WScript.exe is Infected By Malware and Firefox Opens Harmful Websites

Yesterday I witnessed a script based malware attack on my computer. I strongly believe the malware infected my computer came from one of my friend's USB drive. He double clicked a folder to open in his pen drive but it was a short cut created by a malware. The target location of the folder was the below address. C:\windows\system32\cmd.exe /c start WScript d3d3\icec.js & Start Explorer.exe "RECYCLER" and I believe WScript.exe is infected by this malware. This script automatically set the home page to "http:// india4you. info/r.asp#" in Firefox. Also the default Search too changed to one malicious URL address. Gladly Avast installed on my computer is able to detect it and stop Firefox from accessing the page.

Browser automatically opening malicious websites


Just like this, Avast web shield starts stopping a number of attempts to connect Firefox to other malicious websites and while carefully analyzing each attempts, it is found that the process is originated from WScript.exe
wscript.exe is infected and script based virus infection

How to Resolve WScript.exe Infection


Since the first location we should check after malware infection is Startup, I tried to open System Configuration using msconfig. This script created some unwanted Startup services but Wscript.exe prevented me from opening msconfig on my computer. So the steps I took to fix this issue are provided below.

  1. Open Task Manager and kill Wscript.exe under processes


  2. Now type msconfig on Run and press OK

  3. Uncheck all suspicious Startup programs under Startup tab
    How to remove script infection on a computer

  4. Reboot the computer and check whether Wscript.exe is still under processes. If it is still present, you need to repeat the process and disable all Startup programs except AntiVirus.

As we know most of the script based malicious codes prompt browsers to load other compromised websites for various reasons. If you discover such website, there are some steps you can do against it. To lean more about how to deal with infected websites follow the link below.
How to Deal With Malicious Websites and Stop Them From Spreading Malware

After the infection the major problem I was facing is the slow Internet because of the automatic attempts of Firefox to access remote compromised websites. Luckily Avast web shield protected my computer from opening those websites. To view the saved user names and passwords from Firefox follow the link below.
How to View Saved Passwords and User Name On Firefox Browser

Since it is a security article, I think it is better give link to one of my old article about DDoS attack. To read more about it click on the link below.
Denial of Service (DOS) Attacks Tutorial

Technology Blog

2 comments:

Marty said...

It was really helpful. My laptop too affected with the same virus and your article helped me a lot. Thanks..

Alex Kureekkattu said...

Thanks for your comment Marty.