Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
HOW TO REMOVE VBSMALWARE
   
BullGuard Antivirus Forum > Virus Removal > Removal Tools > HOW TO REMOVE VBSMALWARE  
Forum Quick Jump
 
New Topic Post reply to : HOW TO REMOVE VBSMALWARE Printable version of : HOW TO REMOVE VBSMALWARE
[ << Previous Thread | Next Thread >> ]

NICELLE
New Member


Date Joined Sep 2011
Total Posts : 7
  		   Posted 9/19/2011 6:33 AM (GMT +3)    Quote: HOW TO REMOVE VBSMALWAREAlert an admin about: HOW TO REMOVE VBSMALWARE
Hi..my computer are infected with VBS:Malware-gen virus...avast detects it..but can't delete it...pls help!!!


I ran Combofix and here is the log:
ComboFix 11-09-18.03 - User -09-19 星期一 10:57:09.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.1014.507 [GMT 8:00]
执行位置: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
注意 - 这台电脑没有安装恢复控制台 !!
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\documents and settings\User\My Documents\My Music\My Music.exe
c:\documents and settings\User\My Documents\My Pictures\My Pictures.exe
c:\documents and settings\User\My Documents\new folder.exe
c:\new folder\New Folder.exe
c:\program files\INSTALL.LOG
c:\program files\UNWISE.EXE
C:\setup.exe
c:\windows\ST6UNST.000
D:\autorun.inf
Pass LEGAL for license information. Built Sat Jun 25 23:20 2011c:\documents and settings\User\My Documents\2005.xls
.
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( 2011-08-19 至 2011-09-19 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-09-17 06:12 . 2004-11-17 09:11 65536 ----a-w- c:\windows\system32\EEBUtil.dll
2011-09-17 06:12 . 2004-11-17 08:04 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll
2011-09-17 06:12 . 2004-11-17 07:56 131072 ----a-w- c:\windows\system32\EEBAPI.dll
2011-09-17 06:12 . 2004-11-17 07:37 69632 ----a-w- c:\windows\system32\EBAPI.dll
2011-09-17 06:12 . 2003-12-16 17:01 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll
2011-09-17 06:12 . 2011-09-17 06:12 -------- d-----w- c:\program files\Common Files\EPSON
2011-09-17 06:10 . 2004-08-03 15:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-09-17 06:10 . 2004-08-03 15:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-09-17 01:41 . 2007-09-26 00:18 249994 --sha-r- C:\SSCVIIHOST.exe
2011-09-16 04:46 . 2011-09-16 04:46 -------- d-----w- c:\documents and settings\User\Application Data\searchqutoolbar
2011-09-16 04:46 . 2011-09-16 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-09-16 03:55 . 2011-09-16 03:55 -------- d-----w- c:\documents and settings\User\Application Data\Bandoo
2011-09-16 03:54 . 2011-09-16 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Bandoo
2011-09-16 03:54 . 2011-09-16 03:54 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Ilivid Player
2011-09-16 03:53 . 2011-09-16 03:54 -------- d-----w- c:\program files\Bandoo
2011-09-16 03:50 . 2011-09-16 03:50 -------- d--h--w- c:\documents and settings\All Users\Application Data\{94D867E5-DFF5-4374-ADEE-C3F5BE97F03A}
2011-09-16 03:48 . 2011-09-16 03:49 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-09-16 03:48 . 2011-09-16 03:48 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PackageAware
2011-09-14 06:53 . 2011-09-17 01:44 -------- d-----w- C:\logs
2011-09-14 06:53 . 2011-09-14 06:53 -------- d-----w- c:\documents and settings\User\ChikkaV5
2011-09-14 06:53 . 2011-09-14 06:53 -------- d-----w- c:\program files\Chikka Messenger
2011-09-13 01:45 . 2001-08-17 05:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-09-13 01:45 . 2001-08-17 05:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-09-07 01:29 . 2011-09-07 01:29 -------- d-----w- c:\documents and settings\User\Application Data\Rovio
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-18 01:26 . 2011-08-17 02:53 286720 ------w- c:\windows\Setup1.exe
2011-08-18 01:26 . 2011-08-17 02:53 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-08-18 00:35 . 2011-08-08 06:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 10:33 . 2011-08-17 10:33 1056768 ----a-w- c:\windows\system32\temp.002
2011-08-17 10:33 . 2011-08-17 10:33 30749 ----a-w- c:\windows\system32\temp.001
2011-08-17 10:03 . 2011-08-17 10:03 379152 ----a-w- c:\windows\system32\temp.000
2011-08-11 00:44 . 2011-08-08 06:09 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-11 00:44 . 2011-08-08 06:09 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-08 07:23 . 2011-08-08 06:50 69632 ----a-w- c:\windows\system32\MY3L_EX.DLL
2011-08-08 07:23 . 2011-08-08 06:50 53248 ----a-w- c:\windows\system32\NT_DLL2.DLL
2011-08-08 07:23 . 2011-08-08 06:50 135168 ----a-w- c:\windows\system32\YutianEx.DLL
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-08 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-12 17351304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-24 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
IPMSG for Win32.lnk - c:\program files\IPMsg\ipmsg.exe [2011-8-11 210432]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2011-9-17 131584]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-8-8 14:09 136360]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2011-8-8 14:52 81920]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2011-8-8 14:52 2732032]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-8-8 14:14 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-8-8 12:24 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-8-8 14:14 136176]
.
‘计划任务’ 文件夹 里的内容
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-08 06:14]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-08 06:14]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.searchqu.com//406
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 124.106.5.2 124.106.6.2
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\5i0ycwro.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com//406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=102&systemid=406&sr=0&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-YT Security Key Driver - c:\progra~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-19 11:03
Windows 5.1.2600 Service Pack 2 NTFS
.
扫描被隐藏的进程 。。。
.
扫描被隐藏的启动组 。。。
.
扫描被隐藏的文件 。。。
.
扫描完成
被隐藏的档案: 0
.
**************************************************************************
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\system32\conime.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\WINDOW~4\Datamngr\DATAMN~1.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bandoo\Bandoo.exe
c:\windows\system32\wscntfy.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
完成时间: 2011-09-19 11:08:01 - 电脑已重新启动
ComboFix-quarantined-files.txt 2011-09-19 03:07
.
Pre-Run: 7,897,862,144 bytes free
Post-Run: 7,898,595,328 bytes free
.
- - End Of File - - C483760C94DAE291710A6A3D0487FC32
Back to Top
 

