Jump to content

How To Get Rid Of A Write-protected Vbs-script On A Sd-card


Recommended Posts

Posted

okay, I know there are some great comp-experts here in TV, so I decided to post that here first before posting at other Comp-boards, where u mostly get arrogant replies from the "such-called-experts" telling u how stupid u r and so on....

I had a lot of problems with my notebook and decided to re-instal the entire system, only to find out after a few days, that there were problems again and it seemed like somebody is spying me and almost controlling my computer entirely.

then I found out that there was a VBS-SCRIPT on my SD-card, which the attacker managed to send to my SD-card while it was inserted in my laptop. this script tries to copy itself to any harddrive it can find each 180 seconds (I found out about that while google-ing)

so now: how can I get rid of a "write-protected" VBS script (the script itself does not conatin any virus) without loosing all my hundreds of pics ?

Posted (edited)

These files will have the system, read-only, and hidden properties set. I don't know if you can unset the system property from windows, but in dos (run, cmd) you can change it. Go to cmd prompt, then change to the drive (say, f:), then use the command

attrib -s -h -r *.vbs

Then you can delete it (del *.vbs).

There will usually be a hidden autorun.inf file on the infected drive too. It's what makes the vbs script execute when you autoplay or double-click on the drive.

If you actually got infected with it on your main computer, it might be easy or hard to get rid of. Some antivirus programs can handle them, some can't. There are specialized killers for them, but you need to know which one you were infected with. These thumb drive virii are very common in Thailand, and I think they originated here.

Edited by Firefoxx
Posted (edited)
These files will have the system, read-only, and hidden properties set. I don't know if you can unset the system property from windows, but in dos (run, cmd) you can change it. Go to cmd prompt, then change to the drive (say, f:), then use the command

attrib -s -h -r *.vbs

Then you can delete it (del *.vbs).

There will usually be a hidden autorun.inf file on the infected drive too. It's what makes the vbs script execute when you autoplay or double-click on the drive.

If you actually got infected with it on your main computer, it might be easy or hard to get rid of. Some antivirus programs can handle them, some can't. There are specialized killers for them, but you need to know which one you were infected with. These thumb drive virii are very common in Thailand, and I think they originated here.

thanks firefoxx,

for some specific reason, I am 100% sure this thing does not origin in Thailand, but in my homecountry (as the main spy program I detected is in my mother tongue which is NOT english).

there is still another file called "desktop.ini" on my actual HD, which I think is used to create desktop-shots by the attacker.

I now plan to buy a new harddrive and even a new WINXP in english, as it the old one is in my mother tongue anyway, and no-one here can help me when I have problems with it.

about that write-protected file on my SD-Card: I guess its the best to bring it to a computer-repair-shop I can trust.....

Edited by siam2007

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...