Windows Script Host virus video.3gp
Solved
kawazzaki
Posted messages
3
Status
Member
-
Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention -
Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention -
Hello,
So after reading the instructions given in another topic, I am posting the reports generated by the FRST software, sincerely hoping for your help because I really don't know what to do. In summary, my problem is that every time I start Windows I get a Windows Script Host error message saying it cannot find the file video.3gp.
.
https://pjjoint.malekal.com/files.php?id=20170202_q8l5t10f15k13 https://pjjoint.malekal.com/files.php?id=20170202_j8j12y13e1310
https://pjjoint.malekal.com/files.php?id=FRST_20170202_v13n8l15d12p7
Thanks in advance to everyone who will help me.
So after reading the instructions given in another topic, I am posting the reports generated by the FRST software, sincerely hoping for your help because I really don't know what to do. In summary, my problem is that every time I start Windows I get a Windows Script Host error message saying it cannot find the file video.3gp.
.
https://pjjoint.malekal.com/files.php?id=20170202_q8l5t10f15k13 https://pjjoint.malekal.com/files.php?id=20170202_j8j12y13e1310
https://pjjoint.malekal.com/files.php?id=FRST_20170202_v13n8l15d12p7
Thanks in advance to everyone who will help me.
2 answers
Hello,
Here is the correction to be made with FRST. You can refer to this explanatory note with screenshots.
Open Notepad: Windows key + R,
In the "Run" field, type notepad and click OK.
Copy/Paste the following into it:
Once the text is pasted into Notepad,
Menu "File" then "Save As",
On the left, go to the Desktop,
In the field at the bottom, file name put: fixlist.txt
Click "Save", this will create fixlist.txt on the Desktop.
Restart FRST and click the "Fix" button
A restart may be necessary (not mandatory)
A text file will appear, copy/paste the content here in a new message.
Restart the computer.
2/
To protect yourself from removable infections like Wscript (Windows Script Host)
Download and install Marmiton
Click on Disable for Windows Script Host.
Marmiton will block malicious scripts (VBS, VBE, JavaScript, etc.) that are used to spread ransomware like Locky.
3/
To clean removable disks, follow the tutorial steps in order: insert one by one your USB keys and external hard drives that you have to clean. Then send the reports to http://pjjoint.malekal.com/ and provide the links to these reports so that we can review them.
1°) Remediate VBS Worm
1°) Connect all USB keys and other removable devices.
[color=red]WARNING: DO NOT INDICATE THE DRIVE LETTER OF YOUR HARD DRIVE![/color]
Open this report with Notepad and copy/paste the content here in your next reply.
Please press any key to continue the disinfection...
Here is the correction to be made with FRST. You can refer to this explanatory note with screenshots.
Open Notepad: Windows key + R,
In the "Run" field, type notepad and click OK.
Copy/Paste the following into it:
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3944971644-2381685424-4272605729-1000\...\Run: [Format Factory] => Cmd.exe /c start WScript.exe /e:VBScript.Encode C:\Users\PC®\AppData\Roaming\Video.3gp
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
Once the text is pasted into Notepad,
Menu "File" then "Save As",
On the left, go to the Desktop,
In the field at the bottom, file name put: fixlist.txt
Click "Save", this will create fixlist.txt on the Desktop.
Restart FRST and click the "Fix" button
A restart may be necessary (not mandatory)
A text file will appear, copy/paste the content here in a new message.
Restart the computer.
2/
To protect yourself from removable infections like Wscript (Windows Script Host)
Download and install Marmiton
Click on Disable for Windows Script Host.
Marmiton will block malicious scripts (VBS, VBE, JavaScript, etc.) that are used to spread ransomware like Locky.
3/
To clean removable disks, follow the tutorial steps in order: insert one by one your USB keys and external hard drives that you have to clean. Then send the reports to http://pjjoint.malekal.com/ and provide the links to these reports so that we can review them.
1°) Remediate VBS Worm
1°) Connect all USB keys and other removable devices.
- Download Remediate VBS Worm
- Start option B
- Type the letter of the USB key, for example, E and hit enter
[color=red]WARNING: DO NOT INDICATE THE DRIVE LETTER OF YOUR HARD DRIVE![/color]
- Go to "My Computer" then drive "C", a report "Rem-VBS.log" should be there.
Open this report with Notepad and copy/paste the content here in your next reply.
Please press any key to continue the disinfection...
fixlog.txt: https://pjjoint.malekal.com/files.php?id=20170203_q10f9d5n13m5