Jump to content
lehart

Wscript.exe outbound connection

Recommended Posts

Hi MalwareBytes keeps throwing up a pop-up to tell me it is blocking an outbound connection from Wscript.exe. it is coming from a website called "usa-m.duckdns.org" - I've searched the forums and found some previous information on this fix and I understand you need a log file from me, so please find that file attached in this comment. 

Thank You

Addition_04-04-2020 10.52.52.txt FRST_04-04-2020 10.52.52.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I suggest you enable ESET.
AV: ESET Security (Disabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}

The Addition.txt logs reports some problem with this program.
You may have to remove it and reinstall it when your problem is solved.

If needed.
Eset

Uninstall ESET manually using the ESET uninstaller tool
https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool
Download and run the program.
<<<>>>

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know if the problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites


Hi,

Some thing went wrong.

Please try this.

Execute the Farbar program as an Administrator.
How to:
Right click on the program and select Run As An Administrator.

If the new Fixlog.txt reports that the files/folders are not found run this program.


--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

p.s.

If the fix work post the log and let me know what problem persists.

Share this post


Link to post
Share on other sites

fixlog reported that the files were missing and below is results from Rogue Report

 

RogueKiller Anti-Malware V14.4.0.0 (x64) [Apr  1 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18362) 64 bits
Started in : Normal mode
User : JLP [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200401_101244, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2020/04/04 20:29:21 (Duration : 00:04:38)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.DriverPack (Potentially Malicious)] (folder) DRPSu -- C:\Users\JLP\AppData\Roaming\DRPSu -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

Share this post


Link to post
Share on other sites

Hi,

This entrie should have been removed in my previous fix.

Task: {13F0A54D-252A-435A-A0DC-A406E902F947} - System32\Tasks\microsoft\windows\windowsupdate\clean => cmd.exe /c attrib -h -s C:\Users\JLP\AppData\Roaming\*.exe & attrib -h -s C:\Users\JLP\AppData\Roaming\*.bat & del C:\Users\JLP\AppData\Roaming\*.bat & del C:\Users\JLP\AppData\Roaming\svchosts.exe

Sorry, I missed it.

---

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Run the RogueKiller tool and delete this item.
[PUP.DriverPack (Potentially Malicious)] (folder) DRPSu -- C:\Users\JLP\AppData\Roaming\DRPSu -> Found

Restart the computer normally.

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.