WScript.exe is Infected By Malware and Firefox Opens Harmful Websites

Published by: Alex George on May 20, 2013
Yesterday I witnessed a script based malware attack on my computer. This malware, which infected my computer came from my friend's USB drive. He connected that pen drive to my PC and double clicked a folder in it. Unfortunately, that folder was a shortcut created by this malware. Target location of the folder was; C:\windows\system32\cmd.exe /c start WScript d3d3\icec.js & Start Explorer.exe "RECYCLER" and I believe WScript.exe is infected by this malware.

This script automatically set the home page to "http:// india4you. info/r.asp#" in Firefox. Also, the default Search too changed to one malicious URL address.

Gladly Avast installed on my computer was able to detect it. Avast stopped Firefox from accessing the page.
The browser automatically opening malicious websites


At the same time, Avast web shield started to stop browser's attempts to connect with other malicious websites. While carefully analyzing each attempt, we found that the process is originated from WScript.exe by the malware.
wscript.exe is infected, and script-based virus infection

How to Resolve WScript.exe Infection

Since the first location, we should check after malware infection is Startup, I tried to open System Configuration using the command msconfig. This script created some unwanted Startup services but Wscript.exe prevented me from opening msconfig on my computer. So the steps I took to fix this issue are provided below.

  1. Open The Task Manager and kill Wscript.exe under processes

  2. Now, type msconfig on Run and press OK

  3. Uncheck all suspicious Startup programs under Startup tab
    How to remove a script infection on your computer

  4. Reboot the computer and check whether Wscript.exe is still under processes. If it is still present, you need to repeat the process and disable all Startup programs except AntiVirus.

Most of the script based malicious codes prompt browsers to load other compromised websites for various reasons. If you discover such website, there are some steps you can do against it. To learn more about how to deal with infected websites follow the link below.
How to Deal With Malicious Website and Stop Them From Spreading Malware

  1. Change Default TTL Value Set On Ping Packets
  2. Reasons For PING: Transmit failed. General Failure
  3. Ping Gives Hardware Error
  4. Delete Photos Shared Over Hangouts

After the infection, the major problem I faced was slow Internet connection because of the automatic attempts of Firefox to access remote compromised websites.

  1. File Access Denied- Need to Provide Administrative Permissions to Move The File
  2. What is TCP Split Handshake Attack
  3. Etisalat Broadband Internet Configuration Guide
  4. The Requested Operation Requires Elevation (Run as Administrator)

Luckily Avast web shield protected my computer from opening those websites.
How to View Saved Passwords and Username On Firefox Browser

  1. Kill Unwanted Unresponsive Process on Chrome Browser
  2. Create Log Files for IP Messenger Installed
  3. MTS MBlaze Data Card Hack
  4. Request Timed Out

Since it is a security article, I think it is better to give the link to one of my old article about the DDoS attack. To read more about it click on the link below.
Denial of Service (DOS) Attacks Tutorial

2 comments:

  1. Marty3:57 AM

    It was really helpful. My laptop too affected with the same virus and your article helped me a lot. Thanks..

    ReplyDelete
  2. Alex Kureekkattu3:57 AM

    Thanks for your comment Marty.

    ReplyDelete

Newer Post Older Post Home