Rem-VBSworm v6.0 ======================================================== - General info: Ran by Yasser on profile C:\Users\Yasser Ran on PC IPv4: 192.168.1.5 Microsoft Windows 10 Home Single Language Normal boot Windows Defender Kaspersky Internet Security Sat 03/05/2016 16:40:22.12 ======================================================== - Drive info: Listing currently attached drives: Caption Description VolumeName C: Local Fixed Disk TI30963000B D: CD-ROM Disc E: Local Fixed Disk í¥§¡ ¢¦ªïë ¤§ï§¡ G: Local Fixed Disk USB-1 Physical drives information: C: \Device\HarddiskVolume4 NTFS E: \Device\HarddiskVolume6 NTFS G: \Device\HarddiskVolume12 NTFS ======================================================== - Disinfection info: SUCCESS: The process with PID 9192 has been terminated. INFO: No tasks running with the specified criteria. ======================================================== - Shortcut info: Shortcut: "C:\Users\Yasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk" ---------------------------------------------------------------- ======================================================== - USB info: g: selected USB Device ID: SCSI\DISK&VEN_ATA&PROD_TOSHIBA_MQ01ABD1\4&14833066&0&000000 USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_BLADE&REV_1.26\4C530499960624117535&0 Listing root contents of g: 12/08/2015 05:55 PM 165 ~$Firewalls.ppt 02/02/2016 11:46 PM KAU_Old 02/03/2016 07:19 PM found.000 02/12/2016 09:38 PM 10,104,832 VisualSVN-Server-3.5.0-x64.msi 02/16/2016 04:12 PM 126,101 CPIT 498 First and Final Report Template.docx 02/16/2016 10:36 PM CPTD-440 02/17/2016 06:05 PM $RECYCLE.BIN 02/19/2016 11:19 PM CPTD-435 02/29/2016 05:50 PM 353,402 5.1.3.7 Lab - Configuring 802.1Q Trunk-Based Inter-VLAN Routing.pdf 03/01/2016 12:02 AM New folder 03/05/2016 12:32 PM CPTD-470 03/05/2016 02:21 PM CPTD-499 4 File(s) 10,584,500 bytes 8 Dir(s) 46,928,789,504 bytes free USB drive disinfected and files unhidden G:\: selected USB Device ID: SCSI\DISK&VEN_ATA&PROD_TOSHIBA_MQ01ABD1\4&14833066&0&000000 USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_BLADE&REV_1.26\4C530499960624117535&0 Listing root contents of G:\: USB drive disinfected and files unhidden Panda USB Vaccine was downloaded Windows Script Host was disabled by the user Windows Script Host was (re-)enabled by the user User selected option D but did not enable or disable the WSH ======================================================== Scan finished at: 16:46:27.64 Send this log only if requested. ======================================================== Made by @bartblaze Tool to delete VBS autorun worm and unhide files Quarantine folder on: C:\Rem-VBSqt Info: http://bartblaze.blogspot.com/2014/02/remediate-vbs-malware.html