Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×

Can't Get Rid Of Vbs Virus

RueFang

By RueFang
in IT and Computers

 Share

Recommended Posts

RueFang Silver Member

RueFang

Posted
Posted

My computer has been infected with a virus this afternoon from a removable USB stick .The virus is VBS:Solow...I've run the antivirus but it only found the virus once and I deleted it. I restarted the computer and now my antivirus is alerting me every 2 seconds that a virus was found on my C and E drives. I have pressed delete about a hundred times already but it continues to pop up...is this because it's not deleting or there a million infections? Every time I hit delete or quarantine the box pops up again straight away with another warning. I am currently running the windows malicious software removal tool but after running for 5 minutes that's not finding anything. What should I do since my virus protection is obviously detecting it but not deleting it?

Thanks

Guest Reimar

Guest Reimar

Posted
Posted

RueFang:

go to http://www.freedrweb.com and download CureIt.

Run to first the default Sacn and after that the Full Scan.

Not forget to run on ALL computers where that stick was connected.

Cheers.

DamianMavis Silver Member

DamianMavis

Posted
Posted (edited)

Google the exact name of the file you keep deleting and you will get a step by step how to for removal. LIKE: "VBS:solow removal"

Is it VBS:solow a or b or c or d or e?

Basically it will keep putting itself back on (that is what the virus does) until you end its processes, edit the registry and possibly end the startup process in msconfig... and then run a full virus scan to find all the vbs files and delete them. DO NOT do these things unless you find a good step by step guide for your exact virus. I had KILL VBS and I removed that with a good guide, there was no virus scanner to remove it, it had to be done manually. Or, you could format your hard drive and reinstall windows. Also, all your external media will be infected (psp, ipod, usb flash drives etc....) so you will have to delete the files from them too after you fix your computer or you could reinfect.

Damian

Edited by DamianMavis
sensei Silver Member

sensei

Posted
Posted (edited)
RueFang:

go to http://www.freedrweb.com and download CureIt.

Run to first the default Scan and after that the Full Scan.

Not forget to run on ALL computers where that stick was connected.

Cheers.

Follow this route. This is what I used to delete those pesky infection that keeps coming back.

Check if you can still access the Task Manager and the Folder Options

Chances are, the infection could have disabled it by now.

If that is so, then you would have to do some registry tinkering after you get rid of the worm

CureIt is great!

Antivir might do a good job of blocking it if the worm hasn't settled in yet.

Edited by sensei
RueFang Silver Member

RueFang

Posted
  • Author
Posted (edited)

Thanks for your advice. I used CureIt on both my computers which appears to have fixed it yesterday but I've just scanned again this morning and it's still finding the virus. One computer is functioning normally but the other one on start up has the message -

"Windows: Loading Script "C:\WINDOWS\.MS32DLL.dll.Vbs"failed (Access is denied)"

I also can't open my drives from "My Computer" and get the same error messages popping up regarding the different drives. I can still access files on the drives if I open them through the relevant programs though.

I have looked for detailed instructions on the net on how to remove entries from the register but they all seem to be in Thai or relate specifically to VBS a,b,c etc. This VBS virus/malware has no letter and on removal states only VBS Generic 548 deleted. I've previously removed the "Hacked by Godzilla" virus from the register which seems to be a similar thing but I had specific details about how to do that. If anyone can tell me specifics regarding deleting register entries (if that is what is needed) or how to repair the My Computer function, would be greatly appreciated.

As I'm in Thailand my version of windows is not exactly original so am unable to reinstall windows.

Edited by RueFang
sensei Silver Member

sensei

Posted
Posted (edited)
Thanks for your advice. I used CureIt on both my computers which appears to have fixed it yesterday but I've just scanned again this morning and it's still finding the virus. One computer is functioning normally but the other one on start up has the message -

"Windows: Loading Script "C:\WINDOWS\.MS32DLL.dll.Vbs"failed (Access is denied)"

I also can't open my drives from "My Computer" and get the same error messages popping up regarding the different drives. I can still access files on the drives if I open them through the relevant programs though.

