114431 bytes
->Flash cache emptied: 829 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77418 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 834547912 bytes
 
Total Files Cleaned = 1.147,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02052014_194118

Files\Folders moved on Reboot...
C:\Users\Dragan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dragan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

zrex030

  • Guest
Re: wscript.exe infected shortcut virus
« Reply #39 on: February 05, 2014, 07:59:35 PM »
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.05.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Dragan :: DRAGAN-PC [administrator]

5.2.2014 19:52:23
mbam-log-2014-02-05 (19-52-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262359
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT2549263 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Data: j'` ľSěEŽľąK€1y -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Data: Expat Shield Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Dragan\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2549263 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Dragan\Local Settings\dpqs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Dragan\AppData\Local\dpqs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Dragan\AppData\Local\Conduit\CT2549263\Expat_ShieldAutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2549263\configutaion.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2549263\SetupIcon.ico (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2549263\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)

zrex030

  • Guest
Re: wscript.exe infected shortcut virus
« Reply #40 on: February 05, 2014, 08:06:46 PM »
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.05.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Dragan :: DRAGAN-PC [administrator]

5.2.2014 19:52:23
mbam-log-2014-02-05 (19-52-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262359
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT2549263 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Data: j'` ľSěEŽľąK€1y -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Data: Expat Shield Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{A060276A-53BE-45EC-8EBE-B94B1E803179} (PUP.Optional.Conduit) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Dragan\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2549263 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Program Files (x86)\Expat_Shield\prxtbExpa.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Dragan\Local Settings\dpqs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Dragan\AppData\Local\dpqs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Dragan\AppData\Local\Conduit\CT2549263\Expat_ShieldAutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2549263\configutaion.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2549263\SetupIcon.ico (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT2549263\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)

