Virus!

[kkengvibul]

hi people..

I am having some virus problems. I turned on my computer this morning and it was filled with virus(es). I'm using Avast! and everytime it detects a virus and I followed the recommended action, the detection popup just keeps coming up.

The file name is

D:/.MS32DLL.dll.vbs

C:/.MS32DLL.dl.vbs

Malware name:

VBS: Solow

Malware type: Virus/Worm

and some others i dont remember.

When i click delete or move to chest, the popup would not go away and it says that the file could not be found or something.

What's happening to my computer? Is there a way that i can fix this?

thank you

kkengvibul

[kkengvibul]

i tried to do some research.....but all the sites seem to say that i need to format my computer.

Is that really the case? Is there any other way i can get rid of this virus without having to format my computer?

kkengvibul

[chingching]

Try AVG, altho some members here seem to hate it , they seem to hate it bc it is free. I've used it for years and never a virus, or one it couldn't clean up.

[kkengvibul]

i was using AVG before Avast. The subscription ended or something and i couldn' use it anymore.

[Veazer]

Try AVG, altho some members here seem to hate it , they seem to hate it bc it is free. I've used it for years and never a virus, or one it couldn't clean up.

actually i hate AVG because it let several viruses through despite being up to date. I wouldn't hate something because it's free... I use NOD32 now a greatly prefer it.

I haven't dealt with this particular virus, but ususual strategy with a vbs virus is:

• open task manager (CTRL-Shift-ESC) and kill the wscript.exe process
  
• set explorer to show all files and extensions (Tools -> folder options, then enable 'show hidden files and folders' and uncheck 'hide protected operating system files' and 'hide extensions for know filetypes')
  
• search your system for *.vbs files, including removable drives.
  
• Sort results by size. You'll see the files you already know are the virus (ie. ms32dll.dll.vbs) Anything .dll.vbs is nearly always a virus, they are taking advantage of the fact that windows is set by default to hide extensions and thus the user only sees ms32dll.dll.
  
• Anything the same size and nearly the same date as the known virus is likely also a virus. delete them, or rename them and move them if you're uncertain and think they might be legit. note that the bad .vbs files are usually hidden and will show up as 50% transparent in the search results.
  
• check your removable drives and C drive for autorun.inf, this is how the virus spreads itself. it's unlikely that your removable drive has a legitimate autorun.inf unless it's designed to pop -up a portable application list or something when installed. Bin them.
  
• run MSconfig from 'Start' --> 'Run' and examine the Startup tab for items referencing the virus and uncheck them.
  
• Get a decent virus program.
  

[Mid]

VBS/Solow-A

Protection Download virus identity (IDE) file

[kkengvibul]

thanks for the replies.

Veazer, i tried what you said and the ms32dll.dll.vbs files was not there. There were no .dll.vbs files....only .vbs files. When i tried to delete the latest vbs files, I couldnt.

What do i do now?

[kkengvibul]

hm...although it said that i couldn't delete the files, the virus detection seems to be gone now.

Does this mean i've managed to delete the virus/worm?? Or is it still there? Is there a way to check?

thanks again

(sorry for alll the questions!)

kkengvibul

[A_Traveller]

Best answer to that is to go to one of the virus detection companies site and download a scanner, run that and see if it finds it still, if so most of the download version allow you to clean up the machine with out having to buy anything

Regards

/edit typo //

Edited May 3, 2007 by A_Traveller

[kkengvibul]

I think the virus is still in my computer since when i double click on both the C and D drive, a "Windows Script Host" says 'can not find script file C:\.MS32DLL.dll.vbs'.

when i try searching for this file, its nowhere to be seen.

[cdnvic]

Nod32 has a full functioning 30day trial. Download it and run it with your computer in safe mode. (hit f5 or f8 as windows starts to load)

This should rid you of it

If you want a FREE Antivirus that is not crap like AVG you can also use Antivir

Nod32 http://www.eset.com/

Antivir http://www.free-av.com/

[cdnvic]

Here's a link to download the Nod32 cleaner that targets this specific worm;

http://www.nod32th.com/component/option,co...id,290/lang,en/

[kkengvibul]

Thanks for all the help everyone!! I think I've managed to get rid of the worm now. I can double click on open my c and d drive without any problems. I used the SOPHOS program to scan my computer and deleted the infections.

However, I have another problem now. After I deleted one of the infections and restarted my computer, on start-up there's another popup that says (Windows Script Host) 'Cannot find script file C:\Windows\boot.ini'.

That is the exact file I deleted through SOPHOS Anti Virus. So what do i do now?

kkengvibul

[cdnvic]

Thanks for all the help everyone!! I think I've managed to get rid of the worm now. I can double click on open my c and d drive without any problems. I used the SOPHOS program to scan my computer and deleted the infections.

However, I have another problem now. After I deleted one of the infections and restarted my computer, on start-up there's another popup that says (Windows Script Host) 'Cannot find script file C:\Windows\boot.ini'.

That is the exact file I deleted through SOPHOS Anti Virus. So what do i do now?

kkengvibul

Just run a repair from your Windows CD and it should tidy up the mess. Sophos should have removed the worm's entries from boot.ini, not the whole file.

[kkengvibul]

I don't have a Windows XP CD, only a system recovery cd. I found on the internet that i can't fix it with a recovery cd. Is this true?

[cdnvic]

I don't have a Windows XP CD, only a system recovery cd. I found on the internet that i can't fix it with a recovery cd. Is this true?

Nope. Only a full reinstall.

Any Windows disk (of the same version) will do, just use your own license key. Try borrowing one from a friend.

[kanitsorn]

Thanks for all the help everyone!! I think I've managed to get rid of the worm now. I can double click on open my c and d drive without any problems. I used the SOPHOS program to scan my computer and deleted the infections.

However, I have another problem now. After I deleted one of the infections and restarted my computer, on start-up there's another popup that says (Windows Script Host) 'Cannot find script file C:\Windows\boot.ini'.

That is the exact file I deleted through SOPHOS Anti Virus. So what do i do now?

kkengvibul

I think, your computer has infected virus called Godzilla, the virus was deleted but the command in start up still exist. Just go to run>msconfig then click Startup and uncheck the boot (wscript.exe/E:vbs C:\WINDOWS\boot.ini)

Hope it helps

Kanitsorn

[Veazer]

I think, your computer has infected virus called Godzilla, the virus was deleted but the command in start up still exist. Just go to run>msconfig then click Startup and uncheck the boot (wscript.exe/E:vbs C:\WINDOWS\boot.ini)

Hope it helps

Kanitsorn

Probably won't help too much, this thread is nearly a year old...

[jstumbo]

Really old thread

Edited April 20, 2008 by jstumbo

[jstumbo]

really old thread

Edited April 20, 2008 by jstumbo