I have looked for detailed instructions on the net on how to remove entries from the register but they all seem to be in Thai or relate specifically to VBS a,b,c etc. This VBS virus/malware has no letter and on removal states only VBS Generic 548 deleted. I've previously removed the "Hacked by Godzilla" virus from the register which seems to be a similar thing but I had specific details about how to do that. If anyone can tell me specifics regarding deleting register entries (if that is what is needed) or how to repair the My Computer function, would be greatly appreciated.

As I'm in Thailand my version of windows is not exactly original so am unable to reinstall windows.

The message saying that a certain dll file is missing is because that dll file is the worm that had been rooted out by CureIt. It only means that it's trying to start automatically as your computer starts but it can't anymore because the file isn't there.

You can remove the startup of that dll by doing this... Start--> Run --> msconfig --> startup tab

look for the command pointing to that dll file and uncheck it.

for the meantime, to open a folder or drive, right click on the icon then select open or explore from there...

you will notice that on the very top of the right click menu, it would say Autorun- that's the reason why you cant open the folder or drive.

An autorun file (autorun.inf) in that drive has to be deleted manually but it's hidden so you have to allow viewing of hidden files to do so. If in case the worm has disabled the folder options that allows you to see hidden files, a registry tweaking might be required.

To enable the task manager...

Here's how to you could get the task manager back.

There is a registry hack to enable or disable Windows NT TaskManager. The same registry hack applies to Windows 2000 and Windows XP.

Hive: HKEY_CURRENT_USER

Key: Software\Microsoft\Windows\CurrentVersion\Policies\System

Name: DisableTaskMgr

Type: REG_DWORD

Value: 1=Enablethis key, that is DISABLE TaskManager

Value: 0=Disablethis key, that is Don't Disable, Enable TaskManager

As part of the enhanced management available in Windows 2000 and Windows XP, rather than risking a registry change, as an administrator you can enable or disable Windows 2000 Pro or Windows XP Pro's TaskManager using Group Policy Editor. This can be applied to the local policy. Note: if you are trying to override your organizations group policy, you can't. As soon as you re-authenticate to the domain, the domain or OU Group Policy will rewrite the registry setting. But if the TaskManager was accidently disabled or you need to control this item for a set of standalone boxes this is for you:

* Click Start

* Click Run

* Enter gpedit.msc in the Open box and click OK

* In the Group Policy settings window

o Select User Configuration

o Select Administrative Templates

o Select System

o Select Ctrl+Alt+Delete options

o Select Remove Task Manager

o Double-click the Remove Task Manager option

And as I mentioned above, since the policy is Remove Task Manager, by disabling the policy, you are enabling the Task Manager.

Got XP Home - use the registry edit.

FOLDER OPTIONS

Here's How:

1. Click Start

2. Click Run

3. Type REGEDIT

4. Click OK

The Registry Editor will now open

5. Browse to the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Note: HKCU stands for HKEY_CURRENT_USER

6. In the right pane, look for the value: NoFolderOptions

7. Right click NoFolderOptions and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

8. Now browse to the following key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Note: HKLM stands for HKEY_LOCAL_MACHINE

9. In the right pane, look for the value: NoFolderOptions

10. Right click NoFolderOptions and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

11. Close the Registry by choosing File | Exit

12. You should now be able to access the Folder Options menu. If not, reboot into Safe Mode and repeat the steps outlined above.

or see this link:

http://techbold.com/2007/06/disable-or-ena...ions-in-xp.html

Edited by sensei
Guest Reimar

Guest Reimar

Posted
Posted

sensei is correct:

But instead of the windows Taskmanger I would suggest to use Whatsrunning 2.2 a Freeware and can bedownloaded from HERE. You should also download FastSum for to compare the Checksum of the file to be in original stage. FastSum, also an Freeware can de downloaded from HERE.