zrex030

  • Guest
Re: wscript.exe infected shortcut virus
« Reply #41 on: February 06, 2014, 12:03:19 AM »
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b93573ac7bc15f4ea9d20a7a0902de08
# engine=16955
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-05 10:52:40
# local_time=2014-02-05 11:52:40 (+0100, Central Europe Standard Time)
# country="Serbia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 46373 106905 0 0
# compatibility_mode=5893 16776573 100 94 17260 143270610 0 0
# scanned=278844
# found=29
# cleaned=0
# scan_time=12696
sh=284131F7B8D2E6CB68C93BA685BF6AD66EAE4C00 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebCake\WebCakeLayers.crx.vir"
sh=034BE991CB00B240F574CF8B7F0B1F407B1FD9B8 ft=1 fh=d540e00c2c6e80d8 vn="probably a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll.vir"
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V potentially unwanted application" ac=I fn="C:\Program Files (x86)\Expat_Shield\Expat_ShieldToolbarHelper.exe"
sh=9B3B44428CC80CC43F085AE514E7E16F7963EACC ft=1 fh=4c03fc1250fa29f9 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Program Files (x86)\Expat_Shield\ldrtbExpa.dll"
sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\Expat_Shield\tbExpa.dll"
sh=9B3B44428CC80CC43F085AE514E7E16F7963EACC ft=1 fh=4c03fc1250fa29f9 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\Dragan\AppData\LocalLow\Expat_Shield\ldrtbExpa.dll"
sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Dragan\AppData\LocalLow\Expat_Shield\tbExpa.dll"
sh=B0DDA232E578E8328DB270A6A62551F4378B7439 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AF potentially unsafe application" ac=I fn="C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\ArtRage Studio Pro v3.5.rar"
sh=F285CA7415AFC396DF7D2EB937BEF10181FC0BCE ft=1 fh=371f9e9cd5114eeb vn="a variant of Win32/Keygen.AF potentially unsafe application" ac=I fn="C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\ArtRage Studio Pro v3.5\ArtRage Studio Pro v3.5 and KeyGen\Tom_Da_Man KeyGen.exe"
sh=3AED7FEFD779C77E191327236AD484CFD356E17C ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.A potentially unsafe application" ac=I fn="C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\Crystal Fireplace.rar"
sh=90CAA1739957854FDB46D82C0049EB4DF3A5F36A ft=0 fh=0000000000000000 vn="a variant of Generik.MKCYKIZ trojan" ac=I fn="C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\The.Lost.Watch.II.rar"
sh=4DBFC69655DB54B9B01BBEB49C756038070486C7 ft=0 fh=0000000000000000 vn="a variant of Generik.MKIGFTC trojan" ac=I fn="C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\ValentineMusicbox.rar"
sh=7473B835981C9FF9FAF96F0533B05852B3FA152D ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Users\Dragan\Documents\Vuze Downloads\Nero 12 Platinum 12.0.020 + Patch + Key [EC].zip"
sh=3C9DD80D994CEA5C7433EA6DB711A816D69F6721 ft=0 fh=0000000000000000 vn="Win32/Packed.VMProtect.D trojan" ac=I fn="C:\Users\Dragan\Documents\Vuze Downloads\Anno 1404 with Venice Expansion Pack\3.Anno 1404 Venice.iso"
sh=CCF45102B1F9BF611AF59F6D34F3D67156A992AA ft=1 fh=7f1bb0d10ac87aba vn="a variant of Win32/CompuTrace.B potentially unsafe application" ac=I fn="C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe"
sh=BE39508491A069E0C88C3F769823AEBC0750BC72 ft=1 fh=5555cd62567f2668 vn="a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\12082013_171323\C_Program Files (x86)\Movies Toolbar\SafetyNut\del_DM_DLL_nsgD533.dll"
sh=498508A63996B59CD320B6AD85B8374293B03961 ft=1 fh=0a53a564154193ba vn="Win32/Toolbar.SearchSuite.F potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\12082013_171323\C_Program Files (x86)\Movies Toolbar\SafetyNut\del_DM_LL_nsgD533.dll"
sh=813DD415E4E78BA5D807C1FE672865EC901F27F6 ft=1 fh=e084a427af890bb5 vn="a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\12082013_171323\C_Program Files (x86)\Movies Toolbar\SafetyNut\del_mg_nsgD533.dll"
sh=A2B36D82ADFCB1B19186407AEB25FD5CA00CB3E8 ft=1 fh=315a6a7f5981a7fd vn="a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\12082013_171323\C_Program Files (x86)\Movies Toolbar\SafetyNut\x64\del_DM_LL_nsgD533.dll"
sh=EB0D400C4AD3BD3D5EE63D17A32696D84BF1E107 ft=1 fh=6b79e43a93336fdf vn="Win32/AdWare.Facetheme.F application" ac=I fn="C:\_OTL\MovedFiles\12082013_171323\C_Program Files (x86)\OApps\SelectionLinks.dll"
sh=61F5E5DDE8FFD917F83B368073C97FD25C1E42E0 ft=1 fh=004eb80d43cdc541 vn="a variant of Win32/Amonetize.H potentially unwanted application" ac=I fn="D:\Programi\AIMP Classic 1.77.6__3203_il2326862.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="D:\Programi\cbsidlm-tr1_13-VIMICRO_USB_PC_Camera_ZC0301PLH-ORG-76155.exe"
sh=0CFA584598B2A57AEB93A39B9409A899F1FE013D ft=1 fh=8e32dd1af1e395b4 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="D:\Programi\DTLite4454-0315.exe"
sh=C76824B2FBF91F4E09546650CAFC2F706F1F9711 ft=1 fh=5658728b264bf71e vn="Win32/OutBrowse.C potentially unwanted application" ac=I fn="D:\Programi\FlvPlayer.exe"
sh=3451A1ACDB9D6C4520923E732A6D7993E8197383 ft=1 fh=ed2a770def16c842 vn="Win32/Somoto.A potentially unwanted application" ac=I fn="D:\Programi\FreeYouTubeDownloaderInstaller.exe"
sh=1B1779831B4F293D9BB568D77EB561FEB96ABE66 ft=1 fh=bde4f805a81a8698 vn="a variant of Win32/4Shared.K potentially unwanted application" ac=I fn="D:\Programi\Friedrich Gerke - Kasna ...a i rano hriscanstvo.exe"
sh=67112FF10778696366E20309A551BAC45D40F26A ft=1 fh=d5d993d7cb04e4ef vn="Win32/iLivid.A potentially unwanted application" ac=I fn="D:\Programi\iLividSetup-r582-n-bc.exe"
sh=61083E81E89AB7F88ABA44E0C324AAA73880B571 ft=1 fh=d0211a03f51e965b vn="a variant of Win32/InstallCore.AF potentially unwanted application" ac=I fn="D:\Programi\mplayerl.exe"
sh=58C506D93FA108D2279F0801E3F1CD5C7AB36981 ft=1 fh=3c9d3175fad0644b vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="D:\Programi\YTDSetup.exe"

