Jump to content

sysWOW64.vbs, vbscript.dll in syswow64 - Not sure if this is malware/a virus! Help! undetected!


Recommended Posts

I dont really know if this is malware or not -- but it has a lot of hallmarks of malware. it is not being picked up, even though I have a vast array of system protections from firewall, MalwareBytes, Avast, ad-aware, spybot, and too much more to speak of -- I even use a VPN to protect my IP, so Im usually prepped up and ready for ANY threat from malware, to hacking to identity protection.

 

but this is different, scans pick up nothing! -- I noticed a strange, unknown file going by the name of a windows system file in MSConfig... It was calling itself SysWOW64 -- it was located in C:\Users\Josh\AppData\Roaming\syswow64.vbs -- it was set to automatically start -- and I KNOW the real syswow64 folder isnt a .vbs that starts up with the computer and hides in the roaming system folder.

 

I've seen reports online of someone with a syswow64 virus that contained a file in C:\Windows\SysWOW64 -- the file was vbscript.dll.

 

now I dont know if in their case, it WAS IN FACT originally a system file that got "infected" somehow. But I ALSO HAVE THIS FILE in my sysWOW64 folder.

 

so if it IS in fact specific to some kind of virus or malware, I do in fact have that.

 

I have gone and disabled syswow64 from windows startup, and I also renamed the .vbs file to syswow64.vbs.old just in case it IS in fact a system file and deleting it would cause troubles -- I could always boot to safe mode and rename it back.

 

besides in the roaming folder, it would just create another copy of itself somewhere else anyway -- and deleting the single file that starts up would NEVER get rid of it really, Id have to hit the source.

 

I DO NOT NOTICE any strange proceses running, any slowdowns, or any strange connections trying to make it past either malwarebytes OR my firewall. and I don't see ANY reports on this from avast, malwarebytes, ad aware, or ANY other tools available for scanning.

 

so basically I am unsure whether this is some kind of virus or malware, either new or poorly written, that just doesnt get detected -- and I dont know what to do about it if it is?

 

should I delete the .vbs file and the .dll? is there ANY report of this kind of thing I missed while googling anyone is aware of? please help!

Link to post
Share on other sites

I forgot to mention in the title that the syswow64.vbs is NOT in the syswow64 folder, it is in the APPDATA/ROAMING folder.

 

tbe vbscript.dll IS in the SysWOW64 folder.

 

I just wanted to clarify this since my title is a mess - if you read the WHOLE post, it explains in great detail

Link to post
Share on other sites

OK -- Here are the logs! Again, Im not sure if this IS malware or not -- it MAY not be -- but it is VERY PUZZLING why there would be a syswow64.vbs file thats supposed to load on startup -- as I KNOW windows doesnt have one by default. but if it isnt malware I will not complain -- I just want to make sure I dont have some hidden tracker thats undetectable at this point...

 

the logs are too long to post, so I have to attach them.FRST.txtAddition.txt

Link to post
Share on other sites

  • Root Admin

2015-06-02 14:35 - 2015-06-02 14:35 - 00203689 _____ C:\Users\Josh\Downloads\Captain.America.The.Winter.Soldier.2014.1080p.BluRay.x264-SPARKS-[rarbg.com].torrent

2015-06-03 06:56 - 2015-06-03 06:56 - 00000000 ____D C:\Users\Josh\Desktop\Focus.2015.1080p.BluRay.x264-SPARKS[rarbg]

2015-05-21 14:35 - 2015-05-21 14:36 - 00000000 ____D C:\Program Files (x86)\Grand.Theft.Auto.V.Crack.v3-3DM-Mbb

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.