Later the day as I'm back at my office, I'll upload both file to the Download Section of Thaivisa.

RueFang, if you need any special Software, PM me with your requirements.

Cheers.

RueFang Silver Member

RueFang

Posted
  • Author
Posted
To enable the task manager...

Here's how to you could get the task manager back.

There is a registry hack to enable or disable Windows NT TaskManager. The same registry hack applies to Windows 2000 and Windows XP.

Hive: HKEY_CURRENT_USER

Key: Software\Microsoft\Windows\CurrentVersion\Policies\System

After Policies I only have the option of Explorer..there is no System!

FOLDER OPTIONS

Here's How:

1. Click Start

2. Click Run

3. Type REGEDIT

4. Click OK

The Registry Editor will now open

5. Browse to the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Note: HKCU stands for HKEY_CURRENT_USER

6. In the right pane, look for the value: NoFolderOptions

After Explorer only have the options of (default) - Reg_Sz

NoDriveTypeAutoRun - Reg_DWORD

There is no option available No Folder Option

7. Right click NoFolderOptions and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

8. Now browse to the following key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Note: HKLM stands for HKEY_LOCAL_MACHINE

After Policies there is only Non Enum, Ratings, System.............there is no Explorer option

9. In the right pane, look for the value: NoFolderOptions

10. Right click NoFolderOptions and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

11. Close the Registry by choosing File | Exit

12. You should now be able to access the Folder Options menu. If not, reboot into Safe Mode and repeat the steps outlined above.

Thank you Sensei for that detailed post...I did the Start--> Run --> msconfig --> startup tab but that file was not there to uncheck, as well as your other instructions that I noted in red above.

Reimar I've downloaded the What's Running and it's interesting and a handy tool but I can't see that process running and don't really know where to go from there!

RueFang Silver Member

RueFang

Posted
  • Author
Posted

All problems have been successfully cleared! Woohoo! All thanks to CureIt....highly recommend it. Deleted all traces of the virus and got my drives working again. Will keep an eye on it though just to be sure!

Thanks for the recommendation Reimar :o

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.





  • Topics

  • Latest posts...

    1. 3

      The Post 'Comment Link URL' Has Disappeared

      Confirmed, now must be 'Logged-In' to see the comment URL Link. "To me, it makes sense not to display a "Comment" button to a reader who is not logged in." Sir you missed my point, often a thread can be long with many comments, A link for the last comment, bookmarked allows one to jump to where that thread's last 'read place' was. Now must scroll down the entire thread to find where you were last, if you can remember. It is a PITA. Hey Admins, please fix this, was never this way before. Thank You.
      howto in Forum Support Desk
    2. 7

      Taking Someone Home: Ever Reach Down and Get an Unexpected Surprise?

      Nothing more upsetting than finding out your date has a bigger dk than you ! 😉👍
      • 1
      • Haha
      CharlieH in ASEAN NOW Community Pub
    3. 213

      Something smelling musky -- the age of undemocratic in your face oligarchy in the USA.

      Sadly, this is the wrong forum to do that. Sides have been clearly delineated. You will never change a MAGA opinion. This is red meat to them, they LOVE to eff with you! An interesting read here, explaining how the US has become a factionalized anocracy [a degenerating democracy] that is quickly approaching the open insurgency stage. A second civil war is brewing, we're closer than we want to admit. https://fpif.org/how-to-counter-fascism/
      HappyExpat57 in Political Soapbox
    4. 1

      Biden lifts restrictions on Ukraine using US weapons to strike deep inside Russia.

