1.reg VBS:Malware-gen infection; can't delete

By frbas16
Dec 21, 2007
  1. Hello,

    I have a VBS:Malware-gen infection in 1.reg according to Avast, avast can't delete it but can be moved to the chest and deleted from there. When windows restarts back up the warning is back. I have tried multiple programs as well as the guide on this site but the only things that they find are MRUs and tracking cookies.

    Multiple services are disabled including BITS, Windows Update, and the Security Center. Just recently I have been losing connectivity to the internet and I need to release and renew the ip address for it to work again.

    Any help would be appreciative.

    Attached Files:

  2. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    Hello frbas16 and welcome to TechSpot.

    Your computer is infected with malware.

    Very important: Malware infections can lead to identity theft, credit card misuse, loss of funds from bank accounts, etc. Therefore, I strongly recommend that you read this thread before proceeding further.

    If you decide to clean your system after reading the above thread, please do the following.

    Go and read the Viruses/spyware/malware preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HijackThis, ComboFix, and AVG Anti-Spyware logs as attachments, only after doing the above.

    Please post the results of the Panda Anti-rootkit scan as well.

    Regards :)

    This thread is for the use of frbas16 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
  3. frbas16

    frbas16 TS Rookie Topic Starter

    I am using Vista so i couldn't use Panda but i used AVG anti-root kit. I may be wrong but I couldn't find a way to get the log from AVG but it didn't find anything. I have already read both of the threads and followed the directions for them. And I wish to repair the computer. As a side note my computer had a corrupt driver for my DVD/CD drive, at this point i don't know if there is any connection between the two.
  4. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    Please post a fresh HijackThis log from normal mode, if possible.

    Regards :)
  5. frbas16

    frbas16 TS Rookie Topic Starter

    Here it is...
  6. kitty500cat

    kitty500cat TS Rookie Posts: 2,407   +6

    Sorry for the delay.

    Please download the attached file CFScript.txt and save it to your desktop.

    Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.

    Once ComboFix is done running, scan your system with HijackThis and place a check in the box next to the following entries (if there):

    O4 - HKLM\..\Run: [scvhost manager] scvhost32.exe

    O4 - HKLM\..\RunServices: [scvhost manager] scvhost32.exe

    Then post fresh ComboFix and HJT logs.

    Regards :)

    Attached Files:

  7. frbas16

    frbas16 TS Rookie Topic Starter

    it cool, i know everyone is busy around Christmas. Here are the new log files.

    Attached Files:

  8. momok

    momok TS Rookie Posts: 2,272


    Your logs look clean now.

    1. Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

    2. Turn off system restore (XP/ME only). Learn how to do that HERE.
      This will remove all the remaining nasties from your old restore points.

    3. After that turn system restore back on.
      This would have created a new safe and clean restore point for your system.

    4. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
      May I recommend you to read this article.
      This can help to prevent future infections.

    Should you have any further problems, please post in this thread.

    momok =)

    This thread is for the use of frbas16 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.