Video 3gp

Solved
Alex -  
Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   -
Hello, I am currently experiencing the same type of problems as described above, so I performed the recommended analysis with FRST.

Here are the results
http://pjjoint.malekal.com/files.php?id=20170408_f7k10y15w10w6
http://pjjoint.malekal.com/files.php?id=FRST_20170408_e14p13e12n8v14

Thank you in advance.

Best regards

Configuration: Windows / Firefox 52.0

4 answers

  1. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
     
    Hi,

    1°)
    To protect yourself from removable infections of the Wscript (Windows Script Host) type
    Download and install Marmiton
    Click Disable at the Windows Script Host level.
    Marmiton will block malicious scripts (VBS, VBE, JavaScript, etc) that are used to spread ransomware like Locky.

    2°)

    Here is the correction to perform with FRST. You can refer to this explanatory note with screenshots.
    Open Notepad: Windows key + R,
    In the "Run" field, type notepad and OK.
    Copy/paste the following into it:

    CreateRestorePoint:
    CloseProcesses:
    HKU\S-1-5-21-2238227539-3095420173-4095859838-1001\...\Run: [Format Factory] => Cmd.exe /c start WScript.exe /e:VBScript.Encode C:\Users\accueil de loisirs\AppData\Roaming\Video.3gp
    C:\Users\accueil de loisirs\AppData\Roaming\Video.3gp
    EmptyTemp:
    RemoveProxy:
    Reboot:

    Once the text is pasted into Notepad,
    Go to "File" then "Save as",
    On the left, choose Desktop,
    In the bottom field, file name enter: fixlist.txt
    Click "Save", this will create fixlist.txt on the Desktop.

    Relaunch FRST and click the "Fix / Corriger" button
    A restart may be required (not mandatory)
    A text file will appear, copy/paste its contents here in a new message.

    Restart the computer.

    3°)
    You need to disinfect your USB drives.

    1°) Connect all USB keys and other removable devices.
    • Download Remediate VBS Worm
    • Run Rem VBS.
    • Run the option B
    • Type the drive letter of the USB key, for example, E and press Enter

    [color=red]WARNING: DO NOT SPECIFY YOUR HARD DRIVE LETTER![/color]
    • Go to "My Computer" then drive "C", a report "Rem-VBS.log" should be found there.

    Open this report with Notepad and copy/paste its contents here in a follow-up response.

    Please press any key to continue the disinfection...
    2
  2. Alex
     
    Thank you for your help and your speed.

    Here are the reports:

    http://pjjoint.malekal.com/files.php?id=20170408_w10u6j6g12o12

    http://pjjoint.malekal.com/files.php?id=20170408_z10q5x8w9o8
    0
  3. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
     
    Okay, were you able to clean your USB keys?

    --
    Please press any key to continue disinfecting...
    0
  4. Alex
     
    Sorry, I wasn't at my workstation anymore.
    Yes, I was able to clean my USB drives.
    Thank you very much, have a good day
    0
    1. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
       
      great :)

      good luck!
      0