      Wow, that is quite amove considering Putin said he would consider USA and NATO directly at war with Russia if that happens...
      freedomnow in World News
    5. 81

      Foreign Driver in Fatal EV Collision with Motorbike, Drags It Over 50 Metres

      This is just about 500 m from the site of the accident. I doubt the authority would set the speed limit to 60 kph on this kind of road. Not just bends, there are many junctions with no road marking at all, and shops or housing area entrances just by the roadside. Common sense tells me, even a 50 kph speed limit is already high. There was someone who said 80 kph....... https://maps.app.goo.gl/W87EHVkQJdQne7g48 Since the car was probably going down a slope from the overhead bridge, and the road in front is a little wider, I assume he/she increased the speed. So, at the site of the accident (probably the + junction), the car was most likely quite fast, very likely exceeding the limit (speed limit won't increase just because there is a slope). As a result, it took about 45-50 meters to stop. This is the distance between the + junction and the entrance of housing area where the CCTV is. Since speed limits are there to reduce harm, the driver caused serious harm because of failure to drive at or below the limit, he/she cannot claim 0 fault.
      hhaat in Pattaya News
    6. 1

      Biden lifts restrictions on Ukraine using US weapons to strike deep inside Russia.

      c177bca2a65e6d4f2e72e01e9bf4c640.mp4
      CharlieH in World News
    7. 0

      Female Journalists Rally Around Allison Pearson Amid Fears for Press Freedom

      The investigation into journalist Allison Pearson has sparked a wave of support among female journalists, who warn they could face similar scrutiny over their work or social media posts. Pearson, a columnist for *The Telegraph*, is currently under investigation by three police forces for a now-deleted tweet. The controversy has ignited broader discussions about freedom of expression and the role of the police in regulating speech. On Remembrance Sunday, Pearson was visited at her home by Essex Police. They informed her of a complaint related to her tweet but declined to provide details about the alleged offense or the identity of the complainant. This incident has drawn criticism from fellow journalists, including *Daily Mail* columnist Sarah Vine, who described the situation as a "frightening moment for press freedom." Vine remarked on the pressures faced by journalists, particularly women, saying: “Journalists, and especially female journalists, are used to receiving a lot of abuse. It’s not easy, but it comes with the territory. We console ourselves with the thought that the police and responsible authorities have our back. What has happened to @AllisonPearson has shown that is no longer true. It’s a frightening moment for press freedom. The fact that @Keir_Starmer seems okay with it is even more chilling.” *Daily Mail* journalist Rachel Johnson, the sister of former Prime Minister Boris Johnson, echoed these concerns. Sharing an article written by her brother in Pearson’s defense, she stated: “Hear hear – and so say all of us standing with @AllisonPearson. They messed with the wrong Welshwoman this time, but any one of us could be next.” The investigation centers on whether Pearson’s tweet constituted a Non-Crime Hate Incident (NCHI) or violated the Malicious Communications Act. Although NCHIs are not criminal offenses, they are recorded by police. Essex Police recently clarified that Pearson is now being investigated under section 17 of the Public Order Act for allegedly stirring up racial hatred with a post made in November last year. The controversy has prompted a government review of how police handle NCHIs. Donna Jones, the former chair of the Association of Police and Crime Commissioners, criticized the approach, arguing that police should not be engaging with individuals unless a crime has been committed. “The police should not be going to somebody’s home if they have not committed a crime,” Jones stated. She added, “If it is a non-crime, it should stop there. Yes, collect the data, feed it into the Home Office, but going further only wastes police resources.” The sentiment was shared by Kemi Badenoch, leader of the Conservative Party, who told *The Telegraph*: “We need to stop this behavior of people wasting police time on trivial incidents because they don’t like something, as if they’re in a nursery.” Other politicians, including Chris Philp, the shadow home secretary, and Suella Braverman, former home secretary, have voiced similar frustrations with the policing of speech. Renowned barrister Geoffrey Robertson KC also criticized the investigation, calling it “a waste of public money.” The incident, he suggested, illustrates the need for a reassessment of priorities in policing. As the debate over Pearson’s case continues, the outpouring of support highlights concerns among female journalists about the implications for press freedom. “Any one of us could be next,” Rachel Johnson warned, a sentiment that resonates widely in a profession increasingly under scrutiny for expressing contentious views. Based on a report by Daily Telegraph 2024-11-18
      Social Media in World News
    8. 0

