Removal instructions for 1.vbe
Analysis:
Type of file: VBEFile
Description:
Location: C:\Documents and Settings\Administrator\Local Settings\Temp\
Size: 30211 b
MD5: C7E1090127561E8A518D5A508059027E
Description:
Location: C:\Documents and Settings\Administrator\Local Settings\Temp\
Size: 30211 b
MD5: C7E1090127561E8A518D5A508059027E
Known system changes:
Keys added: HKLM\SOFTWARE\1
Values added:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1: "wscript.exe //B "C:\DOCUME~1\Admini~1\LOCALS~1\Temp\1.vbe""
HKLM\SOFTWARE\1\: "false - 10/25/2014"
Files added:
C:\Documents and Settings\Owner\Local Settings\Temp\1.vbe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\1.vbe
F:\1.vbe
F:\New Text Document.lnk
F:\New Folder.lnk
Files [attributes?] modified:
F:\New Text Document.lnk
Values added:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1: "wscript.exe //B "C:\DOCUME~1\Admini~1\LOCALS~1\Temp\1.vbe""
HKLM\SOFTWARE\1\: "false - 10/25/2014"
Files added:
C:\Documents and Settings\Owner\Local Settings\Temp\1.vbe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\1.vbe
F:\1.vbe
F:\New Text Document.lnk
F:\New Folder.lnk
Files [attributes?] modified:
F:\New Text Document.lnk
Manual Removal Instructions for 1.vbe:
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
Make sure you create a System Restore point before proceeding:
1. Use Task Manager to terminate the malicious process wscript.exe.
2. Delete the 1.vbe from these locations.
4. Delete all *.lnk located at the root directory of your external drives. Replace DRIVE with the correct drive letter assignment of your external drives.
5. Unhide all hidden files and folders using this commands: Replace DRIVE with the correct drive letter assignment of your external drives.
6. Update your antivirus/antimalware program and
perform a full scan of the computer.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
Make sure you create a System Restore point before proceeding:
1. Use Task Manager to terminate the malicious process wscript.exe.
2. Delete the 1.vbe from these locations.
- %Temp%
- %UserProfile%\Start Menu\Programs\Startup
- Root directory of USB drives
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\1]
DEL DRIVE:\*.LNK
ATTRIB DRIVE:\*.* -S -H /S /D
All content ("Information") contained in this report is the
copyrighted work of WinXPert: Virus and Malware Removal.
The Information is provided on an "as is" basis. WinXPert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, WinXPert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2014-2015 WinXPert. All rights reserved. All other trademarks are the sole property of their respective owners.
The Information is provided on an "as is" basis. WinXPert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, WinXPert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2014-2015 WinXPert. All rights reserved. All other trademarks are the sole property of their respective owners.
No comments:
Post a Comment