Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VBS Script AutoStartup


  • Please log in to reply
4 replies to this topic

#1 AnthonyBugg

AnthonyBugg

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:03:57 PM

Posted 05 September 2013 - 01:15 PM

So today im having a problem with a Vbs script,and as you guys may know any person can make a vbs script with a notepad. So my friend decided he would send me a vbs script that opens up 5 cmd windows that will open everytime i startup my computer.

 

But im not really sure how to remove this vbs script from starting up on my pc. Someone Please help me:-).

 

System Specs: 

Windows 8 

64-bit OS

HP Envy M6 Entertainment PC

Amd A10

6 Gbs Ram

 



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:57 AM

Posted 05 September 2013 - 01:34 PM

try these:

 

:step1: Go to Run (Windows Icon + R) > Msconfig > Startup Tab > see is there anything related to vbs files? If yes, uncheck them and reboot.

 

:step2: Go to start > startup folder (IDK it is in Win 8 or not.) And see that there are anything related to vbs files? If yes, delete them and reboot.

 

There can be something in registry too, but I don't think your friend will go deep like that.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 AnthonyBugg

AnthonyBugg
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:03:57 PM

Posted 05 September 2013 - 01:44 PM

There is nothing in startup related to malware, and knowing him im pretty sure he did go that deep, I called him and he told me he remembered it started with slmgr.vbs ato.  This is all that's in my startup.

 

 

 

cso4DFu.png


Edited by AnthonyBugg, 05 September 2013 - 01:48 PM.


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:57 PM

Posted 05 September 2013 - 02:02 PM

Let's see if this will yield any results on that file, if what your friend remember is correct.

 

SystemLook by jpshortstuff

--------------------

  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following code box into the main text field:

:filefind
slmgr.vbs ato
:regfind
slmgr.vbs ato
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:03:57 PM

Posted 07 September 2013 - 12:02 AM

The slmgr.vbs script is for Microsoft Software Licensing Management Tool. The switch /ato tells windows to attempt online activation.
To get to The start up folders In Windows 8 open the run command (Hold the Windows + R) and type

 

For Current user

shell:startup

Location = %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

 

For All Users

shell:common Startup

Location = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

 

Registry Entries 
 

For all Users 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

 
For Current User

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Credit: Forum Administrator Brink at eightforums.com


Edited by Sneakycyber, 07 September 2013 - 12:03 AM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users