      Trump Aide Urges UK to Embrace US Free Market Over 'Socialist' EU

      Britain should align its trade priorities with the United States rather than the European Union's "socialist model," according to Stephen Moore, a senior economic adviser to Donald Trump. Moore's comments come as the former president-elect considers policies that could include sweeping tariffs, potentially sparking global trade tensions and significantly impacting the UK economy. Moore, speaking from Trump’s Mar-a-Lago residence in Palm Beach, Florida, suggested the US would be "less interested" in pursuing a free trade agreement with Britain if it moves toward closer alignment with the EU. "I’ve always said that Britain has to decide — do you want to go towards the European socialist model or do you want to go towards the US free market? Lately, it seems like they are shifting more in a European model, and so if that’s the case, I think we’d be less interested in having [a free trade deal]," he stated. The UK’s trade relationship with the EU remains a critical issue. Labour leader Sir Keir Starmer has prioritized negotiating closer ties with Brussels, aiming to bolster economic growth. Similarly, Andrew Bailey, governor of the Bank of England, recently emphasized the need to rebuild trade relations with the EU, arguing that Brexit had weighed on the UK economy. Labour has proposed easing post-Brexit checks on goods crossing the Channel and securing EU recognition of UK professional qualifications. Moore noted that Trump’s proposed tariffs — as high as 20% on imports generally and up to 60% on goods from China — reflect his mandate to revitalize American manufacturing and create jobs. While tariffs could trigger a global trade war, Moore argued they might also "shift production more to domestic" industries, stating, "I’m a free trader, but the public agrees with Trump, and so I think we will see tariffs." Trump himself recently declared that “tariffs” were “the most beautiful word in the dictionary.” The potential implications for Britain are substantial. The National Institute of Economic and Social Research has estimated that Trump’s tariff policies could halve the UK’s GDP growth, creating a £21.5 billion shortfall in the country’s tax and spending plans while driving inflation up by 3 to 4 percentage points. While the EU has prepared retaliatory tariffs targeting iconic American goods like Levi’s jeans and Harley Davidson motorcycles, the UK is unlikely to follow suit, fearing escalation. Instead, ministers are reportedly seeking a carve-out from US tariffs. A free trade deal between the US and UK remains a contentious issue. Boris Johnson’s government previously pursued such an agreement during Trump’s administration, but talks stalled over disputes regarding American agricultural standards. Current Labour leadership, including Chancellor Rachel Reeves, has ruled out allowing imports of chlorine-washed chicken or hormone-treated beef, emphasizing, "We are not going to allow British farmers to be undercut by different rules and regulations in other countries." Moore, who has warmed to Trump’s protectionist rhetoric, explained the strategy: "What he’s talking about is using — he put it very well — raising taxes on things made in China, Mexico, and Europe but lowering taxes on things made here." He acknowledged concerns about trade wars but echoed Trump’s sentiment that such conflicts already exist in practice. Lord Mandelson, a contender for the role of British ambassador to Washington, has advocated for a pragmatic approach. He suggested the UK pursue a limited agreement focusing on digital services and technology. Meanwhile, Lord Darroch, a former British ambassador to the US, predicted that Trump would act decisively on tariffs, leveraging them to demand concessions from trading partners. As the UK navigates its post-Brexit trade strategy, the choice between closer ties with the EU or the US looms large, with significant economic and political consequences tied to either path. Based on a report by the Times and Sunday Times 2024-11-18
      Social Media in World News

  • Popular in The Pub


ASEANNOW

ASEANNOW (formally ThaiVisa) is Thailand's oldest and most popular expat and foriegner forum. Sign up today and have your say!

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...