Virustotal Scan
1. Terminate WScript.exe process.
3. Delete the VBS files.
Using Everything to locate the VBS worms.
4. Delete the VBS file and Shortcuts in your extenal drive.
5. Repair the registry.
Windows Registry Editor Version 5.00
;C13DEF035FEA2919DEA2272ED8960921
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VBS_WORM (49)"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VBS_WORM (49)"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wscript_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wscript_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\VBS_WORM (49)]
NOTE: This is specific to this strains of worm. In case the worm was
renamed, it uses the new filename as the registry key, so you have to change
fix.reg accordingly.
7. Scan with an updated antivirus.
Using Qihoo 360 TS to scan and fix your external drive (bypassing steps 4 and 6).
If you find this tutorial useful, please comment, share or email me.
You can also make a donation to my PayPal account to help me continue my work.
Thank you.
WinXPert
All content ("Information") contained in this report is the
copyrighted work of WinXPert: Virus and Malware Removal.
The Information is provided on an "as is" basis. WinXPert
disclaims all warranties, whether express or implied, to the maximum extent
permitted by law, including the implied warranties that the Information is
merchantable, of satisfactory quality, accurate, fit for a particular purpose or
need, or non-infringing, unless such implied warranties are legally incapable of
exclusion. Further, WinXPert does not warrant or make any representations
regarding the use or the results of the use of the Information in terms of their
correctness, accuracy, reliability, or otherwise.
Copyright © 2015 Arnaldo Austria. All rights reserved. All other
trademarks are the sole property of their respective owners.
No comments:
Post a Comment