C:\Windows\astig.vbs Help
Solved/Closed
hackimist
Posts
37
Registration date
Thursday October 28, 2010
Status
Member
Last seen
December 28, 2013
-
Oct 29, 2010 at 04:54 AM
jack4rall Posts 6428 Registration date Sunday June 6, 2010 Status Moderator Last seen July 16, 2020 - Nov 2, 2010 at 08:55 AM
jack4rall Posts 6428 Registration date Sunday June 6, 2010 Status Moderator Last seen July 16, 2020 - Nov 2, 2010 at 08:55 AM
8 responses
Hi,
Find your solution on the link below by following the instructions:
https://ccm.net/forum/affich-10643-virus-removal-vbs
Thanks
Find your solution on the link below by following the instructions:
https://ccm.net/forum/affich-10643-virus-removal-vbs
Thanks
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 29, 2010 at 03:58 PM
Oct 29, 2010 at 03:58 PM
Hello,
1.Use Task Manager to terminate astig.vbs programs process.
2.Delete the original astig.vbs files and astig.vbs created files.
3.Delete the system registry key parameter astig.vbs created.
4.Delete the IE temporary files (%Temp%).
5.Update your antivirus databases and perform a full scan
Good luck
1.Use Task Manager to terminate astig.vbs programs process.
2.Delete the original astig.vbs files and astig.vbs created files.
3.Delete the system registry key parameter astig.vbs created.
4.Delete the IE temporary files (%Temp%).
5.Update your antivirus databases and perform a full scan
Good luck
hackimist
Posts
37
Registration date
Thursday October 28, 2010
Status
Member
Last seen
December 28, 2013
129
Oct 31, 2010 at 01:41 AM
Oct 31, 2010 at 01:41 AM
Thank you very much for the answer
But i already delete astig.vbs i use Autoruns.exe
Then the guy i ask to tell me to delete all .vbs
Cause he say every OS has no .vbs runing in start up so i tried it and it work
Hey but Ambucias,
Can you please help me delete another .vbs it's called katrinascandal.vbs
i think it's in c\windows\adobecs4.vbs i think that is the location
i tried to delete it like astig.vbs but it did not work this time
it comes back every time and my regedit and task manager is lock because of it
Please help
And Thank you
But i already delete astig.vbs i use Autoruns.exe
Then the guy i ask to tell me to delete all .vbs
Cause he say every OS has no .vbs runing in start up so i tried it and it work
Hey but Ambucias,
Can you please help me delete another .vbs it's called katrinascandal.vbs
i think it's in c\windows\adobecs4.vbs i think that is the location
i tried to delete it like astig.vbs but it did not work this time
it comes back every time and my regedit and task manager is lock because of it
Please help
And Thank you
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 31, 2010 at 05:50 AM
Oct 31, 2010 at 05:50 AM
Hi,
There very few reported cases about this scandal worm which is not yet documented.
Gervarod will be taking over from here.
Good luck
There very few reported cases about this scandal worm which is not yet documented.
Gervarod will be taking over from here.
Good luck
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 31, 2010 at 05:54 AM
Oct 31, 2010 at 05:54 AM
I forgot.
adobecs4.vbs comes from Photoshop CS4
adobecs4.vbs comes from Photoshop CS4
Gervarod
Posts
306
Registration date
Saturday March 27, 2010
Status
Member
Last seen
June 8, 2014
21
Oct 31, 2010 at 05:18 AM
Oct 31, 2010 at 05:18 AM
Hello the katrinascandal.vbs is an new worm by i have been told but i will check up with another mate here in Australia which is an IT tec
Gervarod
Posts
306
Registration date
Saturday March 27, 2010
Status
Member
Last seen
June 8, 2014
21
Oct 31, 2010 at 06:28 AM
Oct 31, 2010 at 06:28 AM
Hello may i get you to give me an highjack this log file for me so we can go through it to remove what is not ment to be in there then.
http://free.antivirus.com/hijackthis/
but do a system scan and save a log file and then high light it and copy it then paste it here for me to look at then.
Cheers, Gervarod
http://free.antivirus.com/hijackthis/
but do a system scan and save a log file and then high light it and copy it then paste it here for me to look at then.
Cheers, Gervarod
Didn't find the answer you are looking for?
