How to remove this at startup

abdel

New Member
Local time
12:43 PM
Posts
3
Thread starter
after removing a worm virus named verecon and it things a message with cmd window appears at startup
fggf.PNG
 
Windows Version
windows 7

My Computer

System One

  • Operating System
    windows 7

RolandJS

New Member
VIP
Local time
6:43 AM
Posts
21
Google gave me the following snippits:
"The genuine AutoIt3.exe file is a software component of AutoIt v3 Script by AutoIt Team. AutoIt v3 is a scripting language designed for automating and simulating keystrokes, mouse movement and window/control manipulation. ... Executable files may, in some cases, harm your computer..."
"AutoIt v3.3.8.1 is a software program developed by AutoIt Team. The software is designed to connect to the Internet and adds a Windows Firewall exception in order to do so without being interfered with. The primary executable is named autoit3.exe. The setup package generally installs about 23 files and is usually about 26.19 MB (27,460,001 bytes). Relative to the overall usage of users who have this installed on their PCs, most are running Windows 7 (SP1) and Windows 10. While about 38% of users of AutoIt come from the United States, it is also popular in France and Germany. - Read more at AutoIt v3.3.8.1 - Should I Remove It?"

I have no idea on how fix this situation, I will listen in and learn from the others in here.
 

My Computer

System One

  • Operating System
    Windows 7 Professional build 7601
    Computer type
    Laptop
    Manufacturer/Model
    AcerAspire
    Keyboard
    USB
    Mouse
    USB
    Internet Speed
    Often, snails zip by...
    Browser
    Chrome, W7 Edge, IE

johngalt

Well-known member
WQ Insider
Member
VIP
Local time
7:43 AM
Posts
777
Location
3rd Rock
Somewhere in your system is a call for the AutoIt program that was being used to propagate the worm in some form or fashion.

Did you remove the virus manually, or use an AntiMalware program to do it?

If you go to the Technical details of the worm as listed at WORM_VERECNO.A - Threat Encyclopedia you'll see that there are various things that it creates, and one or more of those items may still need to be removed, particularly the Registry entries listed there:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
googleupdate.exe = "%System Root%\Google\googleupdate.vbs"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
googleupdate.exe = %System Root%\googleupdate.vbs

To be honest, your best bet is to visit a forum that handles malware removal thoroughly, such as the ones at MalwareBytes, Bleeping Computer, and other reputable sites where trained volunteers help with the total removal of infections, that will remove the remnants like this. But, you can just as easily download a free AntiMalware app like Malwarebytes and run it and it should be able to find the majority of the remnants on its own.

HTH
 

My Computer

System One

  • Operating System
    Windows 10 Pro X64
    Computer type
    PC/Desktop
    Manufacturer/Model
    The Beast Model A (homebrew)
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * Corsair Vengeance 32 GB 3600 MHz
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen @ 1920*1080
    Hard Drives
    3x Sabrent Rocket PCIe Gen4 NVMe M.2 1 TB SSD (SB-ROCKET-NVMe4-1TB)
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM --> RAID1
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler + Air (3 * 140mm fans from case)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3 Wireless Laser Mouse(shared)
    Internet Speed
    AT&T Lightspeed Gigabit duplex
    Browser
    Nightly|Chrome|Canary|Edge+ (Chromium) (in all 4 flavors)
    Antivirus
    Windows Defender + MB 4

FreeBooter

Active Member
Member
VIP
Local time
2:43 PM
Posts
317
Location
Turkey
You can use Autoruns utility to delete startup tasks and programs.

 

My Computer

System One

  • Operating System
    Windows 10 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte Technology Co., Ltd.
    CPU
    QuadCore Intel Core i5-6600
    Motherboard
    Gigabyte GA-Z170M-D3H
    Memory
    Corsair Vengeance LPX CMK8GX4M1A2666C16
    Graphics Card(s)
    Sapphire Radeon R9 380
    Sound Card
    Realtek ALC892
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Hard Drives
    Sata SSD
    Internet Speed
    25Mbps
    Browser
    Firefox
    Antivirus
    Windows Defender

abdel

New Member
Local time
12:43 PM
Posts
3
Thread starter
Somewhere in your system is a call for the AutoIt program that was being used to propagate the worm in some form or fashion.

Did you remove the virus manually, or use an AntiMalware program to do it?

If you go to the Technical details of the worm as listed at WORM_VERECNO.A - Threat Encyclopedia you'll see that there are various things that it creates, and one or more of those items may still need to be removed, particularly the Registry entries listed there:





To be honest, your best bet is to visit a forum that handles malware removal thoroughly, such as the ones at MalwareBytes, Bleeping Computer, and other reputable sites where trained volunteers help with the total removal of infections, that will remove the remnants like this. But, you can just as easily download a free AntiMalware app like Malwarebytes and run it and it should be able to find the majority of the remnants on its own.

HTH
first thing my usb was infected i plug it on my pc and it infected my pc too so i used avast antivirus it deleted all the viruses and did it job then autoit was left and skypee too so i deleted it from registery and the files from my drive
 

My Computer

System One

  • Operating System
    windows 7

abdel

New Member
Local time
12:43 PM
Posts
3
Thread starter
im curious i have a question how my usb got infected ?
Somewhere in your system is a call for the AutoIt program that was being used to propagate the worm in some form or fashion.

Did you remove the virus manually, or use an AntiMalware program to do it?

If you go to the Technical details of the worm as listed at WORM_VERECNO.A - Threat Encyclopedia you'll see that there are various things that it creates, and one or more of those items may still need to be removed, particularly the Registry entries listed there:





To be honest, your best bet is to visit a forum that handles malware removal thoroughly, such as the ones at MalwareBytes, Bleeping Computer, and other reputable sites where trained volunteers help with the total removal of infections, that will remove the remnants like this. But, you can just as easily download a free AntiMalware app like Malwarebytes and run it and it should be able to find the majority of the remnants on its own.

HTH
 

My Computer

System One

  • Operating System
    windows 7

johngalt

Well-known member
WQ Insider
Member
VIP
Local time
7:43 AM
Posts
777
Location
3rd Rock
Any of a number of ways. If you ever used it in another machine, it could be that way. It could be that a program that was copied to it was already infected.

The vectors of infection are entirely too numerous to even speculate on without knowing the history of the use of the USB device prior to infection.
 

My Computer

System One

  • Operating System
    Windows 10 Pro X64
    Computer type
    PC/Desktop
    Manufacturer/Model
    The Beast Model A (homebrew)
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * Corsair Vengeance 32 GB 3600 MHz
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen @ 1920*1080
    Hard Drives
    3x Sabrent Rocket PCIe Gen4 NVMe M.2 1 TB SSD (SB-ROCKET-NVMe4-1TB)
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM --> RAID1
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler + Air (3 * 140mm fans from case)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3 Wireless Laser Mouse(shared)
    Internet Speed
    AT&T Lightspeed Gigabit duplex
    Browser
    Nightly|Chrome|Canary|Edge+ (Chromium) (in all 4 flavors)
    Antivirus
    Windows Defender + MB 4
Top