Advice Request Wscript trying to run

  • Thread starter ForgottenSeer 69673
  • Start date

Please provide comments and solutions that are helpful to the author of this topic.

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
And I am sure you have scanned with many different scanners (especially K as CS recommended) by now, so I won't even ask about that. The thing is, you have multiple layers of amazing protection and are extremely aware when it comes to security, so the odds of this being malware is probably very small.

Maybe you can try to run FRST and have one of the malware removal experts on MT take a look just for the heck of it. I can look at the FRST results as well, but we certainly would want another opinion since I am not familiar with FRST at all.
 
F

ForgottenSeer 69673

Thread author
And I am sure you have scanned with many different scanners (especially K as CS recommended) by now, so I won't even ask about that. The thing is, you have multiple layers of amazing protection and are extremely aware when it comes to security, so the odds of this being malware is probably very small.

Maybe you can try to run FRST and have one of the malware removal experts on MT take a look just for the heck of it. I can look at the FRST results as well, but we certainly would want another opinion since I am not familiar with FRST at all.

Yes Dan I do have good protection but I was not in shadow mode when this occurred. I still can go back to an image before all this but at this point , I am waiting. I have a strict policy about allowing scripts to run, even if they may be an update, which I have never seen before. I am not your average target. What is your email again? I will explain more in private

Meg thanks for your ideas but all are from sys32.
 
F

ForgottenSeer 69673

Thread author
Today, while in shadow mode, I tried to install Eset IS. The installer failed with the splash screen it fail because I might have malware. There was a button to try a special scanner. I clicked on that and another splash screen came up saying malware was found and removed. I still have no idea what is going on. Eset never mentioned anymore, but once I reboot, it will be back. And so far I am not getting any more script blocks.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Today, while in shadow mode, I tried to install Eset IS. The installer failed with the splash screen it fail because I might have malware. There was a button to try a special scanner. I clicked on that and another splash screen came up saying malware was found and removed. I still have no idea what is going on. Eset never mentioned anymore, but once I reboot, it will be back. And so far I am not getting any more script blocks.
That ESET scanner should've shown the name and location of the detected malware. Didn't it? Did you put your whole PC (all drives) in shadow mode or just a particular drive? If the whole PC then the malware should still be there after exiting shadow mode. In that case you may try installing ESET again but this time on your main system or just scan with ESET Online scanner to find out the culprit.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Interesting, it might be malware after all. Now that we know that ESET is aware of the potential malware, maybe try my original suggestion again, that way VS can see the block before it is blocked by AG, and is able to provide further file insight.


BTW, I have not tested VS in shadow mode yet, I am working on some other stuff. But I have a hunch that it probably does not work all that well in shadow mode, simply because it had an issue writing to one of the databases. Just something to keep in mind.

BTW, is there a chance that this block is a component of Shadow Defender?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
When I really want to know what is happening on my system I install this NVT tool
This logging service is incorporated into Exe Radar Pro (the new version)
 
F

ForgottenSeer 69673

Thread author
When I really want to know what is happening on my system I install this NVT tool
This logging service is incorporated into Exe Radar Pro (the new version)

I will give it a try, thanks
Just tried this and service won't start for some reason. And so no logs are formed. ok figured it out. had to be moved to c root. working now
 
Last edited by a moderator:
F

ForgottenSeer 69673

Thread author
OK got it.

07/04/2020 16:25:24
Process: [9052] C:\Windows\System32\wscript.exe
Username/Domain: SYSTEM/NT AUTHORITY
CommandLine: C:\WINDOWS\System32\Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
MD5 Hash: 89940519ABD4D94A574539E92F786095
It is an Intel thing Afterall
 
F

ForgottenSeer 69673

Thread author
So who all owes me a beer? ;). Just playing, I am just happy that the issue is resolved.

That info should be in VS's DeveloperLog.log too, but it is probably easier to read in the Process Logger Service.

Dan I do owe a beer. Thanks. I still wonder what Eset found. Their online scanner finds nothing but their IS found malware, maybe. From what I posted, it would not even install in shadow mode, saying I had malware. It is a scratching head moment
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top