virusremoval.vbs

Status
Not open for further replies.
M

magneticme200

In the zone
i hv avast av...yestrday i scannd my pc..
it found a virus in c:\windows\sys..\virusremoval.vbs
it could nt repair the same...so i deleted it...
now wenevr i start my comp..an error comes
"could nt find the script c:.,,,,\virusremoval.vbs"
i dnt want to hv this startup msg...and also wanna knw wat is it related to??
y is it at the startup.???
 
casanova

casanova

The Frozen Nova
This would have created an entry in your startup. Download some startup manager. TuneUp Utilities 2008 has a nice startup manager. Disable the startup key for virusremoval.vbs from the TuneUp's start up manager.
 
J

joy.das.jd

Guest
TO remove this first of all look into task manager and see it WSCRIPT process is running or not. If it running then end the process. Then go to windows/ system32 directory and delete the virusremoval.vbs . Then open msconfig and delete the startup key from there. Sometime there is a blank startup item with no name of process. Delete those entries and you are done...:D:D:D
 
blueshift

blueshift

Wise Old Crow
Goto Registry Editor by typing regedit in Run command.

Browse to these registry keys:
Code: 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
In the right pane, look for the values of Userinit[/b and Shell keys. It must have values C:\WINDOWS\system32\userinit.exe and Explorer.exe respectively. Anything more than that can be safely deleted.
Like suppose possibly if the value is 'C:\WINDOWS\system32\userinit.exe, C:\Windows\System32\VirusRemoval.vbs' then double-click the key to edit and delete C:\Windows\System32\VirusRemoval.vbs

Also for Startup entries, you can check these keys:
Code: 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
 
E

english_sos

Right off the assembly line
it is infact a very nagging .vbs script virus, better known as the sujin virus. stop doing all the registry hacking yourself just download an antisujin kit available from this link
*back2mangalman.blogspot.com/2007/12/sujin-virus-removal-tool-version-10-by.html
i faced the same problem and trust me it worked like charm.
regards
***things are easy if u know the solution.

english_sos
 
Pathik

Pathik

Google Bot
Actually it is not exactly a virus. It is a very useful VBscript. You can eit it and use it to get rid of those pesky andu-pandu USB viruses
 
E

english_sos

Right off the assembly line
Sorry Pathik If Kaspersky Says It Is A Virus, It Is. And Please Follow The Link You Will Find A Mine Of Information. Good Mine Yaar, Not Those Blasted Type.
 
blueshift

blueshift

Wise Old Crow
I too don't think that it actually is a virus after reading the code. It just changes the IE title name and the startup page. It doesn't do any destruction like the trojans do.
 
Pathik

Pathik

Google Bot
Edit the virusremoval.vbs file and change all instances of that URL with about:blank

Or change these two keys:
Code: 
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKCU\Software\Microsoft\Internet Explorer\Main\Window Title
 
Last edited:
P

prabirjit

Right off the assembly line
I faced the same 'bro.gov.in' problem- no well-known anti-virus programs could detect or block its infection. Finally Malwarebytes' Anti-Malware program removed the virus -here is the report for experts to see:
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
[FONT=&quot]HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully[/FONT].

But the trace remained in the internet explorer - I just tackled that, thanks to digit forum suggestion to use AntiSujin.
 
Status
Not open for further replies.
Top Bottom