stubborn VBS.SOLOW - HELP!

[suk]

Hi!
My home computer has been infected by this nasty vbs.solow virus - it must have been there for a while because now i can't double click on the drive letters on the computer to open them (apparently this is a symptom). I have run Hijack this and fixed the entries marked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TAGA ESTI, MARINDUQUE MABUHAY!!! by: Nicklaus S. Buñag

and

O4 - HKLM\..\Run: [maskrider] C:\WINDOWS\maskrider2001.vbs

I ran avg antivirus, spybot and ad-aware, manually yanked maskrider from the registry. yet everytime i restart there they are back again . . .

I'm attaching the current hijack this log . . . someone please help. . .

thanks,
suk

 

[raybay]

I don't see the infestation, but I am no expert such as Momok and Howard_Hopkinso
While awaiting the reply on your log, try running your antivirus and antispyware again in normal mode, then again immediately in Safe Mode following a reboot.
It may be that you will now need to run a fix by booting to your windows disc in repair mode.

 

[howard_hopkinso]

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

For your maskrider2001.vbs problem, go HERE and follow the manual removal instructions.

Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard

This thread is for the use of suk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[suk]

tried . ..

dear howard,

thanks so much - i followed all your instructions (a little shakily) and somehow maskrider and friends are not showing up in my ht log etc. will post all the logs etc in the morning after another check . . .

fingers crossed!

suk

 

[suk]

Logs

attaching all logs: ht, combofix, avg antirootkit, virtumondebegone etc . . .

the only remaining problem is that i cannot still access my drives by double clicking on them - it keeps displaying a windows script host box saying 'cannot find script file "C:\maskrider2001.vbs".'

also, how do i clean my external hard disk of this maskrider menace?

thanks
suk

 

[howard_hopkinso]

Your logfiles look clean.

Do you recognise these entries, are they from your ISP?

O17 - HKLM\System\CCS\Services\Tcpip\..\{A55BCE70-4E5E-47FA-AA51-5856FDD9CEB2}: NameServer = 218.248.240.208 218.248.240.135

O17 - HKLM\System\CCS\Services\Tcpip\..\{F91C4636-985B-4806-8CA8-7F985D72B7D0}: NameServer = 202.54.9.1,202.9.145.6

Try this removal tool HERE and let us know the outcome.

Regards Howard

This thread is for the use of suk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[suk]

Thanks!

Dear Howard,

You are a genius. i have successfully banished nasty maskrider and even more irritating taga lipa are from my machine.

here's hoping they never come back.

Thanks again
suk

 

[howard_hopkinso]

That`s great news and thanks for your feedback.

The real thanks should go to leerz25 who is the author of the NOOB_KILLER removal tool.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of suk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.