Tuesday, February 17, 2015

How to remove VBS_WORM (7)

Removal instructions for VBS_WORM (7)

Virustotal scan

Related tutorials with screenshots:

How to Remove a VBS Worm
Ultimate Guide in Removing VBS Worms






Analysis:


Type of file: VBSFile
Description:
Location: C:\Users\WinXPert\AppData\Local\Temp\
Size: 202893 b
MD5: 2D052ED3E2DF8DA08C2E0133276ECB51

Files added:
%Temp%\VBS_WORM (7).vbe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\VBS_WORM (7).vbe
F:\VBS_WORM (7).VBE
F:\File.lnk
F:\Folder.lnk

Files [attributes?] modified:
F:\File.lnk
F:\Folder.lnk

Manual Removal Instructions for VBS_WORM (7):


If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

Make sure you create a System Restore point before proceeding:

1.  Use Task Manager to terminate the malicious process wscript.exe.

2.  Delete the VBS_WORM (7).VBE from these locations.

    %Temp%
    %APPDATA%

    Startup folder   Tutorial :  How to delete startup entries
    Root directory of USB drives

3.  Repair the registry using this reg script.

Windows Registry Editor Version 5.00

;2D052ED3E2DF8DA08C2E0133276ECB51
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VBS_WORM (7)"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VBS_WORM (7)"=-

4.  Delete all *.lnk located at the root directory of your external drives.  Replace DRIVE with the correct drive letter assignment of your external drives.

DEL DRIVE:\*.LNK

5.  Unhide all hidden files and folders using this commands:  Replace DRIVE with the correct drive letter assignment of your external drives.

ATTRIB DRIVE:\*.* -S -H /S /D

6.  Update your antivirus program and perform a full scan of the computer.

 If you find this tutorial useful, please comment, share or email me. You can also make a donation to my PayPal account to help me continue my work. Thank you.

arnaldo.austria@gmail.com
Pinoy Tech RAMBO

To GOD be the glory!

All content ("Information") contained in this report is the copyrighted work of WinXPert: Virus and Malware Removal.

The Information is provided on an "as is" basis. WinXPert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, WinXPert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2015 WinXPert. All rights reserved. All other trademarks are the sole property of their respective owners.
Posted by at
Labels: , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)