Special Sponsor

Friday, February 16, 2007

MS32DLL.dll.vbs, VBS.Zodgila, VBS_RESULOW.A

damn... virus, malware... all make me sick...
recently I got this surprise after my friend borrow my thumb drive and sadly my AV doesn't detect it :(
erm .. maybe because it is a malware ?

My IE also change title to "Hacked By Godzilla"

I google and found how to remove it... this info from symantec.com

Discovered: November 23, 2006
Updated: January 28, 2007 10:33:26 AM
Type: Worm
Infection Length: 3,642 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

How to Remove?


1 .Kill process wscript.exe
  • open Windows Task Manager>
  • Sort Image Name
  • find wscript.exe
  • kill (end process) all wscript.exe
2. Unhide the hiden file(s)
  • Open My Computer
  • Select Tools --> Folder Options
  • When Folder Options click at View tab
  • check at Show Hidden files and folders
  • uncheck the Hide extention… and Hide protected operating system file
  • Click OK
3. Explore drive
  • Open drive (By right click and select Explore. Must not Double Click !) Delete autorun.inf and MS32DLL.dll.vbs (Press Shift+Delete) in all drives include Handy Drive and Floppy disk.
  • Open folder C:\WINDOWS to delete MS32DLL.dll.vbs inside (press Shift+Delete )

4. Remove from registry key

    MS32DLL = "%Windows%\MS32DLL.dll.vbs"
  • Select HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer --> Main to delete Window Title “Hacked by Godzilla” (press Delete key on keyboard)

5. ClickStart --> Run and enter msconfig Click OK. the System Configuration Utility dialog will display
  • Click Startup tab
  • Uncheck MS32DLL
  • Click Apply
  • Clock OK (or Close)
When the System Configuration dialog display select Exit Without Restart

6. Hide hidden file
  • On Folder Options dialog select View tab
  1. Check at Hide extension… and Hide protected operating system file
  2. Click OK
7. Empty the Recycle bin

1 comment:

Albin Sebastian said...

i created a fix tool for this.

visit http://tec-updates.blogspot.com/2008/05/godzilla-virus-removal-ms32dlldllvbs.html