Unable to find the .vbs script file

 Does anyone know what this is about?

Your antivirus did its job by intercepting and deleting those .VBS files.

Only their remaining loading points in the registry are still trying to launch these .VBS without success, causing this error message.

Also.

The loading point comes either from Startup or from a scheduled task.

Problem, if there is? There might be something else generating this infection.

So.

Your computer should be investigated with FRST, whose main task is to display the loading points; of Windows and software. And since infections must use the same loading points to activate, if there is an infection, it will be displayed.

Additionally, FRST even displays errors from Event Viewer and Device Manager, etc., etc.

.

After researching with; startupcheck.vbs and maintenance.vbs.

They would be launched in the scheduled tasks, from the folder ..\Microsoft\..;

....\Microsoft\Windows\Application Experience\StartupCheckLibrary

....\Microsoft\Windows\Maintenance\InstallWinSAT

For each task.
● Check in [Actions] if it’s your files that are called to be launched.
● And if it matches the searched .VBS, delete those scheduled tasks.
«« Be sure, at the risk of damaging your system. »»

And, or.

As there may be something else.

Follow this procedure to generate & post FRST reports.

If on the computer there is a folder "C:\Programmes (x86)" or "C:\Program Files (x86)".
Then,
● Download the 64-bit version of FRST or else, the 32-bit version.
⇨ Link https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

● Run FRST64.Exe (or FRST.Exe) and click on [Scan]. «« Image further »»

After a delay, the reports FRST.txt and Addition.txt will open on the screen.
The reports are in the same folder where FRST.Exe is launched and in C:\FRST\logs\..

● ● Post the links https//.. of the reports through the hosting site CJoint.com

Cjoint.com in image→ https://www.cjoint.com/doc/24_02/NBvrXyKxaal_Cjoint.jpg

Hello Wizdo,

Thank you very much for your reply!

Here is the link for the FRST file: https://www.cjoint.com/c/NDcxp13zihw

And here is the link for the Addition file: https://www.cjoint.com/c/NDcxq2YWl8w

I ran FRST following your recommendations closely. I have an SSD where my OS is located and an HDD where the most important part of my data is stored; if FRST only analyzes my SSD, are there any other precautions I should take?

Thanks again for your replies

Marker_

 I have an SSD where my OS is located and an HDD 

==================== Drives ================================

Drive c: () (Fixed) (Total:464.44 GB) (Free:297.81 GB) (Model: KINGSTON SA2000M8500G) NTFS

Drive d: (Disk 1A) (Fixed) (Total:3726.01 GB) (Free:560.27 GB) (Model: ST4000NE001-2MA101) NTFS

____________________________________________

● Restart FRST64.Exe by right-clicking; As Administrator.

● Copy (from Start:: to End::) the following Web page; https://www.cjoint.com/doc/24_04/NDcxPVSmWKl_ScriptFRST.txt

● In the FRST window, →   click on [Fix].  «« image »»

.. The computer will restart.

● ● Post the Fixlog.txt report via CJoint.com

Hello,

Thank you very much! It already seems much better!

Here is the Fixlog link: https://www.cjoint.com/c/NDdahCZou4w

Thank you!

​
The Windows Web Shield only protects EDGE and Internet Explorer.
Chrome, Firefox, and their forks only have access to their security extensions.

Nevertheless. There are Windows Defender Web Shield extensions available in the Chrome & Firefox stores. However, if an infection is detected on a webpage by the Windows Defender extension, Edge opens and takes over, leaving Chrome / Firefox behind.

- In the Chrome store = Microsoft Defender Browser Protection,
- And with Firefox = Application Guard Extension.

.

Another vulnerability, very important however.

Because the Windows firewall (by default) allows everything that is installed on the computer to communicate over the internet via outbound traffic. «« Image »»

This implies that just like installed applications, infections that manage to bypass the antivirus vigilance and install themselves are allowed (by default) to go to and fro on the internet via outbound traffic.

What.., we can go to and fro on the internet with outbound traffic?
Certainly.
With all firewalls→ outbound traffic allows for bidirectional communication, sending (..via remote ports) and receiving (..via local ports) data & files over and from the internet.

And inbound traffic (..with an added rule) has practically only one utility ⇨ to speed up the transfer of data / files, with software requiring a boost in transfer speed. For example, with FTP downloads, P2P, streaming games, VPNs like TeamViewer, teleconferencing ..

«« Few software are designed to run in tandem → in Input/Output.»»

In short. 

This is something noticeable with the Windows firewall, where (by default) → everything is blocked in inbound traffic
             → and everything is allowed in outbound traffic. 
So. 
If we manage to simply open webpages on our computers or download files.  It's definitely because browsers go and come on the internet via outbound traffic, since the inbound traffic is blocked and browsers do not have a rule allowing ports 80(http), 443(https) in the inbound traffic.

In any case.

If the Windows firewall allows it to be as efficient as any other firewall. Because it does nothing automatically → it intercepts no process trying to access (the TCP/IP stack) the internet, with an authorization window to validate. The user is forced to create rules for all their applications and even more complicated, for all the update processes of applications and drivers. Also. We are practically obliged to use FRST to trace all the update processes. So.  It's too complicated and it doesn't interest everyone.

Authorization windows only pop up "when" installing software. And because the registry section where the rules are entered is protected for writing. The whitelist pre-authorizes TeamViewer and shows an authorization window for P2P.

It would be preferable to install a third-party firewall.  There are some effective free ones.

​

Thank you very much, I will take note of the third-party firewall!
Have a nice day!