MSwin32.dll.vbs, autorun.inf- virus removal

Symptoms

* Cannot directly double click and enter any drive (especially USB drives)
* Computer slows down
* A unknown "wscript.exe" or "monit.exe" or "scvhost.exe" in your Task Manager processes
* A hidden MSwin32.dll.vbs and autorun.inf files in every drive
* "We want Avnish sir back" in the Internet Explorer title space

If you have experienced any of the above problems, you have this little jerk on board your system.

What does it do?


* Makes it impossible to access the drives directly. i.e. You cannot enter the drives by double clicking on its icon in My Computer. If it does open, it opens in a new window.
* Makes your system slow.

Files involved

1. MSwin32.dll.vbs and autorun.inf in every drive
2. wscript.exe and monit.exe (and sometimes, scvhost.exe) in C:\Windows
3. 4 registry keys

Removal

The removal of this virus is simple. However, please note that this virus most often appears in tandem with another virus which creates .exe files inside a folder, with the same name as the folder. To remove that virus, check out the And Back Up blog, after you’re done with this removal. Fire up your Task Manager (Alt+Ctrl+Del) and end the processes wscript.exe and monit.exe

1. Open Folder Options (My Computer>Tools>Folder Options>View) and -
> Enable Show hidden files and folders
> Uncheck Hide extensions for known file types
> Uncheck Hide protected operating system files
Click OK.
2. Go to each drive (C, D, E etc.) and delete(Shift+Delete and OK) the hidden files MSwin32.dll.vbs and autorun.inf. DO NOT insert your USB drive now. Finish the entire Removal procedure, do the Immunisation(given below) and THEN do this step (i.e. Step 3) for your USB drive(also Digicam, Mobile Phones, iPods, Music Players etc.).
3. Open Registry Editor (Start>Run>regedit>OK) and delete the following keys -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run\wscript

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run\monit

Then, browse to the key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
and double click on the key Window Title. Change the value of that key to "Microsoft Internet Explorer" (without the quotes :P).







This is a stupid little virus, its pretty easy to immunise yourself from it. And its pretty simple. Make a blank text file named autorun and change its file extension to .inf . (if you can’t see the file extension, repeat Step 2 given above). Now right click the autorun.inf file and check the option which says Read Only, and click OK.

You might also download and run the Symantec NoScript plugin - it disables all VBscripts on your system - making you less susceptible to viruses.

Share this

Related Posts

Previous
Next Post »

3 comments

comments

Post Your Comments Below: