cant find script file c:\windows\winsys64.vbsSolved/Closed

Question

<confi>windows XP

hi,
Hello! 

My computer have a problem I hope you can help me. 

The problem is the window cannot find Script file"C:\WINDOWS\winsys64.vbs" 
and suddenly it will restart I don't know if the problem is the lose file. 

Please! Someone help me!! 

Thanks!!

djsmurf · Accepted Answer

If you search this site you can find a few post similar to your problem. 

https://ccm.net/forum/affich-39165-c-windows-sowar-vbs-problem

that is an example.

The file may be part of a virus called VBS.Zodgila, or VBS.Runauto (there are loads of different ones) which when executed attempts to write that file to your hard drive and puts in registry keys. Im assuming that it either wrote the registry key incorrectly or misplaced the file the key was referring to. 

What anti virus program are you running and have you been able to update it and run a current scan?

I ask because it is best to be sure the cause of the problem has been removed before we fix the reg. problem.

Do you have any registry editing experience?  There are a few ways to fix the error but as I said want to make sure the cause is removed first then we can repair the registry.

ximxim · Answer

hi! have same problem.
I'm using Avast as my antivirus and yes, I've run scans multiple times, but it found nothing (virus, worms etc).
thanks!

Ambucias · Answer

Greetings XimXim

The solution provided by Kieferchild is always a good and recommended first step to remove a virus.  If Malwarebyte can't remove it, a larger system analysis must be performed.

To help you, I must make a diagnostic and to do so, I require a log.

Open this link and download ZHPDiag : 

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html 


Register the file on your Desktop. 

Double click on ZHPDiag.exe and follow the instructions. 

the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step). 

Double click on the short cut ZHPDiag on your Destktop.  

Click on the Magnifying glass and run the analysys. 

Wait for the tool to finished (maybe a long time) 

Close ZHPDiag. 


To transmit the report, click on this link : 

https://authentification.site 

Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag). 

Select the file ZHPDiag.txt. 

Click on "upload » 

Copy the url and post it here

Ambucias · Answer

Dear Ximxim

Your system is indeed badly infected.

The infection came from Bittorent, BitComet and IMesh

After analysys, I have found 

1. Baidu spyware, 
2. Pop Cap Adware, 
3. Relevant Knowledge Spyware,  
4. Rogue Trojan Horse  
5. USB viral infection.  

Yes your system is in a extremely sad state.

To answer your question, not only will these viruses slowdown your machine but it is vulnerable to intrusions.  If you let them prosper, your system will blank out!

Also, I found:

a) 19 useless processes
b) 13 useless toolbars or Browser helper objects

Can you tell me about this software:

Dachshund Software-- C:\WINDOWS\Integrator.exe 

And what about Freeze.com

Another very important question do you use any removal USB devices?  If you do, do not use them, they are probably infected and will recontaminate your system and may contaminate others.

No antivirus is perfect and in this instance, Avast was incapable of the detecting and removing all of those viruses, but I insist, you Ximxim have let them in through your torrent downloads.

Lets deal with the main infections first.

After you applied my medicinal compound, please run another ZHP log for me to look at.

I shall prescribe to you a very powerfull antidote that is able to kill and send any virus to the glue factory. It is of very last resort and should not be abused of, as matter of a fact, once you have used it, I suggest you delete it from your system. 

To keep your system safe, you must follow the instructions hereunder to the letter: 

First step, boot your system in safe mode with networking

1. Download Combofix to your desktop. 

http://www.combofix.org/download.php 

2.Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. 

3. Double click on the ComboFix icon. 

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue. 

4. Accept the disclaimer and the recovery 

5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer. 

ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection. 

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. 

If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. 

During the process, please do not mouse click nor must you tap on the keyboard.  Let the tool run.

Once you are done, report to me on how your system is behaving and send the ZHP log.

Good luck 

Ambucias

Ambucias · Answer

Ximxim

By removable usb devices, I mean things like pendrives, flashdrives or external disk which you plug in your computer.

The Dachshund software which you downloaded contains a virus.

You can very well desinfect your system yourself as long as you carry out my instructons to the letter.

To get into safemode with networking, since you have Windows XP professional, reboot (restart) your machine and as soon as it begins keep tapping F8.  You will come to a screen giving you several options.  Using the arrow key, select safemode with networking and press enter.  After that continue on with disabling Avast, I think that if click right on the Avast icon, you will get the option of disabling it.

Then carry on with my instructions above, print them if needed.

Good luck

Ambucias · Answer

Ximxim,

The latest log you have sent me shows the very same infections.

Do me a favor, 

1. delete the present copy of the ZHP diag you have.

2. Download a brand new copy and run it and post a new log.

I would like to make sure your system is really clean before we go on and clean your removal drive.

Regards

Ambucias · Answer

Ximxim

So you were on vacation. How boring!

I was unable to check because zhp produced the same log as the infected one.

Cant find script file c:\windows\winsys64.vbs

7 responses

Similar discussions

Subscribe To Our Newsletter!