Gabrijela

CLOSED VB:Trojan.agent.CMIZ (B)

Recommended Posts

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKU\S-1-5-21-2030224932-2477818986-1504364618-1001\...\MountPoints2: E - E:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-2030224932-2477818986-1504364618-1001\...\MountPoints2: F - F:\EmperorsTomb.exe
HKU\S-1-5-21-2030224932-2477818986-1504364618-1001\...\MountPoints2: G - G:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-2030224932-2477818986-1504364618-1001\...\MountPoints2: {39ac49dd-8640-11e6-a601-0024e811da3f} - H:\Startme.exe
HKU\S-1-5-21-2030224932-2477818986-1504364618-501\...\Run: [KBEppOaNQKcvSPt] => wscript.exe //B "C:\Users\Guest\AppData\Local\Temp\KBEppOaNQKcvSPt.vbs" <==== ATTENTION
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KBEppOaNQKcvSPt.vbs [2016-11-29] ()
2017-11-28 01:14 - 2017-11-28 01:15 - 006749941 _____ C:\Users\GaGa\Downloads\2d950e27-aba5-47eb-b046-4ff726a9dea2.tmp
2007-12-14 00:23 - 2007-12-14 00:23 - 000640248 _____ (Electronic Arts Inc.) C:\Users\GaGa\AppData\Local\Temp\AutoRun.exe
2017-01-09 18:24 - 2007-12-14 00:23 - 000591096 _____ (Electronic Arts Inc.) C:\Users\GaGa\AppData\Local\Temp\AutoRunGUI.dll
2017-11-27 22:26 - 2017-11-27 22:27 - 007850088 _____ (Microsoft Corporation) C:\Users\GaGa\AppData\Local\Temp\BingBarSetup-Partner.exe
2015-12-13 11:04 - 2015-12-13 11:04 - 000065536 _____ (Sony DADC Austria AG) C:\Users\GaGa\AppData\Local\Temp\drm_dialogs.dll
2017-01-09 18:24 - 2007-12-14 00:23 - 000881912 _____ (Electronic Arts Inc.) C:\Users\GaGa\AppData\Local\Temp\EAInstall.dll
2016-01-26 11:53 - 2016-01-26 11:53 - 000644704 _____ (Oracle Corporation) C:\Users\GaGa\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-08 09:25 - 2016-02-08 09:25 - 000736352 _____ (Oracle Corporation) C:\Users\GaGa\AppData\Local\Temp\jre-8u73-windows-au.exe
2017-01-15 17:27 - 2017-01-15 17:27 - 000000000 _____ () C:\Users\Guest\AppData\Local\Temp\2vnvvh34.dll
2017-11-26 18:23 - 2017-11-26 18:24 - 000444416 _____ () C:\Users\Guest\AppData\Local\Temp\DSETUP.dll
2017-11-26 18:24 - 2017-11-26 18:24 - 000652800 _____ (Igor Pavlov) C:\Users\Guest\AppData\Local\Temp\dsetup32.dll
2016-03-28 18:19 - 2016-03-28 18:19 - 000736320 _____ (Oracle Corporation) C:\Users\Guest\AppData\Local\Temp\jre-8u77-windows-au.exe
2017-11-26 18:23 - 2017-11-26 18:23 - 000866304 _____ () C:\Users\Guest\AppData\Local\Temp\run.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {5C082736-7B9F-4B57-B00B-28E41DFFDA38} - System32\Tasks\{BC62C468-2F30-43E5-91E0-FB6ED8DEA516} => C:\Windows\system32\pcalua.exe -a C:\Users\GaGa\AppData\Local\Temp\jre-8u73-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {B8C8DDDD-1EDF-452D-B780-A0ABF34B49D1} - System32\Tasks\AVAST Software\Avast settings backup
Task: {C8FC4316-ACBA-4E12-A964-9F8061463317} - System32\Tasks\{59E2941C-AAB9-4C92-B675-E05A7A7D1BED} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\LucasArts\Indiana Jones and the Emperors Tomb\setup.exe" -d "C:\Program Files\LucasArts\Indiana Jones and the Emperors Tomb"
C:\Users\Guest\AppData\Local\Temp\KBEppOaNQKcvSPt.vbs
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KBEppOaNQKcvSPt.vbs

Close Notepad.

NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.