Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


VBS Script AutoStartup

  • Please log in to reply
4 replies to this topic

#1 AnthonyBugg


  • Members
  • 6 posts
  • Gender:Male
  • Location:United States
  • Local time:03:57 PM

Posted 05 September 2013 - 01:15 PM

So today im having a problem with a Vbs script,and as you guys may know any person can make a vbs script with a notepad. So my friend decided he would send me a vbs script that opens up 5 cmd windows that will open everytime i startup my computer.


But im not really sure how to remove this vbs script from starting up on my pc. Someone Please help me:-).


System Specs: 

Windows 8 

64-bit OS

HP Envy M6 Entertainment PC

Amd A10

6 Gbs Ram


BC AdBot (Login to Remove)


#2 Sirawit


    Bleepin' Brony

  • Malware Response Team
  • 4,161 posts
  • Gender:Male
  • Location:Thailand
  • Local time:02:57 AM

Posted 05 September 2013 - 01:34 PM

try these:


:step1: Go to Run (Windows Icon + R) > Msconfig > Startup Tab > see is there anything related to vbs files? If yes, uncheck them and reboot.


:step2: Go to start > startup folder (IDK it is in Win 8 or not.) And see that there are anything related to vbs files? If yes, delete them and reboot.


There can be something in registry too, but I don't think your friend will go deep like that.


Thank you.

If I don't reply back to you in 2 days, feel free to send me a PM.


“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.

#3 AnthonyBugg

  • Topic Starter

  • Members
  • 6 posts
  • Gender:Male
  • Location:United States
  • Local time:03:57 PM

Posted 05 September 2013 - 01:44 PM

There is nothing in startup related to malware, and knowing him im pretty sure he did go that deep, I called him and he told me he remembered it started with slmgr.vbs ato.  This is all that's in my startup.





Edited by AnthonyBugg, 05 September 2013 - 01:48 PM.

#4 xXToffeeXx


    Bleepin' Polar Bear

  • Malware Response Instructor
  • 6,086 posts
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:57 PM

Posted 05 September 2013 - 02:02 PM

Let's see if this will yield any results on that file, if what your friend remember is correct.


SystemLook by jpshortstuff


  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following code box into the main text field:

slmgr.vbs ato
slmgr.vbs ato
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt



~If I am helping you and you have not had a reply from me in two days, please send me a PM~


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here


 ~Twitter~ | ~Malware Analyst at Emsisoft~

#5 Sneakycyber


    Network Engineer

  • BC Advisor
  • 6,130 posts
  • Gender:Male
  • Location:Ohio
  • Local time:03:57 PM

Posted 07 September 2013 - 12:02 AM

The slmgr.vbs script is for Microsoft Software Licensing Management Tool. The switch /ato tells windows to attempt online activation.
To get to The start up folders In Windows 8 open the run command (Hold the Windows + R) and type


For Current user


Location = %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup


For All Users

shell:common Startup

Location = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup


Registry Entries 

For all Users 


For Current User


Credit: Forum Administrator Brink at eightforums.com

Edited by Sneakycyber, 07 September 2013 - 12:03 AM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users