Contact Us

Home > Infected By > Infected By Nar.vbs And VBS/AutoRun.S Worm

Infected By Nar.vbs And VBS/AutoRun.S Worm

Being searching for weeks without end to rid my jump dirives of autorun messages using avas antivirus.Tried tons of software and almost lost it trying to use some Dos commands. share|improve this answer answered Sep 19 '15 at 17:44 harrymc 195k7171421 add a comment| up vote 0 down vote There's a chance that other operating systems won't have a problem accessing O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253 O17 - HKLM\System\CS1\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253 O17 - Starting to scan the registry. navigate here

Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! In this way, it will be able to propagate across users' machines. NarzE Says: December 9, 2008 at 12:28 am | Reply Many thx (from Thailand) 😀 Sania Says: December 15, 2008 at 5:29 am | Reply This is great. nar.vbs, VBS/AutoRun.S worm... http://www.bleepingcomputer.com/forums/t/184788/infected-by-narvbs-and-vbsautoruns-worm/

that's it. Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! eXPeri3nc3 Says: September 16, 2008 at 11:09 pm | Reply Erm can you back up your important items in your pendrive and format it directly? thanks a loooooooooooot!

Now i think my system is pretty clean. I tried to do the same thing to my falshdrive but unfortunately autorun.nf is still being detected by AVG even after running the flash disinfector many times. Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher). That way there's less of a chance that any hidden partitions (that the virus may have created) remain after you've formatted it.

chaslang, Dec 9, 2008 #2 (You must log in or sign up to reply here.) Show Ignored Content Share This Page Your name or email address: Do you already have an Do not assume that because one step does not work that they all will not. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

McAfee® NOD32 is freaking out ...

If you require support, please visit the Safety & Security Center.Other Microsoft sitesWindowsOfficeSurfaceWindows PhoneMobile devicesXboxSkypeMSNBingMicrosoft StoreDownloadsDownload CenterWindows downloadsOffice downloadsSupportSupport homeKnowledge baseMicrosoft communityAboutThe MMPCMMPC Privacy StatementMicrosoftCareersCitizenshipCompany newsInvestor relationsSite mapPopular resourcesSecurity and privacy it works magic. mais je n'ai absolument rien compris... :s) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:18:24, on 28/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot I was running no antivirus or spyware removal software, so I got eset NOD32 and it found nar.vbs on both of my drives and supposedly 'quarantined' it.

Anyways, still good. 😉 Kevin Says: October 13, 2009 at 7:40 am | Reply Thanks so much for posting this! http://forums.majorgeeks.com/index.php?threads/nar-vbs-vbs-autorun-s-worm.176074/ thanks!! I deleted these files in safe mode, but im not naive enough to think that got rid of this thing. Here is a quarantine log from NOD32: I did complete all the steps from the sticky...

I tried several other things from other forums and flash disinfector finally cleaned up my problem of accessing my C: from Windows Explorer. http://lsthemes.com/infected-by/infected-by-worm-koobface.html Back to Top Back To Overview View Removal Instructions All Users:Use current engine and DAT files for detection and removal. thanks again for the flash disinfector for takin out that destrukto crap. the capacity is 4gigabyte and is made from China..

Again, thanks. I am still suffering with this problem. thanks a lot …mabuhay ka!! http://lsthemes.com/infected-by/infected-by-autorun-vbs-virus-need-help.html Fill in your details below or click an icon to log in: Email (required) (Address never made public) Name (required) Website You are commenting using your WordPress.com account. (LogOut/Change) You are

I run it, but I had running the Internet Explorer with the Kaspersky Online Scan. can it be removed? Keep it up!

Alternatively this may be installed by visiting a malicious web page (either by clicking on a link), or by the website hosting a scripted exploit which installs the worm onto the

The friggin folder is there for a reason, why remove it? In this way, it will be able to propagate across users' machines. This is normal. Cartoon vs Real Life Bores?---(Pointy vs Flat kind) Output programming language name For fiction purposes, are there any reserved or non-existent top-level-domains writers can use in stories?

Virus Support Says: November 1, 2011 at 11:51 am | Reply Virus Support… […]Flash Disinfector « eXPeri3nc3′s Corner[…]… Como eliminar el autorun.inf Says: November 7, 2011 at 4:29 pm | Reply Ranjeet Says: January 6, 2008 at 6:59 pm | Reply Hey Buddy!!!!! Make sure the disk is not full or write-protected and that the file is not currently in use." but my disk is not full nor write protected. weblink shizznats, Dec 7, 2008 #1 chaslang MajorGeeks Admin - Master Malware Expert Staff Member Welcome to Major Geeks!

then i tried mozilla firefox: but after download it says "C:\Documents and Settings\PC_4\Desktop\Flash_Disinfector.exe could not be saved, because you cannot change the contents of that folder. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). Just allow F_D to run. cool!