Robert Mateescu
Forum Moderator




Date Joined Sep 2011
Total Posts : 212
  		   Posted 9/19/2011 4:46 PM (GMT +3)    Quote: HOW TO REMOVE VBSMALWAREAlert an admin about: HOW TO REMOVE VBSMALWARE
Hi NICELLE,

Here is what you need to do:

1. Reboot your PC in Safe Mode with Networking
2. Download HijackThis from here free.antivirus.com/hijackthis/?page=download (the executable version) and run it. Choose the "Do a system scan and save a log file" option to perform your scan.
3. Provide me with a detailed description of your issue.
4. Post your Avast and HijackThis logs here.

Cheers!

Robert Mateescu

Support Technician EN
support@bullguard.com
www.bullguard.com

Post Edited (Robert Mateescu) : 19-09-2011 14:41:37 GMT

Back to Top
 

NICELLE
New Member


Date Joined Sep 2011
Total Posts : 7
  		   Posted 9/20/2011 12:27 PM (GMT +3)    Quote: HOW TO REMOVE VBSMALWAREAlert an admin about: HOW TO REMOVE VBSMALWARE
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:27:14, on 2011-9-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IPMsg\ipmsg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Bandoo\Bandoo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SM1MT2.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WINDOW~4\Datamngr\BROWSE~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IPMSG for Win32.lnk = C:\Program Files\IPMsg\ipmsg.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\Program Files\Bandoo\Bandoo.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 6587 bytes
Back to Top
 

Robert Mateescu
Forum Moderator




Date Joined Sep 2011
Total Posts : 212
  		   Posted 9/20/2011 2:35 PM (GMT +3)    Quote: HOW TO REMOVE VBSMALWAREAlert an admin about: HOW TO REMOVE VBSMALWARE
Hi NICELLE,


I am afraid that you have not posted the Avira scanlog and a detaliated description of your issue.
However, here is what you need to do:

1. Uninstall Bandoo.
2. Save the scanlog in which the infection is detected, then uninstall Avira, Avast and Best Spyware Protection.
3. Download and install a free trial of BullGuard Internet Security 10 from here: www.bullguard.com/try/bullguard-internet-security.aspx.
4. Reboot your PC in Safe Mode with Networking, update BullGuard and run a full computer scan.
5. Return with the log saved on the 2nd step and BullGuard scanlog.

Cheers!

Robert Mateescu

Support Technician EN
support@bullguard.com
www.bullguard.com

Post Edited (Robert Mateescu) : 20-09-2011 12:22:16 GMT

Back to Top
 
New Topic Post reply to : HOW TO REMOVE VBSMALWARE Printable version of : HOW TO REMOVE VBSMALWARE
 
Forum Information
Currently it is Tuesday, May 21, 2013 9:12 PM (GMT +3)
There are a total of 59,520 posts in 13,139 threads.
In the last 3 days there were 1 new threads and 5 reply posts. View Active Threads
Who's Online
This forum has 34613 registered members. Please welcome our newest member, aadi95.
20 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
BullGuard Firewall and Windows Firewall (4)5/21/2013 5:24:46 AM (aadi95)
The NovaShield behavior analysis techniques (2)5/21/2013 12:28:32 AM (Robert Mateescu)
Bullguard online drive back up URL for Syncovery? (2)5/20/2013 10:11:29 AM (LogoLogics)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard Internet Security