Ask a question
hackimist
Posts
37
Registration date
Thursday October 28, 2010
Status
Member
Last seen
December 28, 2013
129
Oct 31, 2010 at 07:12 AM
Oct 31, 2010 at 07:12 AM
Thank you for replying,Here's the log file
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:33:45 PM, on 10/20/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SysWOW64\FL\SofonicaFolderSoldier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Uniblue\PowerSuite\powersuite.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
F:\Programs\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Programs\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - F:\Programs\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "F:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SofonicaFolderSoldier] C:\Windows\SysWOW64\FL\SofonicaFolderSoldier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mspaint] "C:\Windows\system32\Paint.exe" -autocheck
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "F:\Programs\uTorrent.exe" /HIDE
O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe" delay 20000 -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Program Files (x86)\RapidBIT\cisvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:33:45 PM, on 10/20/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SysWOW64\FL\SofonicaFolderSoldier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Uniblue\PowerSuite\powersuite.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
F:\Programs\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Programs\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - F:\Programs\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "F:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SofonicaFolderSoldier] C:\Windows\SysWOW64\FL\SofonicaFolderSoldier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mspaint] "C:\Windows\system32\Paint.exe" -autocheck
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "F:\Programs\uTorrent.exe" /HIDE
O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe" delay 20000 -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Program Files (x86)\RapidBIT\cisvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
Gervarod
Posts
306
Registration date
Saturday March 27, 2010
Status
Member
Last seen
June 8, 2014
21
Oct 31, 2010 at 07:52 AM
Oct 31, 2010 at 07:52 AM
hello please remove these files by ticking them and click on the remove button.
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "F:\Programs\uTorrent.exe" /HIDE
O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe" delay 20000 -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: &Download by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/202
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Program Files (x86)\RapidBIT\cisvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
but one thing is are you using Avast or any other Anti Virus protection like bit defender or that?
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "F:\Programs\uTorrent.exe" /HIDE
O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe" delay 20000 -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: &Download by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/202
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Program Files (x86)\RapidBIT\cisvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
but one thing is are you using Avast or any other Anti Virus protection like bit defender or that?
hackimist
Posts
37
Registration date
Thursday October 28, 2010
Status
Member
Last seen
December 28, 2013
129
Nov 1, 2010 at 12:59 AM
Nov 1, 2010 at 12:59 AM
Yes i'm using Avast Antivirus
Gervarod
Posts
306
Registration date
Saturday March 27, 2010
Status
Member
Last seen
June 8, 2014
21
Oct 31, 2010 at 10:10 AM
Oct 31, 2010 at 10:10 AM
Also after removing the files in highjack this scan please run an malwarebytes scan to see if it finds anything in your computer....
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it kioskea.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
It is very important that you let Malwarebyte run for as long as it takes, in some cases the creators of Malwarebyte suggest that you go do something like watch a rerun of "Gone with the Wind" or read Tolstoy's "War and Peace".
also please post me the file what malwarebytes finds in your computer and also tell us how your computer is action so we know to take this further into action by using some old tools or new powerful drug to remove it then.
Cheers, Gervarod
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it kioskea.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
It is very important that you let Malwarebyte run for as long as it takes, in some cases the creators of Malwarebyte suggest that you go do something like watch a rerun of "Gone with the Wind" or read Tolstoy's "War and Peace".
also please post me the file what malwarebytes finds in your computer and also tell us how your computer is action so we know to take this further into action by using some old tools or new powerful drug to remove it then.
Cheers, Gervarod
hackimist
Posts
37
Registration date
Thursday October 28, 2010
Status
Member
Last seen
December 28, 2013
129
Nov 1, 2010 at 01:49 AM
Nov 1, 2010 at 01:49 AM
Well here it is. . .
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4974
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10/21/2010 11:14:14 AM
mbam-log-2010-10-21 (11-14-14).txt
Scan type: Full scan (C:\|F:\|I:\|)
Objects scanned: 241799
Time elapsed: 40 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Se7en Ultimate\AppData\Local\Mozilla\Firefox\Profiles\d8ds703d.default\Cache\DA761E44d01 (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.
Thank you
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4974
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10/21/2010 11:14:14 AM
mbam-log-2010-10-21 (11-14-14).txt
Scan type: Full scan (C:\|F:\|I:\|)
Objects scanned: 241799
Time elapsed: 40 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Se7en Ultimate\AppData\Local\Mozilla\Firefox\Profiles\d8ds703d.default\Cache\DA761E44d01 (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.
Thank you
Gervarod
Posts
306
Registration date
Saturday March 27, 2010
Status
Member
Last seen
June 8, 2014
21
Nov 1, 2010 at 02:57 AM
Nov 1, 2010 at 02:57 AM
OK but how is it has the infection gone away yet?
Gervarod
Posts
306
Registration date
Saturday March 27, 2010
Status
Member
Last seen
June 8, 2014
21
Nov 1, 2010 at 05:12 AM
Nov 1, 2010 at 05:12 AM
how is your computer performance now any better or you still got the worm on your computer?
hackimist
Posts
37
Registration date
Thursday October 28, 2010
Status
Member
Last seen
December 28, 2013
129
Nov 1, 2010 at 09:55 AM
Nov 1, 2010 at 09:55 AM
I' really sorry for the always late reply my computer won't start up but its not because of the worm or anything its because of some thing else so don't worry.. .
Yup it's here im my pc. . .
Yup it's here im my pc. . .
