« previous next »
Pages: [1]   Go Down

Author Topic: Infected wscript.exe  (Read 1080 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Infected wscript.exe
« on: March 11, 2018, 08:05:04 AM »
Recently I've been receiving notif from avast telling me that wscript.exe has been infected with VBS:Downloader-ATF [Trj] and is moved to the chest. However, the chest was empty when I checked. I doubt that the virus has been deleted as I've gotten this warning for at least 10 times, anyone could help me with this?
Logged

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>> Avast Forum - Deutschsprachiger Bereich <<<
Re: Infected wscript.exe
« Reply #1 on: March 11, 2018, 02:23:53 PM »
Start a topic in V&W and post your logs there: https://forum.avast.com/index.php?action=post;board=4
Logged
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline PDI

  • Avast team
  • Full Member
  • *
  • Posts: 159
Re: Infected wscript.exe
« Reply #2 on: March 11, 2018, 11:14:45 PM »
Hi,

download the autoruns from here https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns and go to tasks page. Look for task which spawns wscript. It may have name starting with Yahoo or Chromium.

Delete that task and you will get rid of this.

Regards,
PDI
Logged
Pages: [1]   Go Up
« previous next »