is it just the mui files that need deleting or the actual wscript.exe main file with the colored box icon?

OK Darko, No probs… Thanks for returning to the Community & posting.
AVG Guru

Greetings everyone, 

I feel like I have fixed the issue of the wscript.exe file appearing AND the duel virus that appears with it (a randomly generated file that's created)

HEADS UP: BEFORE CONTINUING, SAVE THE DIRECTORY PATH THAT AVG GIVES WHEN IT STORES THE VIRUS.

DELETING THE WSCRIPT.EXE

Step 1: Go to (what ever letter you have have)C:\Windows\System32

https://imgur.com/l4Bbd2j

Step 2: In the search type wscript.exe

https://imgur.com/dQeyFYl

Step 3: Delete all files that allow you to (some won't unless you have permission) 

Step 4: For each individual file you need to do these steps. Right click and click on premissions

https://imgur.com/gwaS0kt

Step 5: Go to Security tab. click on your User , click the advance button
https://imgur.com/oEYzdCI

Step 6: When the window appears, click on Change owner (it should say TrustedInstaller)

https://imgur.com/w4ns2VI

Step 7: When the new window appears, go to the text box and type your name, then click chick name. It should auto correct and you are able to press okay, and okay on the second window

https://imgur.com/eYTKFyo
https://imgur.com/C3vKQdn

Step 8. Now that you're back in the wscript Proprieties in the security tab, click on your user and press "Edit"

https://imgur.com/xNcQVkk

Step 9: Now you'll be in a similar window but it'll be called "Premissions for ____" Click the your name, click full control, and click okay. This will NOW officially give you full control in deleting the item.

https://imgur.com/gl9ByhX

Step 10: You Should click your name and see that you have full control over the program

https://imgur.com/a/E9Mxc

Step 11: Click okay and delete the file

Step 12: repeat process for other wscripts that won't be deleted.

Step 13: Reset your computer

Now part two

DELETING THE RANDOMLY GENERATED FILES

Note:This virus will randomly create a path and will randomly create a name for the txt file such as DINO,REDO, RESO, and other random names.

Step 1: write down the directory of that security threat you keep getting on avg. Here is mine.

https://imgur.com/VD1msIb

Step 2: Go to that directory, for me that is C:\programdata\

Step 3: Look for that folder that it gives you. (every folder is unique, this picture was taken from another post because I already got rid of the virus and cannot replicate the virus) In the picture the folder is Literally called {3565F006-Bf27-7AC0-39ET-E482A3A36F4C} for you it will be some other crazy mix of numbers and letters.

Step 4: now that you found the folder delete it. Yeah delete that whole thing, everything inside. 

Step 5: Go to your C:\ Directory (or what ever letter you have)

Step 6: Delete the "END" (END is the name of the file.) file that may appear there. The End file is harmless but is used to randomly generate the name of the txt file and the directory folder. If you don't see the END file  wait 15 - 30 mins. If it does appear, delete it, if not than I don't think you have anything to worry about.

Step 7: Reset your computer.

_____________________________________________________________

This concludes Darko's Manual Virus removal. If this doesn't work, feel free to message and I may have some other solutions to deal with it.

OK Darko, No probs… Thanks for returning to the Community & posting.
AVG Guru

is it just the mui files that need deleting or the actual wscript.exe main file with the colored box icon?