TechSpot

stubborn VBS.SOLOW - HELP!

By suk
Aug 16, 2007
  1. Hi!
    My home computer has been infected by this nasty vbs.solow virus - it must have been there for a while because now i can't double click on the drive letters on the computer to open them (apparently this is a symptom). I have run Hijack this and fixed the entries marked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TAGA ESTI, MARINDUQUE MABUHAY!!! by: Nicklaus S. Buñag

    and

    O4 - HKLM\..\Run: [maskrider] C:\WINDOWS\maskrider2001.vbs

    I ran avg antivirus, spybot and ad-aware, manually yanked maskrider from the registry. yet everytime i restart there they are back again . . .

    I'm attaching the current hijack this log . . . someone please help. . .

    thanks,
    suk
     
  2. raybay

    raybay TS Evangelist Posts: 7,241   +9

    I don't see the infestation, but I am no expert such as Momok and Howard_Hopkinso
    While awaiting the reply on your log, try running your antivirus and antispyware again in normal mode, then again immediately in Safe Mode following a reboot.
    It may be that you will now need to run a fix by booting to your windows disc in repair mode.
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    For your maskrider2001.vbs problem, go HERE and follow the manual removal instructions.

    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of suk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. suk

    suk TS Rookie Topic Starter Posts: 16

    tried . ..

    dear howard,

    thanks so much - i followed all your instructions (a little shakily) and somehow maskrider and friends are not showing up in my ht log etc. will post all the logs etc in the morning after another check . . .

    fingers crossed!

    suk
     
  5. suk

    suk TS Rookie Topic Starter Posts: 16

    Logs

    attaching all logs: ht, combofix, avg antirootkit, virtumondebegone etc . . .

    the only remaining problem is that i cannot still access my drives by double clicking on them - it keeps displaying a windows script host box saying 'cannot find script file "C:\maskrider2001.vbs".'

    also, how do i clean my external hard disk of this maskrider menace?

    thanks
    suk
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your logfiles look clean.

    Do you recognise these entries, are they from your ISP?

    O17 - HKLM\System\CCS\Services\Tcpip\..\{A55BCE70-4E5E-47FA-AA51-5856FDD9CEB2}: NameServer = 218.248.240.208 218.248.240.135

    O17 - HKLM\System\CCS\Services\Tcpip\..\{F91C4636-985B-4806-8CA8-7F985D72B7D0}: NameServer = 202.54.9.1,202.9.145.6

    Try this removal tool HERE and let us know the outcome.

    Regards Howard :)

    This thread is for the use of suk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. suk

    suk TS Rookie Topic Starter Posts: 16

    Thanks!

    Dear Howard,

    You are a genius. i have successfully banished nasty maskrider and even more irritating taga lipa are from my machine.

    here's hoping they never come back.

    Thanks again
    suk
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s great news and thanks for your feedback.

    The real thanks should go to leerz25 who is the author of the NOOB_KILLER removal tool.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of suk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...