Closed VB:Trojan.Agent.CMIZ

[Alejandro]

Hello;

I run EAM on my USB flash drive, and three objects were quarantined, with message:

E:\xxx.vbs    Quarantined: VB:Trojan.Agent.CMIZ (B)
E:\R_CDF_MDE.lnk    Quarantined: Generic.WormVBS.LNKC.CA2DE534 (B)
E:\Services Custombit.lnk    Quarantined: Generic.WormVBS.LNKC.ABDAAF75 (B)

There is something more I can do apart of delete them? Should  I format the drive? Should I run some additional test?

Mhhh ... fear

 

[stapp]

Please follow the steps here and attach the requested logs so that one of our experts can help you.

https://support.emsisoft.com/announcement/2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/

[Alejandro]

Hello, I am sending the logs files you request. Thanks.  

FRST.txt

Addition.txt

scan_171018-145145.txt

[ShadowPuterDude]

Alejandro,

Do the following:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014-03-08] ()
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
ContextMenuHandlers5-x32: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
Task: {08CB5E33-10B2-4A5F-9052-0A5535F81EF8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {097FD491-1219-4C4A-91E2-1D28B3DA2912} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {16F169A8-FAED-4EA1-B266-4300F244A7EB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1ABE880C-C1DB-454F-8F6A-E24A77A3C038} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {23C8D2CD-3150-4AE0-ABF2-5B5F30C8F5DE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2C45C545-5114-4902-A654-951F3D8BE756} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {318BCD00-D657-4E8D-9A2A-A21AACB8935F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {59CAFDB4-0D17-45EC-A6B5-86D0BE827921} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8115B48E-66FA-4394-92B2-0B4EDB4B720F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8C6D1497-A677-48F4-ACC1-9DCE619E4292} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {950AF623-E247-461C-BFAF-3DD76D0AE187} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

[Alejandro]

Thank you Kevin;

This is the requested log file (Fixlog.txt):

 

 

Fixlog.txt

[ShadowPuterDude]

Alejandro,

Run a fresh scan with FRST, attach the new FRST scan logs to your reply.

[Alejandro]

Here they are:

 

FRST.txt

Addition.txt

[ShadowPuterDude]

Alejandro,

Your logs look fine.

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

Download Delfix from https://toolslib.net/downloads/viewdownload/2-delfix/
• Ensure "Remove disinfection tools" is checked.
• Also place a checkmark next to:
• Create registry backup
• Purge system restore
• Click the "Run" button.

When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad.

Empty the Recycle Bin

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Articles to read:
How to Protect Your Computer From Malware http://www.malwareteks.com/Protect.php
How to keep you and your Windows PC happy http://www.malwareteks.com/HappyPC.php
Web, email, chat, password and kids safety http://www.malwareteks.com/WebSafety.php
10 Sources of Malware Infections https://zolltech.com/how-did-i-get-infected/

That should take care of everything.

Safe Surfing!

[Alejandro]

Many thanks Kevin.

I Couldn't update Windows because something goes wrong during the process (in the second restart). I hope this is not related to virus. I'll keep trying.

Well, thanks again.

[ShadowPuterDude]

May need to repair Windows Update.

Download Windows Repair by Tweaking.com http://www.tweaking.com/content/page/windows_repair_all_in_one.html to your desktop. Use the direct download link for the Portable version of Windows Repair by Tweaking.com

• Double-click "tweaking.com_windows_repair_aio.zip" and extract the "Tweaking.com - Windows Repair" folder to your desktop.
• Now open this folder and double-click "Repair_Windows.exe".
• Click the "Repairs" tab on the far right.
• Click the "Open Repairs" button (bottom right)

Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.

• Click "Unselect All"
• Put a checkmark in the following items:
  • 05 - Repair WMI
  • 09 - Repair Hosts File
  • 10 - Remove Policies Set By Infections
  • 13 - Repair Network
  • 14 - Remove Temp Files
  • 15 - Repair Proxy Settings
  • 17 - Repair Windows Updates
  • 19 - Repair Volume Shadow Copy Service
  • 21 - Repair MSI (Windows Installer)

Note: Leave everything else unchecked

• Put a checkmark in "Restart System When Finished"
• Now click the "Start" button (bottom right)

[Alejandro]

Hello Kevin;

After running Repair_Windows.exe, Settings >> Update History is completely empty. Is this OK?

[ShadowPuterDude]

Yes, that is a side effect from repairing Windows Update.

Is Windows Update working, now?

[Alejandro]

I couldn't say.

I am on Windows 10 1703, and the update that failed was an upgrade to Windows 10 1709. Now this update is not proposed, nor anything else, after clicking "check for updates" button.

I tried with "Windows 10 Update Assistant" but it fails again and revert to 1703.

[ShadowPuterDude]

You may need to use the Windows Media Creation Tool https://www.microsoft.com/en-us/software-download/windows10

Use it to make a bootable USB flash drive, DVD or ISO image.  You can then boot the system from the Windows 10 1709 installation media and upgrade.

[ShadowPuterDude]

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.