Jump to content

TP Worm v2.9 begins on start up, worried, google doesn't help.


Recommended Posts

I got a worm in my system, I have no idea what it does but it tries to open up when I start my computer, I learned about it because after scanning and restarting, it would give a failed to start error message. I tried a full scan this time but it is still there as well as just deleting it manually to no avail.

 

Opening it in notepad gives the header:

'TP Worm v2.9
'Thanx To :  Njq8 & HOUDINI
On Error Resume Next
dim dfghcbxc ' shell
set dfghcbxc =WScript.CreateObject("WScript.Shell")
dim fdghtryzrbvcx ' filesystem
set fdghtryzrbvcx= CreateObject("Scripting.FileSystemObject")
dim fghgdrterzer
fghgdrterzer="No"
if fdghtryzrbvcx.fileexists(dfghcbxc.ExpandEnvironmentStrings("%windir%") & "\Microsoft.NET\Framework\v2.0.50727\vbc.exe") then
fghgdrterzer="Yes"

 

followed by a lot of gibberish. I'm really worried to do any of my banking on my computer so I've been going to the bank personally which is very inefficient.

Addition.txt

FRST.txt

Link to post
Share on other sites

Hi DeltronFox, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Please uninstall Google Chrome completely as it has been patched to developer's mode.


  • Step #1 Fix with FRST

    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.

    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --

      StartCreateRestorePoint:ClosePrcosses:Emptytemp:HKLM\...\Run: [System.vbs] => C:\Users\DeltronFox\AppData\Roaming\System.vbs [9666 2015-03-26] ()HKLM-x32\...\Run: [System.vbs] => C:\Users\DeltronFox\AppData\Roaming\System.vbs [9666 2015-03-26] ()Startup: C:\Users\DeltronFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DD8.lnkShortcutTarget: DD8.lnk -> C:\ProgramData\{d865b5cd-b187-edbf-d865-5b5cdb18d736}\DD8.exe (No File)Startup: C:\Users\DeltronFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.vbs ()CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONC:\Users\DeltronFox\AppData\Roaming\System.vbsC:\Users\DeltronFox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.vbsEnd
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.

  • Required Log(s):
    • Farbar tool log(s) --
      • FRST.txt
      • Addition.txt
Regards,

Valinorum

Link to post
Share on other sites
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.