Jump to content
You are not logged in ▶️ Click to sign-up or login ×

How To Get Rid Of A Write-protected Vbs-script On A Sd-card

siam2007

By siam2007
in IT and Computers

 Share

Recommended Posts

siam2007 Gold Member

siam2007

Posted
Posted

okay, I know there are some great comp-experts here in TV, so I decided to post that here first before posting at other Comp-boards, where u mostly get arrogant replies from the "such-called-experts" telling u how stupid u r and so on....

I had a lot of problems with my notebook and decided to re-instal the entire system, only to find out after a few days, that there were problems again and it seemed like somebody is spying me and almost controlling my computer entirely.

then I found out that there was a VBS-SCRIPT on my SD-card, which the attacker managed to send to my SD-card while it was inserted in my laptop. this script tries to copy itself to any harddrive it can find each 180 seconds (I found out about that while google-ing)

so now: how can I get rid of a "write-protected" VBS script (the script itself does not conatin any virus) without loosing all my hundreds of pics ?

Link to comment
Share on other sites
Firefoxx Gold Member

Firefoxx

Posted
Posted (edited)

These files will have the system, read-only, and hidden properties set. I don't know if you can unset the system property from windows, but in dos (run, cmd) you can change it. Go to cmd prompt, then change to the drive (say, f:), then use the command

attrib -s -h -r *.vbs

Then you can delete it (del *.vbs).

There will usually be a hidden autorun.inf file on the infected drive too. It's what makes the vbs script execute when you autoplay or double-click on the drive.

If you actually got infected with it on your main computer, it might be easy or hard to get rid of. Some antivirus programs can handle them, some can't. There are specialized killers for them, but you need to know which one you were infected with. These thumb drive virii are very common in Thailand, and I think they originated here.

Edited by Firefoxx
Link to comment
Share on other sites
siam2007 Gold Member

siam2007

Posted
  • Author
Posted (edited)
These files will have the system, read-only, and hidden properties set. I don't know if you can unset the system property from windows, but in dos (run, cmd) you can change it. Go to cmd prompt, then change to the drive (say, f:), then use the command

attrib -s -h -r *.vbs

Then you can delete it (del *.vbs).

There will usually be a hidden autorun.inf file on the infected drive too. It's what makes the vbs script execute when you autoplay or double-click on the drive.

If you actually got infected with it on your main computer, it might be easy or hard to get rid of. Some antivirus programs can handle them, some can't. There are specialized killers for them, but you need to know which one you were infected with. These thumb drive virii are very common in Thailand, and I think they originated here.

thanks firefoxx,

for some specific reason, I am 100% sure this thing does not origin in Thailand, but in my homecountry (as the main spy program I detected is in my mother tongue which is NOT english).

there is still another file called "desktop.ini" on my actual HD, which I think is used to create desktop-shots by the attacker.

I now plan to buy a new harddrive and even a new WINXP in english, as it the old one is in my mother tongue anyway, and no-one here can help me when I have problems with it.

about that write-protected file on my SD-Card: I guess its the best to bring it to a computer-repair-shop I can trust.....

Edited by siam2007
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.





×
×
  • Create New...