Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Worm_face.ab Vbs_agent.amaf

  • This topic is locked This topic is locked
1 reply to this topic

#1 phallical


  • Members
  • 16 posts
  • Local time:06:40 PM

Posted 02 October 2008 - 05:45 AM

DaChew has been trying to help me remove Worm_Face.AB and VBS_AGENT.AMAF from my computer. here is a link to the previous posts:
We have run Flash_Disinfector.exe and the .inf file will not show up on any of the drives.
I normally use Trend Micro's Sysclean to find and elimnate my viri, but it cannot get rid of the worms.
I have run MBAM and below is the pasted log. Before running I disconnected all external USB drives as instructed by Chewy....thanks....phal

Malwarebytes' Anti-Malware 1.28
Database version: 1225
Windows 5.1.2600 Service Pack 3

10/2/2008 5:36:25 AM
mbam-log-2008-10-02 (05-36-07).txt

Scan type: Quick Scan
Objects scanned: 55659
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" /s) Good: ("%1" /S) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
G:\WINDOWS\system32\1.ico (Malware.Trace) -> No action taken.
G:\WINDOWS\system32\2.ico (Malware.Trace) -> No action taken.

Edited by phallical, 02 October 2008 - 05:47 AM.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,751 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:40 PM

Posted 02 October 2008 - 07:21 AM

Since you are already receiving help, please continue in that thread and post your MBAM log there. Do not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. Thanks for your cooperation.

This thread is closed.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users