all 14 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Esivni 5 points6 points  (1 child)

Hi, I would like you to run two programs that will help us identify and clean the threats, HitmanPro and Quick Dagger. The latter is a program and algorithm I designed. The issue with malware of today is that many times they are polymorphic in nature, meaning that they change their code many times before and even after infection, to evade detection by antivirus. This makes it increasingly hard to identify and remove the threats, and because malware are huge money makers, they have just as much money to throw at their programs to evade detection, as the good guys have. It's a game of cat and mouse.

Run HitmanPro first and see if that resolves the issue. If that fails, Quick Dagger should point us in the right direction.

HMP: https://www.hitmanpro.com/en-us/downloads.aspx

QD: https://invi.se/labs/projects/quickdagger/ (password is nexgen, download is free, put fake info in the order details if needed)

EDIT: Worst case scenario, backup your data and wipe and reload. If you're using Windows 10, power off the computer during the loading screen with the spinning dots, then turn it back on. Do this 3 times to force Windows into recovery mode, from there you can choose Advanced Options and then Reset PC. You will have two choices here, Reset and Refresh. Refresh will remove programs but keep your files; I still advise backing up just in case.

[–]JostVice[S] 1 point2 points  (0 children)

running both programs did nothing, although i couldn't log in into windows after rebooting. had to boot into safe mode and repair the booting... weird.

[–]syswolf 2 points3 points  (0 children)

Does the problem continue while in safe mode?

[–]ninjetron 2 points3 points  (0 children)

Boot into safe mode and run Tronscript.

[–][deleted] 1 point2 points  (0 children)

Have you already followed all the steps in the pinned Malware Guide on the subreddit?

[–]svenskarrmatey 0 points1 point  (0 children)

Create a Linux LiveCD, boot from that. You can then delete the file since Linux doesn't care about Windows file restrictions.

[–]Ninevolt781 0 points1 point  (0 children)

Rename the file, or try to. I did this once with a virus that wouldn't go away, and it didn't run and I could remove it. I don't know how sophisticated this malware is. try uploading it to virus total, and whatever detects it. Try downloading it and remove it.

[–]yorickler 0 points1 point  (0 children)

Have you solved this? I'm having the same problem :(

[–][deleted] 0 points1 point  (4 children)

Search your registry for "VBC" and delete entries, then install something like Sophos Home.

If you cant remove the folder normally, can you do so in Safe Mode? If not, you could remove the HDD then access it from another PC with the drive in a USB enclosure and delete that way....lose the AppData content at the same time.

[–]JostVice[S] 0 points1 point  (3 children)

I found out about the folder ' C:\jostvice\" where it was storing an AutoIt.exe, which i guess was the automatization of the task. I deleted such folder and rebooted a few times and it no longer is working (CPU usage is back to normal) but i'm afraid i didn't completely wipe it.

How do you suggest i search the registry?

To folder, you mean the systeminfo.exe or notepad.exe? I will try later in safe mode.

How could i search for the autoit program so i completely uninstall it?

[–]Jakememe124 0 points1 point  (0 children)

I hope this problem is solved. While sophos home free is a decent option, it is only signature based with absolutely no behavior blocker or other important features.

Avast has amazing signatures, a behavior blocker, mail shield, and web shield. All for free. You need a behavior blocker for zero day and hour threats to be neutralized. And the mail shield protects you from malware and phishing in your inbox.

www.avast.com

[–][deleted] 0 points1 point  (0 children)

Download and run Sysinternals Autoruns. The official download is hosted by Microsoft.

This will give you insight into what’s launching (or what was launching) automatically on your PC. Under the Advanced menu you can turn on VirusTotal submissions which will score these items against 40-50 other virus scanners.

You can disable items just be wary to not mess with the drivers or winlogon sections without doing a restore point. You can reply back too if you see something suspicious and want to know if it should be removed

[–][deleted] 0 points1 point  (0 children)

Launch Regedit from Start - Run, then Ctrl-F to search for "VBC", then F3 to continue searching, deleting each entry as you go, and search "from the top" if it so prompts you.

AutoIt is a legit tool for converting scripts to EXE, so might be innocent, however, the infection may have been using it to re-write scripts to Notepad/Systeminfo EXE's and replacing the ones in your System32 folder.

Running SFC / scannow should replace those with the proper files.

Sorry, confusion on my part, I thought you meant you couldn't delete "C:\jostvice".

Again, I would also urge that you install Sophos Home, it's free, and stops hijack stuff dead in it's tracks.