1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

autorun.vbs

Discussion in 'Virus & Other Malware Removal' started by Coolashacka, Mar 31, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Coolashacka

    Coolashacka Thread Starter

    Joined:
    Mar 31, 2007
    Messages:
    3
    My problem is pretty much the same as in these two threads:
    Need help removing 'Can not find script "c:\autorun.vbs"
    Solved: Autorun.vbs .bat problem
    Same pictures can be posted to depic my problem:
    [​IMG]


    [​IMG]


    and also:
    [​IMG]
    Infiziert mit: infected with
    Desinfizieren fehlgeschlagen: disinfection failed
    Verschoben: moved


    It seems like there is no universal solution, but only specific ones. A mod in the second thread asked the user to post his Hijack This log.
    Here is mine:

    oh mighty gurus, please help :confused:
     
  2. Coolashacka

    Coolashacka Thread Starter

    Joined:
    Mar 31, 2007
    Messages:
    3
    please guys, have a look :(
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,988
    Hi and welcome to TSG,


    Be sure you have your USB Flash drive plugged in.


    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat

    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.

    Save the attached Clean autoruns.zip to your desktop and extract (unzip) its contents to the desktop. It contains a batch file, Clean autoruns.bat, Written by Mosaic1. Once extracted, open the folder and double click on the Clean autoruns.bat to run the fix.
    1. If any autoruns are found, the fix will move them to a backup folder.
    2. If any autoruns are found on the root of your drives, it will kill explorer so that the registry entries in the MountPoint(s) key are fixed.
    3. It will produce two files, Part1.txt and Part2.txt , that will show the state before and after the cleaning.
    4. Please post the contents of Part1.txt and Part2.txt along with a fresh Hjackthis log in your next reply.
    ** It is important that you follow these directions exactly as given.



    F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat
     

    Attached Files:

  4. Coolashacka

    Coolashacka Thread Starter

    Joined:
    Mar 31, 2007
    Messages:
    3
    I was afk for a few days.
    Thank you very much, Cookiegal. Everything seems to be alright now!

    I have attached Part1.txt, Part2.txt and here is the hijack log:


    again: thank you very much, it was very kind of you! (y)
     

    Attached Files:

  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,988
    Do you recognize those items in the hosts file (O1s) and did you put them there intentionally?


    Be sure your flash drives are connected when you do this.


    I don't know if you forgot to do this but rescan with HijackThis and fix this entry:

    F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat


    I'm attaching a FixCool.zip file. Save it to your desktop. Unzip it and double click the FixCool.reg file and allow it to enter into the registry.


    I'm also attaching RunIt.zip. Unzip it to the same folder as the Clean Autoruns. It contains a script. Double click on it to run it. If you have any script blocking programs you need to allow the script to run. When prompted, select "no" as we don't want to clean again, we just want to obtain the part2.txt this time to see if the entry is gone now.
     

    Attached Files:

  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/556776

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice