wscript and wVx4rt.exe

[REDACTED]

Hi. Recently, and I mean, in the latest two days I've been getting Avast pop-ups (yes, I use both Avast and Malwarebytes), about a malware named wVx4rt.exe. Apparently, this virus is called, every time, from wscript.exe as if it was the one creating it. Now, I can't really understand where this virus comes from. I tried a scan with Malwarebytes but it found nothing, even if some days ago I did one and I had like 5 malwares but it was before any of this happened. I'm somewhat scared since it appears to be a remote control virus.

I've attached a few pictures here so that you can see. By the way, --nessun virus-- means --no virus--, but this happened after I scanned them afterwards.

Regards,

Nico.

[Eddy]

https://forum.avast.com/index.php?topic=53253.0

[dbrisendine]

Please provide the logs requested; this could be a "fileless" malware that hides in the registry.  The logs will show.

[REDACTED]

Apologies for not including them earlier. I admit I somewhat panicked and hurried. Although, today I sat down and should hopefully possess all the logs needed. I'm not sure whether this will show the virus or not, since whenever I start up, Avast immediately detects wscript's actions and blocks wVx4rt, deleting it shortly after.

[Pondus]

upload and test suspicious file(s) here  >  virustotal.com  /  metadefender.com  /  jotti.org
If file is tested before, always click rescan for a fresh result

Post link to scan result here

[Eddy]

A good start would be removing all illegal software.

[REDACTED]

upload and test suspicious file(s) here  >  virustotal.com  /  metadefender.com  /  jotti.org
If file is tested before, always click rescan for a fresh result

Post link to scan result here

https://virustotal.com/it/file/d5f10ee3dd8345306485b6da0e5e01da164cc344e8f959f42457fb497f6c7212/analysis/1474731067/

For some reason, it seems positive, although 2 minutes later I've received the same warning from Avast.

A good start would be removing all illegal software.

I've removed Adobe, which was the most recent; plus, Avast did warn me about its crack patch being a virus, and it's also the one I mostly suspect of, as this virus came out at the time I installed this. And, a few others which were pretty much the only illegal software I had. Yet, it didn't really give too much of a result.

P.S: A few days ago, I used Malwarebytes for a simple scan and I've found a virus related to InstallShield. Which is also what this virus' product is: InstallShield Update Service Scheduler. I'm not sure whether this is relevant or not, but right now, Malwarebytes doesn't find me any other virus. Probably because Avast immediately deletes it, yet it appears again as I start up my computer.

[Eddy]

It is a start, now have some patience.
Someone will soon have a look at the log files and guide you.

[REDACTED]

Very well then, I'll be waiting for further instructions from someone who's knowledgeable with how to deal with this. I can only hope it'll be soon enough. I can't say I'm way too comfortable with this thing in my computer.

[dbrisendine]

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Fraps (remove only)

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window. 

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.


Tell me how your system is running now, please.

[REDACTED]

First off, thank you very much as I followed your instructions and the moment my Computer started up I received no warning, and most especially neither wscript nor wvx4rt.exe were running! My system seems to be working just fine.

Again, thank you. This virus had been annoying me a lot lately.

[dbrisendine]

Alright then; let's clear the tool and get a clean start point for you set up ...

Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

• Download Delfix from here to your desktop and double click it to start the program
  
• Ensure Remove disinfection tools is ticked
  Also tick:
  
• Create registry backup
• Purge system restore

• Click Run
  
• The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system.  Please attach the log in your next reply.
  

You can delete any log files left on your desktop as these are no longer needed.

[REDACTED]

Everything should be fine now. I ran the program and made sure that; remove disinfection tools, create registry backup and purge system restore were ticked. I didn't tick Activate UAC and Reset System Settings since they're not listed in your post, so please tell me if I had to. Here is the log.

[dbrisendine]

You did everything proper and you are good to go.  Thanks for the log and have great rest of the season.  Come back anytime you need help.