Rem-VBSworm v7.0 =========== - General info: Running under: mohcine on profile: C:\Users\mohcine Computer name: MOHCINE-PC Operating System: Microsoft Windows 10 Professionnel Boot Mode: Normal boot Antivirus software installed: ESET Smart Security 9.0.318.30 Windows Defender Executed on: 13/04/2016 @ 20:13:20,41 =========== - Drive info: Listing currently attached drives: Caption Description VolumeName C: Disque mont‚ local D: Disque mont‚ local E: Disque mont‚ local F: Disque mont‚ local G: Disque mont‚ local Disque local H: Disque CD-ROM I: Disque mont‚ local K: Disque mont‚ local V: Disque mont‚ local Y: Disque mont‚ local P Physical drives information: C: \Device\HarddiskVolume1 NTFS D: \Device\HarddiskVolume7 FAT E: \Device\HarddiskVolume3 NTFS F: \Device\HarddiskVolume6 NTFS G: \Device\HarddiskVolume8 NTFS Y: \Device\HarddiskVolume9 FAT K: \Device\HarddiskVolume10 NTFS V: \Device\HarddiskVolume11 NTFS =========== - Disinfection info: Op‚ration r‚ussieÿ: le processus avec PID 3228 a ‚t‚ termin‚. Informationÿ: aucune tƒche en service ne correspond aux critŠres sp‚cifi‚s. =========== - Shortcut info: Shortcut: "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\RealPlayer Cloud Service UI.lnk" ---------------------------------------------------------------- =========== - Scheduled tasks info: Commentaire: Collecteur d'informations r‚seau Panda USB Vaccine was downloaded =========== - USB drive info: i: selected USB Device ID: IDE\DISKST3250820AS_____________________________3.ADG___\5&7935F70&0&0.0.0 USBSTOR\DISK&VEN_ST950032&PROD_5AS&REV_\M6116A016V20&0 IDE\DISKST3160812AS_____________________________3.AAE___\5&1A4D1015&0&1.0.0 Listing root contents of i: USB drive disinfected and files unhidden =========== - USB drive info: v: selected USB Device ID: IDE\DISKST3250820AS_____________________________3.ADG___\5&7935F70&0&0.0.0 USBSTOR\DISK&VEN_ST950032&PROD_5AS&REV_\M6116A016V20&0 IDE\DISKST3160812AS_____________________________3.AAE___\5&1A4D1015&0&1.0.0 Fichier supprim‚ - v:\Autorun.inf\lpt1.UsbFix WARNING Listing root contents of v: Le volume dans le lecteur V n'a pas de nom. Le num‚ro de s‚rie du volume est F8F6-34F6 R‚pertoire de V:\ 23/06/2015 01:39 14ÿ053ÿ721ÿ318 WPI.rar 24/03/2016 00:33 54ÿ049 ????? ????? ????? 2.xlsx 02/04/2016 15:49 tal 02/04/2016 15:55 FormationMOS 05/04/2016 20:07 102ÿ873ÿ760 ess_nt64_are.exe 05/04/2016 20:29 1ÿ648 KEY ESET 9+.txt 05/04/2016 20:57 22ÿ851ÿ472 mbam-setup-2.2.1.1043.exe 05/04/2016 21:11 3ÿ914 1458850137812.rar 10/04/2016 16:51 $RECYCLE.BIN 10/04/2016 23:26 Autorun.inf 6 fichier(s) 14ÿ179ÿ506ÿ161 octets 5 R‚p(s) 99ÿ338ÿ792ÿ960 octets libres USB drive disinfected and files unhidden =========== - USB drive info: y: selected USB Device ID: IDE\DISKST3250820AS_____________________________3.ADG___\5&7935F70&0&0.0.0 USBSTOR\DISK&VEN_ST950032&PROD_5AS&REV_\M6116A016V20&0 IDE\DISKST3160812AS_____________________________3.AAE___\5&1A4D1015&0&1.0.0 Fichier supprim‚ - y:\WPI\Common\Installer.hta Fichier supprim‚ - y:\WPI\Common\WPI.hta Fichier supprim‚ - y:\WPI\Tools\WPI_DiscChanger.hta Fichier supprim‚ - y:\WPI\WPIScripts\pause.vbs Fichier supprim‚ - y:\WPI\Install\MSO2007\trz88.tmp Fichier supprim‚ - y:\WPI\Install\MSO2007\trz8E.tmp Fichier supprim‚ - y:\WPI\Install\MSO2007\trz8F.tmp Fichier supprim‚ - y:\Autorun.inf\lpt1.UsbFix WARNING Listing root contents of y: Le volume dans le lecteur Y s'appelle P Le num‚ro de s‚rie du volume est 07F6-382F R‚pertoire de Y:\ 24/05/2015 12:09 WPI 02/04/2016 19:54 $RECYCLE.BIN 03/04/2016 17:21 247 Key.txt 05/04/2016 20:11 3ÿ914 1458850137812.rar 08/04/2016 20:52 doc ferhat 10/04/2016 23:26 Autorun.inf 2 fichier(s) 4ÿ161 octets 5 R‚p(s) 97ÿ331ÿ970ÿ048 octets libres USB drive disinfected and files unhidden Windows Script Host was disabled by the user Panda USB Vaccine was downloaded ===================================================== Scan finished at: 22:19:58,61 Send this log only if requested by a helper. ===================================================== Made by @bartblaze Tool to delete VBS autorun worm and unhide files Quarantine folder on: C:\Rem-VBSqt Info: http://bartblaze.blogspot.com/2014/02/remediate-vbs-malware.html