C:\Windows\astig.vbs Help

Solved/Closed
hackimist Posts 37 Registration date Thursday October 28, 2010 Status Member Last seen December 28, 2013 - Oct 29, 2010 at 04:54 AM
jack4rall Posts 6428 Registration date Sunday June 6, 2010 Status Moderator Last seen July 16, 2020 - Nov 2, 2010 at 08:55 AM
Hello,

Everyone

i got a new problem when i log on this thing keeps bugging me

Can Not Find Script File "C:\Windows\astig.vbs".

Any bright ideas?

Thanks in advance


8 responses

Blocked Profile
Oct 29, 2010 at 06:05 AM
Hi,

Find your solution on the link below by following the instructions:

https://ccm.net/forum/affich-10643-virus-removal-vbs

Thanks
0
hackimist Posts 37 Registration date Thursday October 28, 2010 Status Member Last seen December 28, 2013 129
Oct 29, 2010 at 08:43 AM
thank you for the link but the one you gave me is for virus-remover.vbs

That's what i think cause it's not working i click the batch i created and when i restart there it is again

Can Not Find Script File "C:\Windows\astig.vbs".
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Oct 29, 2010 at 03:58 PM
Hello,

1.Use Task Manager to terminate astig.vbs programs process.

2.Delete the original astig.vbs files and astig.vbs created files.

3.Delete the system registry key parameter astig.vbs created.

4.Delete the IE temporary files (%Temp%).

5.Update your antivirus databases and perform a full scan

Good luck
0
hackimist Posts 37 Registration date Thursday October 28, 2010 Status Member Last seen December 28, 2013 129
Oct 31, 2010 at 01:41 AM
Thank you very much for the answer

But i already delete astig.vbs i use Autoruns.exe
Then the guy i ask to tell me to delete all .vbs

Cause he say every OS has no .vbs runing in start up so i tried it and it work

Hey but Ambucias,

Can you please help me delete another .vbs it's called katrinascandal.vbs

i think it's in c\windows\adobecs4.vbs i think that is the location
i tried to delete it like astig.vbs but it did not work this time
it comes back every time and my regedit and task manager is lock because of it

Please help

And Thank you
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Oct 31, 2010 at 05:50 AM
Hi,
There very few reported cases about this scandal worm which is not yet documented.
Gervarod will be taking over from here.
Good luck
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Oct 31, 2010 at 05:54 AM
I forgot.
adobecs4.vbs comes from Photoshop CS4
0
Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
Oct 31, 2010 at 05:18 AM
Hello the katrinascandal.vbs is an new worm by i have been told but i will check up with another mate here in Australia which is an IT tec
0
Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
Oct 31, 2010 at 06:28 AM
Hello may i get you to give me an highjack this log file for me so we can go through it to remove what is not ment to be in there then.

http://free.antivirus.com/hijackthis/

but do a system scan and save a log file and then high light it and copy it then paste it here for me to look at then.

Cheers, Gervarod
0

Didn't find the answer you are looking for?

Ask a question
hackimist Posts 37 Registration date Thursday October 28, 2010 Status Member Last seen December 28, 2013 129
Oct 31, 2010 at 07:12 AM
Thank you for replying,Here's the log file

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:33:45 PM, on 10/20/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SysWOW64\FL\SofonicaFolderSoldier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Uniblue\PowerSuite\powersuite.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
F:\Programs\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Programs\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - F:\Programs\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "F:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SofonicaFolderSoldier] C:\Windows\SysWOW64\FL\SofonicaFolderSoldier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mspaint] "C:\Windows\system32\Paint.exe" -autocheck
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "F:\Programs\uTorrent.exe" /HIDE
O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe" delay 20000 -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Program Files (x86)\RapidBIT\cisvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
0
Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
Oct 31, 2010 at 07:52 AM
hello please remove these files by ticking them and click on the remove button.

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [uTorrent] "F:\Programs\uTorrent.exe" /HIDE

O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe" delay 20000 -m

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\GetUrl.htm

O8 - Extra context menu item: &Download by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Do&wnload selected by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://F:\Programs\Orbitdownloader\orbitmxt.dll/202

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)


O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Remote Connections Service (FlexService) - BitMicro Software Corporation - C:\Program Files (x86)\RapidBIT\cisvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.google.com/?gws_rd=ssl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

but one thing is are you using Avast or any other Anti Virus protection like bit defender or that?
0
hackimist Posts 37 Registration date Thursday October 28, 2010 Status Member Last seen December 28, 2013 129
Nov 1, 2010 at 12:59 AM
Yes i'm using Avast Antivirus
0
Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
Oct 31, 2010 at 10:10 AM
Also after removing the files in highjack this scan please run an malwarebytes scan to see if it finds anything in your computer....

