Digit Technology Discussion Forum - View Single Post

Yavin · 28-10-2007, 06:16 PM

First
Open task manager and kill process wscript.exe.

Then
Delete VirusRemoval.vbs and Autorun.inf files from all usb drives.

Then
Go to c:\Windows\System32 and delete the file VirusRemoval.vbs. It is super hidden so first go to Folder Options and check show hidden and super hidden check boxes. Also required for the above files.

Then
Go to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
On the right side look for Shell which should have value of just explorer.exe.
delete anything after explorer.exe.

Under same key Winlogon also look for Userinit which should have value of
c:\WINDOWS\system32\userinit.exe,
Delete all the crap after the comma.

Then
Go to HKCU\Software\Microsoft\Internet Explorer\Main
On the right side locate Window Title and delete its value i.e. Sujin.com.np

Under the same key locate Start Page and delete its value i.e. http://sujin.com.np/

I think that's all guys. I'm sure it will help.

Guys u can also disable the use of vbs and js files from the registry. For that
Go to HKLM\Software\Microsoft\Windows Script Host\Settings
On the right look for REG_SZ called Enabled and change its value to 0 to turn Windows Scripting Host. After this even if you accidentally click on vbs or js files it will display the message you can see on your own.

28-10-2007, 06:16 PM	#6 (permalink)
Yavin Yalam Join Date: Jul 2007 Location: Chilgok, South Korea Posts: 45	Re: wscript.exe is it to blame? First Open task manager and kill process wscript.exe. Then Delete VirusRemoval.vbs and Autorun.inf files from all usb drives. Then Go to c:\Windows\System32 and delete the file VirusRemoval.vbs. It is super hidden so first go to Folder Options and check show hidden and super hidden check boxes. Also required for the above files. Then Go to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon On the right side look for Shell which should have value of just explorer.exe. delete anything after explorer.exe. Under same key Winlogon also look for Userinit which should have value of c:\WINDOWS\system32\userinit.exe, Delete all the crap after the comma. Then Go to HKCU\Software\Microsoft\Internet Explorer\Main On the right side locate Window Title and delete its value i.e. Sujin.com.np Under the same key locate Start Page and delete its value i.e. http://sujin.com.np/ I think that's all guys. I'm sure it will help. Guys u can also disable the use of vbs and js files from the registry. For that Go to HKLM\Software\Microsoft\Windows Script Host\Settings On the right look for REG_SZ called Enabled and change its value to 0 to turn Windows Scripting Host. After this even if you accidentally click on vbs or js files it will display the message you can see on your own.