1.reg VBS:Malware-gen infection; can't delete

Status
Not open for further replies.
Hello,

I have a VBS:Malware-gen infection in 1.reg according to Avast, avast can't delete it but can be moved to the chest and deleted from there. When windows restarts back up the warning is back. I have tried multiple programs as well as the guide on this site but the only things that they find are MRUs and tracking cookies.

Multiple services are disabled including BITS, Windows Update, and the Security Center. Just recently I have been losing connectivity to the internet and I need to release and renew the ip address for it to work again.

Any help would be appreciative.
 

Attachments

  • hijackthis.log
    10.4 KB · Views: 8
  • AVGReport.txt
    2 KB · Views: 5
Hello frbas16 and welcome to TechSpot.

Your computer is infected with malware.

Very important: Malware infections can lead to identity theft, credit card misuse, loss of funds from bank accounts, etc. Therefore, I strongly recommend that you read this thread before proceeding further.

If you decide to clean your system after reading the above thread, please do the following.

Go and read the Viruses/spyware/malware preliminary removal instructions. Follow all the instructions exactly.

Post fresh HijackThis, ComboFix, and AVG Anti-Spyware logs as attachments, only after doing the above.

Please post the results of the Panda Anti-rootkit scan as well.

Regards :)

This thread is for the use of frbas16 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
I am using Vista so i couldn't use Panda but i used AVG anti-root kit. I may be wrong but I couldn't find a way to get the log from AVG but it didn't find anything. I have already read both of the threads and followed the directions for them. And I wish to repair the computer. As a side note my computer had a corrupt driver for my DVD/CD drive, at this point i don't know if there is any connection between the two.
 
Sorry for the delay.

Please download the attached file CFScript.txt and save it to your desktop.

Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
CFScript.gif


Once ComboFix is done running, scan your system with HijackThis and place a check in the box next to the following entries (if there):

O4 - HKLM\..\Run: [scvhost manager] scvhost32.exe

O4 - HKLM\..\RunServices: [scvhost manager] scvhost32.exe

Then post fresh ComboFix and HJT logs.

Regards :)
 

Attachments

  • CFScript.txt
    43 bytes · Views: 23
It cool, I know everyone is busy around Christmas. Here are the new log files.
 

Attachments

  • hijackthis3.log
    10.9 KB · Views: 5
Hi,

Your logs look clean now.

  1. Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

  2. Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

  3. After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

  4. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
momok =)

This thread is for the use of frbas16 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back