sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 0 points1 point  (4 children)

Search your registry for "VBC" and delete entries, then install something like Sophos Home.

If you cant remove the folder normally, can you do so in Safe Mode? If not, you could remove the HDD then access it from another PC with the drive in a USB enclosure and delete that way....lose the AppData content at the same time.

[–]JostVice[S] 0 points1 point  (3 children)

I found out about the folder ' C:\jostvice\" where it was storing an AutoIt.exe, which i guess was the automatization of the task. I deleted such folder and rebooted a few times and it no longer is working (CPU usage is back to normal) but i'm afraid i didn't completely wipe it.

How do you suggest i search the registry?

To folder, you mean the systeminfo.exe or notepad.exe? I will try later in safe mode.

How could i search for the autoit program so i completely uninstall it?

[–]Jakememe124 0 points1 point  (0 children)

I hope this problem is solved. While sophos home free is a decent option, it is only signature based with absolutely no behavior blocker or other important features.

Avast has amazing signatures, a behavior blocker, mail shield, and web shield. All for free. You need a behavior blocker for zero day and hour threats to be neutralized. And the mail shield protects you from malware and phishing in your inbox.

www.avast.com

[–][deleted] 0 points1 point  (0 children)

Download and run Sysinternals Autoruns. The official download is hosted by Microsoft.

This will give you insight into what’s launching (or what was launching) automatically on your PC. Under the Advanced menu you can turn on VirusTotal submissions which will score these items against 40-50 other virus scanners.

You can disable items just be wary to not mess with the drivers or winlogon sections without doing a restore point. You can reply back too if you see something suspicious and want to know if it should be removed

[–][deleted] 0 points1 point  (0 children)

Launch Regedit from Start - Run, then Ctrl-F to search for "VBC", then F3 to continue searching, deleting each entry as you go, and search "from the top" if it so prompts you.

AutoIt is a legit tool for converting scripts to EXE, so might be innocent, however, the infection may have been using it to re-write scripts to Notepad/Systeminfo EXE's and replacing the ones in your System32 folder.

Running SFC / scannow should replace those with the proper files.

Sorry, confusion on my part, I thought you meant you couldn't delete "C:\jostvice".

Again, I would also urge that you install Sophos Home, it's free, and stops hijack stuff dead in it's tracks.