User Help

Is there a way to find out what’s exactly executing the Windows Script Host?

So, long time ago I got a malware from a pendrive, it cloned a directoy on my system32 folder and attempted to do bitcoin mining on my pc. After that, every new pendrive connected to my pc would also get the folder copied from my system32 to the pendrive. So after I found the source, I deleted the directory and every registry about it from regedit, and it worked fine. There’s only one thing missing, everytime I turn out the computer a Windows Script Host error would show up saying “Cannot find file C:\system\system.vbs” (which was in the folder I purged) and even after I close it, it would show up again, so that means there’s still the process that tries to execute that vbs.

Is there a way to find the source of the windows script host error? Or the process that’s executing it?

So I can 100% purge this malicious thing at last

Leave a Reply

Your email address will not be published. Required fields are marked *