Hello There, Guest!
View New Posts  |  View Today's Posts
drivers.vbs

  • 0 Vote(s) - 0 Average


01-17-2013, 05:29 AM #1
kerplunk
Legen.. *wait for it* ..dary!
***
Posts: 259 Threads:55 Joined: Dec 2011 Reputation: 1

drivers.vbs
So i come home from school and turn on my laptop and there's this file that's been added to startup called driver.vbs location is in C:\Kernels\driver and inside is also a hidden explorer.exe.

So I'm pretty sure it's malware, i googled what it is and one site said that it's from a RAT called PoisonIvy.

I deleted those files successfully and was wondering what other advice you guys could give me. If it's true that it is indeed a RAT, then information from this laptop may have been stolen :(

My current OS is Windows 8 and I'm using Comodo Internet Security.

01-17-2013, 07:18 AM #2
RDCA
Senior Member
***
Posts: 278 Threads:10 Joined: Jun 2011 Reputation: 9

RE: drivers.vbs
Please download OTL from one of the following links
  • LINK 1
  • LINK 2
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in;

    Quote:netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*.* /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\Kernels\driver\*.*
    %systemroot%\system32\drivers\*.sys /180

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.
This post was last modified: 01-17-2013, 07:21 AM by RDCA.

01-18-2013, 03:20 AM #3
Adriana
Senior Member
***
Posts: 300 Threads:53 Joined: Jan 2013 Reputation: 0

RE: drivers.vbs
I see OTL is quite a powerful tool, lots of users recommend it. Is this method recommended for all malware or for something as specific as kerplunk described?

01-18-2013, 07:13 AM #4
RDCA
Senior Member
***
Posts: 278 Threads:10 Joined: Jun 2011 Reputation: 9

RE: drivers.vbs
It's not really a tool for people to use unless you're being helped by a helper. As it produces a log which needs to be analyzed, and from that a fix needs to be made. Though, I did add one line to the scan portion of the code to check for something.
This post was last modified: 01-18-2013, 07:13 AM by RDCA.

03-11-2013, 01:10 PM #5
jvanroos
Junior Member
**
Posts: 2 Threads:0 Joined: Mar 2013 Reputation: 0

RE: drivers.vbs
Hello,

I just had the error message of driver.vbs when starting up. I found a hidden directory c:\kernels\driver . I also ran the OTL. What would be the next step (i am a new member and a little stressed by this potential virus).

thanks for your help

jos

03-11-2013, 02:32 PM #6
KoBE
¯\_(ツ)_/¯
******
Global Moderators
Posts: 4,862 Threads:494 Joined: Jun 2011 Reputation: 67

RE: drivers.vbs
(03-11-2013, 01:10 PM)jvanroos Wrote:  Hello,

I just had the error message of driver.vbs when starting up. I found a hidden directory c:\kernels\driver . I also ran the OTL. What would be the next step (i am a new member and a little stressed by this potential virus).

thanks for your help

jos

Are you saying you're experiencing the same problem as the OP? If so, read he bottom of RDCA's post:

RDCA Wrote:
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

03-12-2013, 02:31 PM #7
jvanroos
Junior Member
**
Posts: 2 Threads:0 Joined: Mar 2013 Reputation: 0

RE: drivers.vbs
(03-11-2013, 02:32 PM)KoBE Wrote:  Hello, thanks for the reply. I removed the Kernels directory and checked registry and system directorys for contamination; i did not find anything. I ran Kaspersky from rescue disk, nothing found. So I think Windows 8 defender did its work or should I perform other checks? Everthing seams to work fine.
(03-11-2013, 01:10 PM)jvanroos Wrote:  Hello,

I just had the error message of driver.vbs when starting up. I found a hidden directory c:\kernels\driver . I also ran the OTL. What would be the next step (i am a new member and a little stressed by this potential virus).

thanks for your help

jos

Are you saying you're experiencing the same problem as the OP? If so, read he bottom of RDCA's post:

RDCA Wrote:
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Hello, thanks for the reply. I removed the Kernels directory and checked registry and system directorys for contamination; i did not find anything. I ran Kaspersky from rescue disk, nothing found. So I think Windows 8 defender did its work or should I perform other checks? Everthing seams to work fine.
This post was last modified: 03-12-2013, 02:41 PM by jvanroos.

12-31-2013, 11:06 PM #8
Street_C0der
Junior Member
**
Posts: 1 Threads:0 Joined: Dec 2013 Reputation: 0

RE: drivers.vbs
^_^ it's not a Rat it's spreading worm via usb
you can't remove it in this way ...




Forum Jump:



Users browsing this thread: 1 Guest(s)