Jump to content

Verecno worm


Go to solution Solved by Earthshine,

Recommended Posts

Hello,im new there i have a problem after removing the verecno worm that infected my computer by my usb key theres a problem left after the removing the infected autoit exe in the google folder and i also removed the stuff in the skypee folder 

sorry for my bad english i hope you understand.

the picture below says that "windows couldnt find C:\Google\Autoit3.exe Verify you entered the correct name,then try again"fggf.PNG.e0062d5f42f3dcdc605d223e3cb7e1bb.PNG

Link to post
Share on other sites
24 minutes ago, Luke94 said:

I assume you're trying to run AutoIt?

Are you trying to run AutoIt via a Desktop Shortcut?

no it pop in startup of windows and how to remove it at startup

Link to post
Share on other sites

It is starting from one of the four possibilities :

1- From startup directory

2- From registry run

3- From task manager

4- From service manager

You need to look at all of these to see where it is starting from and delete it...

Link to post
Share on other sites
2 minutes ago, Luke94 said:

Hold the Windows key and press R to open Run.

In the Open field, type:

shell:startup

Is there a shortcut in there pointing to "C:\Google\Autoit3.exe"?

nothing there

zrezdedezdad.PNG

Link to post
Share on other sites
2 minutes ago, Nine said:

It is starting from one of the four possibilities :

1- From startup directory

2- From registry run

3- From task manager

4- From service manager

You need to look at all of these to see where it is starting from and delete it...

where can i find it in reg run? and startup directory?

Link to post
Share on other sites

image.thumb.png.5b9a085521483b680dad1cdfa88a938f.png

That's the file it's attempting to launch.

32 minutes ago, Earthshine said:

then you can right click and delete it from registry. run it in administrator mode so you can delete the offending startup registry entry

 

Link to post
Share on other sites
3 minutes ago, Luke94 said:

I assume like @Earthshine said, right-click and delete it from the registry?

hey thank you for the help it no longer pops up it just the cmd windows try to open but fastly closes you dont have the time to see it but the important thing it no longer show that message 

Link to post
Share on other sites
5 minutes ago, Luke94 said:

I assume like @Earthshine said, right-click and delete it from the registry?

i will mark your message as a solution thank you so much!!!!!! 

i was stuck with this for months you are a life saver!!!!

Link to post
Share on other sites
  • Developers
1 minute ago, Abdel said:

but the important thing it no longer show that message 

Serious? Why would that not be important? 

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to post
Share on other sites
Posted (edited)
1 hour ago, Luke94 said:

image.thumb.png.2937f284ff1976f9e4fb584623c6275f.png

I'd maybe also take a look at that VBScript - not sure if that's normal?

dzaedazdzd.PNG.a25898e08684b7275c0dbca90de7531a.PNG

here is the file i found it in a folder named windows update files that looks so suspicious for me.

 

Edited by Jos
removed potential virus
Link to post
Share on other sites
  • Jos locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...