MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 07-12-08, 13:19
viajera viajera is offline
Private E-2
 
Join Date: Jun 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy New problems - wscript.exe error

Well chaslang I made it almost a month with no problems after all your help!!! Unfortunately I've hit a bump in the road. It all started after I updated Windows to SP3. Things just haven't been the same...

I started getting wscript.exe warnings (they come in twos) from Online Armor every time I used Outlook Express. The warning tells me that the file says its name is windows32 wscript.exe but that it contains the same data as windows32 wscript.exe. I keep blocking them and they keep coming back. I ran Spyware Doctor and Malwarebytes but they didn't show anything.

Thursday night I went onto Myspace (against my better judgement, but we're trying to find an old friend) and as soon as I opened a page I thought might be hers, my browser started trying to open "about:" and then dozens of sessions opened with connection failures. I had to hard reboot to get out.

I ran Spyware Doctor again and it found backdoor.vb.ays and Trojan-PWS.Bancos. Stupidly I hit "more info" and SD attempted to launch explorer but I had turned off the modem. It started launching millions of browsers again and I wasn't able to get out without hard reboot again. Spyware Doctor reported that those infections were quarantined but I didn't feel confident since the process didn't end normally.

I went through all the Malware Removal faq steps. At some point during this process I started to receive warnings that a process wanted to redirect certain websites, saying if I typed "www.blahblah" (one of these was something like www.sex-101) it would redirect to a URL which was located in LOCALHOST. I blocked all this action but I'm quite alarmed at this point.

I appreciate your advice! Logs attached.
Attached Files
File Type: txt SASlog.txt (465 Bytes, 1 views)
File Type: txt mbamlog.txt (829 Bytes, 1 views)
Reply With Quote
Sponsored links
  #2  
Old 07-12-08, 13:21
viajera viajera is offline
Private E-2
 
Join Date: Jun 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Remaining logs

Last two attached.
Attached Files
File Type: txt ComboFix.txt (19.2 KB, 1 views)
File Type: zip MGlogs.zip (79.1 KB, 1 views)
Reply With Quote
  #3  
Old 07-12-08, 13:55
viajera viajera is offline
Private E-2
 
Join Date: Jun 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Clarification on wscript.exe error

My note was vague.
The warning states that it's identifying itself as
c:\WINDOWS\system32\wscript.exe but that it contains the same data as
c:\WINDOWS\system32\wscript.exe
That is confusing to me...
Reply With Quote
  #4  
Old 07-12-08, 22:35
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,344
Thanks: 61
Thanked 7,649 Times in 4,121 Posts
Default Re: New problems - wscript.exe error

I move your new messages into a new thread. New problems or new PC should always be a new thread.

wscript.exe is not malware. It is part of WIndows. See: http://www.liutilities.com/products/...brary/wscript/

When you install new software, you need to again allow things to have access thru firewalls. Even if you updated a program like FireFox, the new firefox.exe would still require approval since it is not the same file.

You should not be blocking loopback of malware URLs to localhost. This is what programs like Spybot and many others add to your hosts file to protect you.

Your logs are clean.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter

Last edited by chaslang; 07-12-08 at 22:42..
Reply With Quote
  #5  
Old 07-13-08, 01:41
viajera viajera is offline
Private E-2
 
Join Date: Jun 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: New problems - wscript.exe error

Okay, thank you again and sorry for the posting faux pas. I was on the fence about whether I should start a new thread or not, but now I know. Since I was getting red alerts advising me to block the wscript.exe, I googled it but what I learned was confusing. I'll go back and figure out what I have blocked that causes it to ask me every time. Also, thanks for the info on looping. I will sleep better :-)
Reply With Quote
Sponsored links
  #6  
Old 07-13-08, 21:38
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,344
Thanks: 61
Thanked 7,649 Times in 4,121 Posts
Default Re: New problems - wscript.exe error

You're welcome.

Quote:
Originally Posted by viajera View Post
I'll go back and figure out what I have blocked that causes it to ask me every time.
It is not a matter of what you have blocked. It is normally a matter of answer your firewall properly. With firewalls you can tell them to do something one time only or you can tell them to do something and always take the same action automatically without asking you again. So to stop it from asking you the same question over and over, tell it what action you want it to take and look for a check box or option that says something like "Always take the same action".
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
IE7 script error/ other problems yusky03 Software 6 11-01-06 15:16
wscript.exe question roddinron Software 5 05-01-06 09:01
wscript captain jack Software 0 11-07-05 12:38
FATAL ERROR Problems BIKE Software 1 09-25-05 15:15
error message problems popskb Hardware 3 03-03-05 21:09


All times are GMT -5. The time now is 01:14.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger