WINDOWS/system32/killVBS.vbs script warning

Hi,

Whilst you are going through those steps and running HijackThis again, please fix these entries:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killVBS.vbs
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BDE10DD-41F7-4DF4-8DA8-A78F9F88642C}: NameServer = 58.64.124.150 58.64.7.3

After that save the log and post the other logs. Also remember to let me know the results of the AVG antirootkit scan.


Regards,
Your friendly momok =)

This thread is for the use of scuttled only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Completed 15 steps/Requested logs.

Hi there Momok,

I have completed all of the step as instructed. I did come across a few issues along the way and will let you know what these are now - just in case they are of assistance/importance in analysing my logs.

Issue 1. I couldn't get the suggested version of AVG antispyware completely installed on my computer as I kept getting the message "64-bit of Windows is not supported". I tried changing the compatibility mode, but to no avail. Consequently, I found this version - avgas-setup-7.5.1.43 - and figuring it was the next best bet, completed the instructions as were given in the same way.

Issue 2. When running Ad-Aware 2007 whilst in safe mode, I was unable find anywhere to 'uncheck scan for negligible risk entries', despite following the instructions given. I thus completed the full scan and removed what it found.

Issue 3. During safe mode, When I ran the AVG spyware version that is noted above, I selected the option to quarantine the results per the instructions. Once the scan was completed I saved the log file, plus one to the desktop. However, when I took a look at the logs there was the message as warned against in the instructions that said - 'no action taken' after each of the entries. I then checked the back to the scan settings, and found that indeed I had set the scan to quarantine. Following this I returned to the results section, deleted all 6 of the 'tracking cookies' and 'trojans' which were listed, and saved two log files once again.

Finally,

Issue 4. When running the HJT scan again I followed your instructions from the previous post and went to fix the entries you had mentioned, but only one that was in the previous scan's log appeared this time. This was entry- 017. Not knowing whether I should fix it without the others being there, I have left it as is for the time being.


Ok, so that' all for the issues.

The good news is that the VBS script warning no longer appears when I start up Windows, at least I hope this is good news. Don't know whether this is any indication that it has gone, I didn't see any reference to it in the latest HJT log so maybe it has.

In regards to the AVG anti-root scan, there was nothing found.

Here are the three logs attached as requested.

What do you think?

Cheers and thanks again,

Scuttled

Hi,

Firstly let me applaud you for your excellent posts and you followed the instructions very well. I must say your posts are much more a pleasure to read than some others.

No worries about the AVG AS; you downloaded the right version.

Have HijackThis fix this entry:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BDE10DD-41F7-4DF4-8DA8-A78F9F88642C}: NameServer = 58.64.124.150 58.64.7.3

Apart from that, your logs look clean now.

Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

You may also delete the C:\VundoFix Backups folder and its contents.

Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.

After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of scuttled only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Hi Momok,

Glad my posts were clear enough for you to read. I'm far from experienced when it comes to this kind of business, so although it was a lengthy process it was nonetheless an educational one.

Just a couple of quick questions for you.

Firstly, I went to the AVG Spyware quarantine directory on C: drive to delete the files as you said, but there was no Quarantine directory there. I'm presuming that there was nothing quarantined. Alternatively, perhaps what had been quarantined was deleted on my final scan and removal. I tried to load up the AVG Spyware program to have a look if there was anything there but unfortunately it won't allow me.

I get a an AVG Anti Spyware 7.5 Error exclaiming:

"connection to service failed. Please reinstall AVG AntiSpyware7.5".

I know this probably isn't the right question for this thread, but on the off chance it is related to the process I thought I should let you know. Any thoughts?

Secondly, the following link:

http://www.bleepingcomputer.com/forums/tutorial56.html

in your previous post for the System Restore directions seems to be out of order. I think the server must be down so I will try again later. Is this ok?

Right.

Currently, the computer seems to be running better than before, but I'm yet to really give it a good test. A few things seem to be a bit funny:

The Modzilla Firefox browser window opens very small and applications don't appear on the task-bar when I minimize them. Also an Internet Explorer Icon has appeared on the Desktop that wasn't there before. I suppose there are a few things in Windows that were reset and need to be adjusted.

Despite this everything else is going well.

Many thanks for your kind assistance and clear guidance throughout this process.

Keep on doing a great job!

Scuttled.

Hi,

Thank you for your kind comments. It was a pleasure to help you.

I've checked the link and it seems to be working. Perhaps the server was down for a while previously. Please try again.

Have you turned off system restore and turned it back on again?

With regards to AVG, I would reinstall it just to be sure, since the message states exactly that hehe.

I'm not quite sure about your task bar issue. Could you post a screenshot for me?

Regards,
Your friendly momok =)

This thread is for the use of scuttled only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

Only the original thread starter can do this. Anyone else, will be ignored.