Malware in Temp Folder

JTD777 · Jul 20, 2013

Hello again Tom's Community,

I have a malware file, nj.exe, that keeps reinstalling itself after every reboot. Avast catches it immediately after boot up but I'm tired of dealing with it every time. To note after cleaning my temp file and rebooting a VBS Script file called njq8IsHere.vbs is also present and I cannot delete it. Trying to hunt down the process that is using it. Can someone please lend me a hand? thanks 😀

--J.T.

coozie7 · Jul 20, 2013

Malwarebytes.
Download it.
Run a scan.
Problem solved...Probably.

JTD777 · Jul 20, 2013

Does it play nice with avast?

--J.T.

USAFRet · Jul 20, 2013

JTD777 :

Yes. It is not an always on scanner. Run it and let it clean what it finds. Close it.

JTD777 · Jul 20, 2013

USAFRet :

Got it running right now. Ill check it once I get back from the lake ^.^

dextermat · Jul 20, 2013

Hi,

I suggest booting in safe mode with networking and download adwcleaner, roguekiller.

If the problem persist try with rkill / combo fix

JTD777 · Jul 20, 2013

If avast moves the malware file created to chest, will malwarebytes be able to track what created it?

--J.T.

Update 1: something keeps creating a file called nj.exe on every boot that avast catches and moves to chest. Thats problem 1. There are also random 4 digit .exe files that avast calls suspicious but wont delete. All located in my appdata/local/temp folder. I cant track the source.

JTD777 · Jul 20, 2013

dextermat :

Adwcleaner and roguekiller removed a few things but I still cant get that nj.exe file to go away. It keeps getting replaced and quarantined. If its a PuP error can I check to see if any credible sites need it anywhere? where would I look?

JTD777 · Jul 20, 2013

Solved my issue. I had a file corrupt my flash drive and whenever I opened anything on it, the virus installed itself. Ended up going into safe mode, disabling the startup command (wouldnt let me disable in normal mode), then removing the file since it was no longer running. Virus file name was njq8IsHere.vbs

Dark Lord of Tech · Jul 20, 2013

http://www.softpedia.com/get/Antivirus/Removal-Tools/BitDefender-USB-Immunizer.shtml

BitDefender USB Immunizer 2.0.1.9

JTD777 · Jul 20, 2013

What does that do above a full format?

njq8 · Jul 21, 2013

JTD777 :

here you go:
1: Open Cmd.exe
2: write this code and press Enter
taskkill /f /im wscript.exe&del %temp%\*.vbs&attrib -h c:\*&attrib -h c:\*.*&del c:\*.lnk&del c:\*.vbs
this code will kill process of the vbs w0rm and delete it from temp+ clean usb drive from infected Shortcut
replace c:\ with your flash drive path to clean it

after that worm is 90% dead
last step go to start menu
to startup folder you will see file "njq8IsHere.vbs" just delete it and its removed 100% from your pc

~njq8

JTD777 · Jul 21, 2013

njq8 :

JTD777 :

here you go:
1: Open Cmd.exe
2: write this code and press Enter
taskkill /f /im wscript.exe&del %temp%\*.vbs&attrib -h c:\*&attrib -h c:\*.*&del c:\*.lnk&del c:\*.vbs
this code will kill process of the vbs w0rm and delete it from temp+ clean usb drive from infected Shortcut
replace c:\ with your flash drive path to clean it

after that worm is 90% dead
last step go to start menu
to startup folder you will see file "njq8IsHere.vbs" just delete it and its removed 100% from your pc

~njq8

Thank you much but you're a tad late. I formatted my flash drive. the worm had deleted everything on it and replaced them all with shortcuts so it wasnt worth it to try to save the data

Search

Malware in Temp Folder

JTD777

Honorable

coozie7

coozie7

Champion

JTD777

Honorable

USAFRet

Titan

JTD777

Honorable

dextermat

Splendid

JTD777

Honorable

JTD777

Honorable

JTD777

Honorable

Dark Lord of Tech

Retired Moderator

JTD777

Honorable

njq8

Honorable

JTD777

Honorable

TRENDING THREADS

Latest posts

Moderators online

Share this page