Please follow these steps,
Remember to back up the registry, see how
HERE Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows
NT>CurrentVersion>Winlogon
In the right panel, locate the entry:
Userinit = "%System%\userinit.exe,%System%\wscript.exe "%system%\killVBS.vbs""
Right-click on the value name and choose Modify. Change the value data of this entry to:
C:\Windows\System32\userinit.exe,
Close Registry Editor.
Right-click Start then click Search
In the Named input box, type:
AUTORUN.INF
In the Look In drop-down list, select a drive, then press Enter.
Select the file, then open using Notepad.
Check if the following lines are present in the file:
[AutoRun]
shellexecute=wscript.exe killVBS.vbs
If the lines are present, delete the file.
Repeat steps for AUTORUN.INF files in the remaining removable drives.
Close Search Results.
I need you to follow all the steps
HERE and then post back with the three requested logs as
attachments
- AVG antispyware
- ComboFix
- Hijackthis (step 15)
Dont forget to make sure that AVG is set to
quarantine the results, that HJT is the last step and to let us know the results of the antirootkit scan.
Good luck and welcome to techspot.
This thread is for the use of silentx only.
Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
