Video 3gp
Solved
Alex
-
Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention -
Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention -
Hello, I am currently experiencing the same type of problems as described above, so I performed the recommended analysis with FRST.
Here are the results
http://pjjoint.malekal.com/files.php?id=20170408_f7k10y15w10w6
http://pjjoint.malekal.com/files.php?id=FRST_20170408_e14p13e12n8v14
Thank you in advance.
Best regards
Configuration: Windows / Firefox 52.0
Here are the results
http://pjjoint.malekal.com/files.php?id=20170408_f7k10y15w10w6
http://pjjoint.malekal.com/files.php?id=FRST_20170408_e14p13e12n8v14
Thank you in advance.
Best regards
Configuration: Windows / Firefox 52.0
4 answers
-
Hi,
1°)
To protect yourself from removable infections of the Wscript (Windows Script Host) type
Download and install Marmiton
Click Disable at the Windows Script Host level.
Marmiton will block malicious scripts (VBS, VBE, JavaScript, etc) that are used to spread ransomware like Locky.
2°)
Here is the correction to perform with FRST. You can refer to this explanatory note with screenshots.
Open Notepad: Windows key + R,
In the "Run" field, type notepad and OK.
Copy/paste the following into it:CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2238227539-3095420173-4095859838-1001\...\Run: [Format Factory] => Cmd.exe /c start WScript.exe /e:VBScript.Encode C:\Users\accueil de loisirs\AppData\Roaming\Video.3gp
C:\Users\accueil de loisirs\AppData\Roaming\Video.3gp
EmptyTemp:
RemoveProxy:
Reboot:
Once the text is pasted into Notepad,
Go to "File" then "Save as",
On the left, choose Desktop,
In the bottom field, file name enter: fixlist.txt
Click "Save", this will create fixlist.txt on the Desktop.
Relaunch FRST and click the "Fix / Corriger" button
A restart may be required (not mandatory)
A text file will appear, copy/paste its contents here in a new message.
Restart the computer.
3°)
You need to disinfect your USB drives.
1°) Connect all USB keys and other removable devices.- Download Remediate VBS Worm
- Run Rem VBS.
- Run the option B
- Type the drive letter of the USB key, for example, E and press Enter
[color=red]WARNING: DO NOT SPECIFY YOUR HARD DRIVE LETTER![/color]- Go to "My Computer" then drive "C", a report "Rem-VBS.log" should be found there.
Open this report with Notepad and copy/paste its contents here in a follow-up response.
Please press any key to continue the disinfection... -
Thank you for your help and your speed.
Here are the reports:
http://pjjoint.malekal.com/files.php?id=20170408_w10u6j6g12o12
http://pjjoint.malekal.com/files.php?id=20170408_z10q5x8w9o8 -
Okay, were you able to clean your USB keys?
--
Please press any key to continue disinfecting... -
Sorry, I wasn't at my workstation anymore.
Yes, I was able to clean my USB drives.
Thank you very much, have a good day