Gervarod
Posts
306
Registration date
Saturday March 27, 2010
Status
Member
Last seen
June 8, 2014
21
Nov 1, 2010 at 09:57 AM
Nov 1, 2010 at 09:57 AM
so have you checked any of the cords or that have you got power to it at all?
hackimist
Posts
37
Registration date
Thursday October 28, 2010
Status
Member
Last seen
December 28, 2013
129
Nov 2, 2010 at 01:45 AM
Nov 2, 2010 at 01:45 AM
yup, whenever i turn off my pc and i open it again it takes me
5mins to 10mins or 1hour to 5hour it depends on purely luck you see i don't know the cause of it. . . .
Until my simpletect 96300-40001-001 (250G) drive suddenly stop working it. . . . .
at first it says "you need to format to be able to use" then "usb not recognize"
so i search for help using google and walaaa i saw fixya.com then many there says
remove the hard drive form the case or Hard Drive Enclosure then put it in my pc
At first i don't know what to do cause i'm not very good at technical fixing but my bro keeps on nagging me to fix it so i tried i opened the Simple tech then open my pc then i saw there a Hard Drive just like the one form the Simple tech so i have a good idea why not put it in my pc like they say so i search again on how to do it then there i saw again a possible way it's a IDE CABLE And now i know all about it like Master and Slave and Pins but it didn't work cause the IDE CABLE on my pc only has one connector it doesn't have any Jumper To be put in my to be
Slave Drive(AKA_Simpletech HD)
So in short my pc not having a IDE CABLE that has Slave Connector means only 1 thing my pc is a old model Well not so old i like fossil like pc but plain old pc i think
But any way if we may,can we go back to fixing my 2nd Problem it is my immortal enemy (AKA_katrinascandal.vbs)
And this tread is going to be an all type problem solving tread,WHY? cause at first
It's only astig.vbs,then katrina,then my o_d pc
So i think we may as well concentrate on defeating this immortal enemy of mine shall we?
Cheers,Hackimist
5mins to 10mins or 1hour to 5hour it depends on purely luck you see i don't know the cause of it. . . .
Until my simpletect 96300-40001-001 (250G) drive suddenly stop working it. . . . .
at first it says "you need to format to be able to use" then "usb not recognize"
so i search for help using google and walaaa i saw fixya.com then many there says
remove the hard drive form the case or Hard Drive Enclosure then put it in my pc
At first i don't know what to do cause i'm not very good at technical fixing but my bro keeps on nagging me to fix it so i tried i opened the Simple tech then open my pc then i saw there a Hard Drive just like the one form the Simple tech so i have a good idea why not put it in my pc like they say so i search again on how to do it then there i saw again a possible way it's a IDE CABLE And now i know all about it like Master and Slave and Pins but it didn't work cause the IDE CABLE on my pc only has one connector it doesn't have any Jumper To be put in my to be
Slave Drive(AKA_Simpletech HD)
So in short my pc not having a IDE CABLE that has Slave Connector means only 1 thing my pc is a old model Well not so old i like fossil like pc but plain old pc i think
But any way if we may,can we go back to fixing my 2nd Problem it is my immortal enemy (AKA_katrinascandal.vbs)
And this tread is going to be an all type problem solving tread,WHY? cause at first
It's only astig.vbs,then katrina,then my o_d pc
So i think we may as well concentrate on defeating this immortal enemy of mine shall we?
Cheers,Hackimist
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020
Nov 2, 2010 at 08:55 AM
Nov 2, 2010 at 08:55 AM
Hello,
Try the solution posted in your previous thread regarding removing the katrinascandal.vbs
Even though you delete it manually, it will return back. Follow the steps given in that thread to remove it.
For "astig.vbs"
After removing the katrinascandal.vbs, click on Start --> In search box, type msconfig and press Enter. "System Configuration Utility" will be opened --> Click on "Startup" tab.
This time look for the suspicious file and remove from the startup.
Note: If you have followed the steps to remove the kartinascandal.vbs, you can notice that a fake
file with name abodecs4.vbs is cretead. So to remove "astig.vbs" from startup look for suspicious file.
Good Luck.
Try the solution posted in your previous thread regarding removing the katrinascandal.vbs
Even though you delete it manually, it will return back. Follow the steps given in that thread to remove it.
For "astig.vbs"
After removing the katrinascandal.vbs, click on Start --> In search box, type msconfig and press Enter. "System Configuration Utility" will be opened --> Click on "Startup" tab.
This time look for the suspicious file and remove from the startup.
Note: If you have followed the steps to remove the kartinascandal.vbs, you can notice that a fake
file with name abodecs4.vbs is cretead. So to remove "astig.vbs" from startup look for suspicious file.
Good Luck.
Oct 29, 2010 at 08:43 AM
That's what i think cause it's not working i click the batch i created and when i restart there it is again
Can Not Find Script File "C:\Windows\astig.vbs".