2

So, long time ago I got a malware from a pendrive, it cloned a directoy on my system32 folder and attempted to do bitcoin mining on my pc. After that, every new pendrive connected to my pc would also get the folder copied from my system32 to the pendrive. So after I found the source, I deleted the directory and every registry about it from regedit, and it worked fine. There's only one thing missing, everytime I turn out the computer a Windows Script Host error would show up saying "Cannot find file C:\system\system.vbs" (which was in the folder I purged) and even after I close it, it would show up again, so that means there's still the process that tries to execute that vbs.

Is there a way to find the source of the windows script host error? Or the process that's executing it?

So I can 100% purge this malicious thing at last

kevin miranda
  • 21
  • 1
  • Yep ! I think that your issue is like this thread [Im getting a Windows Script Host error on bootup](https://www.computing.net/answers/windows-10/im-getting-a-windows-script-host-error-on-bootup/2187.html) – Hackoo Jun 06 '20 at 21:46
  • I updated my batch script in order to find the location of the malware and get its source code too ! ==> **[Processes_Services_Tasks_Startup.bat](https://pastebin.com/ZvWS1XL6)** – Hackoo Jun 06 '20 at 21:58
  • Hi, I ran your bat and got a file with a bunch of programs name it seems but I can't quite tell which one is the culprit, how can I find out after getting the file @Hackoo – kevin miranda Jun 07 '20 at 17:58
  • Found it and purged it, thanks alot for your help! to bad it got closed mark you answer as accepted :( – kevin miranda Jun 07 '20 at 18:04

0 Answers0