ms32dll.dll issue?

[gofeddy]

Hello,
I have a problem in my comp. The moment I start up my comp, I get a text file about ms32dll.dll.vbs
When I open IE, in my title bar, it says "Hacked by Godzilla"
I double click on my drives and they dont open. But a script file wscript.exe is running.
I checked out for solutions on the net. But they dont work.
Is there a solution that 100% works to remove this problem?
I also scanned my system using avast, reg cleaner, tune up..... but of no use

 

[shantanu]

i think your computer is have a visual Basic Script... just delete that file and you are done.. search it and delete it....

 

[anandk]

download and use foll tool/s :
Godzilla remover
or
Godzilla Fixer
reboot.
then do a pc cleanup with ccleaner
reboot again.
hope it helps else post ur hjt logfile.

 

[gofeddy]

i tried using all your methods. but it did'nt work. the same problem continues.
anything else???

*www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_RESULOWS.A&VSect=Sn
*www.nod32th.com/component/option,com_docman/task,doc_details/gid,16/Itemid,290/lang,en/
*howto.redcomputer.net/windows/hacked_by_godzilla.php

I hope, after this you would stop using crappy AV like Avast.

I installed avast only after hearing and looking at the support it had from the members here. and this is the first time it has given me a problem.
Then which av do you recommend?

 

[aneesh kalra]

Go to run and type mrt.exe

 

[anandk]

y dont u PLEASE post ur hjt logfile ???

 

[gofeddy]

OK Here's the logfile:

Logfile of HijackThis v1.99.1
Scan saved at 11:36:48 AM, on 31.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\abc\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4C220A68-A82D-40D0-9232-002EBEC2B24E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {BA463437-C3DE-47da-8280-87596824388A} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{866CCC72-D2A7-40FB-AA3D-A14D6C84C492}: NameServer = 61.1.96.69,61.1.96.71
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

 

[gofeddy]

I fixed those issues that Indyan pointed out. But after I reboot the system, the same problem appears again.
I think there must be something else that's triggering this ms32dll.dll.vbs.
Keep posting your solutions.........

 

[dhairyadand]

Hi even i had the same problem, however i managed to remove it,herez how--
[detailed xplanation given aftrwardz]

1.In taskbar (CNTRL+ALT+DEL) go to processes and close all instances of 'wscript.exe'
2.Open My computer, in tools->folder options->view-> check 'show hidden files and folders' and uncheck 'Hide protected operating system files'.
3.Now in all your drives two files with READ ONLY attributes will be visible- ms32dll.dll.vbs and autorun.inf
4 Delete these two files from all the drives
5 In C:\Windows\ there will be another ms32.dll.vbs file, delete this also
6 Remember during all this process don't double click your hard disk, if u do then follow step 1,then continue.
7 Open registry editor (Start->Run->regedit) Make following changes in registry-
go to HKCU\Software\Microsoft\Internet Explorer\Main,and change Window Title = Microsoft Internet Explorer
and
HKLM\Software\Microsoft\Current Version\Run and delete the entry ms32dll.dll
8 And if u click ur drive icon then repeat the process 4m step 1
9 Restart and relax itz back to normal