zrex030

  • Guest
Re: wscript.exe infected shortcut virus
« Reply #42 on: February 06, 2014, 12:15:40 AM »
 Results of screen317's Security Check version 0.99.79 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 51 
  Adobe Flash Player 12.0.0.43 Flash Player out of Date! 
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
 Mozilla Firefox 25.0.1 Firefox out of Date! 
 Google Chrome 28.0.1500.71 
 Google Chrome 28.0.1500.72 
````````Process Check: objlist.exe by Laurent````````[/u] 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

Machiavelli

  • Guest
Re: wscript.exe infected shortcut virus
« Reply #43 on: February 06, 2014, 08:06:09 PM »
Hello,

  • Step 1: Illegal Software Warning
In your logs I see some files which are related to illegal software like Cracks, Keygens etc. We don't support illegal software. With further assistance you agree that we remove all of your illegal software etc. - if not please say that and we won't fix your problem.

Illegal:

Code: [Select]
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\ArtRage Studio Pro v3.5.rar
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\ArtRage Studio Pro v3.5\ArtRage Studio Pro v3.5 and KeyGen
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\Crystal Fireplace.rar
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\The.Lost.Watch.II.rar
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\ValentineMusicbox.rar
C:\Users\Dragan\Documents\Vuze Downloads\Nero 12 Platinum 12.0.020 + Patch + Key [EC].zip
C:\Users\Dragan\Documents\Vuze Downloads\Anno 1404 with Venice Expansion Pack\3.Anno 1404 Venice.iso

  • Step 2: OTL Fix
  • Run OTL. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator)
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


Code: [Select]
:Commands
[CreateRestorePoint]

:Files
C:\Program Files (x86)\Expat_Shield
C:\Users\Dragan\AppData\LocalLow\Expat_Shield
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\ArtRage Studio Pro v3.5.rar
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\ArtRage Studio Pro v3.5\ArtRage Studio Pro v3.5 and KeyGen
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\Crystal Fireplace.rar
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\The.Lost.Watch.II.rar
C:\Users\Dragan\Desktop\wot modovi\desktop za obavezno sortiranje\Sajtovi\New folder (2)\New folder\New folder (2)\3PLANE~1\ValentineMusicbox.rar
C:\Users\Dragan\Documents\Vuze Downloads\Nero 12 Platinum 12.0.020 + Patch + Key [EC].zip
C:\Users\Dragan\Documents\Vuze Downloads\Anno 1404 with Venice Expansion Pack\3.Anno 1404 Venice.iso
C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
D:\Programi

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.
  • Step 3: CKScanner
Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the CKScanner.exe icon and select Run as Administrator)
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Machiavelli

  • Guest
Re: wscript.exe infected shortcut virus
« Reply #44 on: February 09, 2014, 02:20:53 PM »
The last warning before closing. Any problems with the instructions above?