Download to your desktop Malwarebyte.

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/

Once on your desktop, we must still outwit the virus.

Right click on the MBAM icon and click on rename. Rename it kioskea.exe.

Install Malwarebyte and launch it. From the second tab, update it.

Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.

It is very important that you let Malwarebyte run for as long as it takes, in some cases the creators of Malwarebyte suggest that you go do something like watch a rerun of "Gone with the Wind" or read Tolstoy's "War and Peace".

also please post me the file what malwarebytes finds in your computer and also tell us how your computer is action so we know to take this further into action by using some old tools or new powerful drug to remove it then.


Cheers, Gervarod
0
hackimist Posts 37 Registration date Thursday October 28, 2010 Status Member Last seen December 28, 2013 129
Nov 1, 2010 at 01:49 AM
Well here it is. . .

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4974

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/21/2010 11:14:14 AM
mbam-log-2010-10-21 (11-14-14).txt

Scan type: Full scan (C:\|F:\|I:\|)
Objects scanned: 241799
Time elapsed: 40 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Se7en Ultimate\AppData\Local\Mozilla\Firefox\Profiles\d8ds703d.default\Cache\DA761E44d01 (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.


Thank you
0
Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
Nov 1, 2010 at 02:57 AM
OK but how is it has the infection gone away yet?
0
Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
Nov 1, 2010 at 05:12 AM
how is your computer performance now any better or you still got the worm on your computer?
0
hackimist Posts 37 Registration date Thursday October 28, 2010 Status Member Last seen December 28, 2013 129
Nov 1, 2010 at 09:55 AM
I' really sorry for the always late reply my computer won't start up but its not because of the worm or anything its because of some thing else so don't worry.. .

Yup it's here im my pc. . .
0
Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
Nov 1, 2010 at 09:57 AM
so have you checked any of the cords or that have you got power to it at all?
0
hackimist Posts 37 Registration date Thursday October 28, 2010 Status Member Last seen December 28, 2013 129
Nov 2, 2010 at 01:45 AM
yup, whenever i turn off my pc and i open it again it takes me
5mins to 10mins or 1hour to 5hour it depends on purely luck you see i don't know the cause of it. . . .

Until my simpletect 96300-40001-001 (250G) drive suddenly stop working it. . . . .
at first it says "you need to format to be able to use" then "usb not recognize"
so i search for help using google and walaaa i saw fixya.com then many there says
remove the hard drive form the case or Hard Drive Enclosure then put it in my pc

At first i don't know what to do cause i'm not very good at technical fixing but my bro keeps on nagging me to fix it so i tried i opened the Simple tech then open my pc then i saw there a Hard Drive just like the one form the Simple tech so i have a good idea why not put it in my pc like they say so i search again on how to do it then there i saw again a possible way it's a IDE CABLE And now i know all about it like Master and Slave and Pins but it didn't work cause the IDE CABLE on my pc only has one connector it doesn't have any Jumper To be put in my to be
Slave Drive(AKA_Simpletech HD)



So in short my pc not having a IDE CABLE that has Slave Connector means only 1 thing my pc is a old model Well not so old i like fossil like pc but plain old pc i think

But any way if we may,can we go back to fixing my 2nd Problem it is my immortal enemy (AKA_katrinascandal.vbs)

And this tread is going to be an all type problem solving tread,WHY? cause at first

It's only astig.vbs,then katrina,then my o_d pc

So i think we may as well concentrate on defeating this immortal enemy of mine shall we?

Cheers,Hackimist
0
jack4rall Posts 6428 Registration date Sunday June 6, 2010 Status Moderator Last seen July 16, 2020
Nov 2, 2010 at 08:55 AM
Hello,
Try the solution posted in your previous thread regarding removing the katrinascandal.vbs
Even though you delete it manually, it will return back. Follow the steps given in that thread to remove it.
For "astig.vbs"
After removing the katrinascandal.vbs, click on Start --> In search box, type msconfig and press Enter. "System Configuration Utility" will be opened --> Click on "Startup" tab.
This time look for the suspicious file and remove from the startup.
Note: If you have followed the steps to remove the kartinascandal.vbs, you can notice that a fake
file with name abodecs4.vbs is cretead. So to remove "astig.vbs" from startup look for suspicious file.
Good Luck.
0