vbs.runauto

View previous topic View next topic Go down

Re: vbs.runauto

Post by bryanc on 25th December 2011, 8:44 pm

It came back this morning :-(

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: VBS.Runauto
File: C:\Documents and Settings\BryanC\Local Settings\temp\DWH84B8.tmp
Location: Quarantine
Computer: WORKSTATION-H
User: BryanC
Action taken: Quarantine succeeded : Access denied
Date found: Monday, 26 December 2011 3:58:44 AM

bryanc
Intermediate
Intermediate

Posts Posts : 132
Joined Joined : 2009-05-24
OS OS : XP
Points Points : 29600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: vbs.runauto

Post by Belahzur on 30th December 2011, 1:43 am

Hello.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.10.254:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = nexus.*;nexus;10.10.10.1;


  • Press "Fix Checked"
  • Close Hijack This.

Reboot normally.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: vbs.runauto

Post by bryanc on 31st December 2011, 7:24 am

before I do this, Nexus is our office intranet that operates when I'm at work.
Will that be affected?


bryanc
Intermediate
Intermediate

Posts Posts : 132
Joined Joined : 2009-05-24
OS OS : XP
Points Points : 29600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: vbs.runauto

Post by Belahzur on 3rd January 2012, 1:11 am

Ahh yeah it might be, okay don't do that.

What issues currently still exist?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: vbs.runauto

Post by bryanc on 3rd January 2012, 6:36 am

same issues. Still get the nortons pop ups. though maybe not as often I'll send the log from the next one if you wish.

bryanc
Intermediate
Intermediate

Posts Posts : 132
Joined Joined : 2009-05-24
OS OS : XP
Points Points : 29600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: vbs.runauto

Post by bryanc on 5th January 2012, 8:11 pm

I take it back, they are just as often. That is almost continuous. I delete the Nortons message and another one appears within seconds.

here's the latest.
Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: VBS.Runauto
File: C:\Documents and Settings\BryanC\Local Settings\temp\DWH996C.tmp
Location: Quarantine
Computer: WORKSTATION-H
User: BryanC
Action taken: Quarantine succeeded : Access denied
Date found: Friday, 6 January 2012 7:00:21 AM

bryanc
Intermediate
Intermediate

Posts Posts : 132
Joined Joined : 2009-05-24
OS OS : XP
Points Points : 29600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: vbs.runauto

Post by bryanc on 14th January 2012, 11:21 pm

Sorry I should have sent log much sooner. They are still happening constantly.
Here's the latest log. Same as the rest :-(

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: VBS.Runauto
File: C:\Documents and Settings\BryanC\Local Settings\temp\DWHE517.tmp
Location: Quarantine
Computer: WORKSTATION-H
User: BryanC
Action taken: Quarantine succeeded : Access denied
Date found: Sunday, 15 January 2012 10:21:23 AM

bryanc
Intermediate
Intermediate

Posts Posts : 132
Joined Joined : 2009-05-24
OS OS : XP
Points Points : 29600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: vbs.runauto

Post by bryanc on 24th January 2012, 7:43 pm

does this one have you stumped :-)

bryanc
Intermediate
Intermediate

Posts Posts : 132
Joined Joined : 2009-05-24
OS OS : XP
Points Points : 29600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: vbs.runauto

Post by Belahzur on 25th January 2012, 6:30 pm

Yes :/ everything looks fine, not sure what's causing it, not sure where the autorun is coming from, everything looks fine.

Are you using any external hardware?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: vbs.runauto

Post by bryanc on 30th January 2012, 1:24 am

I use external hard drives reasonably regulary. I plug a phone in to charge. I use usb sticks and cards. It has a couple of card readers I have added to existing slots in teh side.

VBS Runauto is supposed to be a virus that attaches itself to cards isn't it.

I once tried clening the computer then not using the cards for a while, but it came back anyway.

bryanc
Intermediate
Intermediate

Posts Posts : 132
Joined Joined : 2009-05-24
OS OS : XP
Points Points : 29600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: vbs.runauto

Post by Belahzur on 31st January 2012, 1:24 am

Yeah it is.

The machine is clean, but some of the externel hardware is infected.


  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Show hidden files and folders.
  6. Uncheck (untick) Hide extensions of known file types.
  7. Uncheck (untick) Hide protected operating system files (Recommended).
  8. Click Yes when prompted.
  9. Click OK.
  10. Close My Computer.


Plug in any/all external hardware and look through the root of the drive for an autorun folder, or an autorun.inf/autorun.ini/autorun.pnf file, or any weirdly named files, could be cmd/bat files, if so, delete them - they are all malicious.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: vbs.runauto

Post by bryanc on 4th February 2012, 8:50 pm

I can't find anything.
I have removed the two card readers and the other thing I connect most often is my phone.

If you could confirm that the laptop is clean and I keep all external hardware away from it we could check to see if the bug is on the laptop or an accessary couldn't we.

I did that last time and the bug came back before I reconnected anything.

What do you think?

bryanc
Intermediate
Intermediate

Posts Posts : 132
Joined Joined : 2009-05-24
OS OS : XP
Points Points : 29600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: vbs.runauto

Post by bryanc on 4th February 2012, 8:52 pm

The only thing hard to keep out of this test would be the office network :-(

bryanc
Intermediate
Intermediate

Posts Posts : 132
Joined Joined : 2009-05-24
OS OS : XP
Points Points : 29600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: vbs.runauto

Post by Belahzur on 11th February 2012, 12:08 am

Hmmm, not sure.

Might be best to format the externel hardware, take off anything you want and format them just to be sure.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: vbs.runauto

Post by bryanc on 11th February 2012, 1:15 am

Thankyou, done that.

can we run a scan to see if the computer is clean, then not connect any external hardware to see if it stays that way?

bryanc
Intermediate
Intermediate

Posts Posts : 132
Joined Joined : 2009-05-24
OS OS : XP
Points Points : 29600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: vbs.runauto

Post by bryanc on 12th February 2012, 1:13 am

I found this on a Toshiba Thumb Drive. It's called autorun.inf but it looks OK to me.

It does go away with a format.

"[AutoRun]
open=LaunchU3.exe -a
icon=LaunchU3.exe,0

[Definitions]
Launchpad=LaunchPad.exe
Vtype=1

[CopyFiles]
FileNumber=1
File1=LaunchPad.zip
[Update]
URL=http://www.toshiba.co.jp/p-media/english/u3/update/"

bryanc
Intermediate
Intermediate

Posts Posts : 132
Joined Joined : 2009-05-24
OS OS : XP
Points Points : 29600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: vbs.runauto

Post by bryanc on 27th February 2012, 7:25 pm

Hello, I've been away for two weeks so no activity on my computer :-)

Just got back saw the error message again.

In the post above I meant "It does NOT go away with a format"

do you think doing a scan once more to confirm the compter is clean and then keeping all accessories away from it to see if the message comes back would confirm the bug is on the computer and not an external drive?

see ya

bryanc
Intermediate
Intermediate

Posts Posts : 132
Joined Joined : 2009-05-24
OS OS : XP
Points Points : 29600
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum