VBS/Small Virus with ms32dll.dll.vbs

william232 · 10-14-2007, 12:31 AM

Hi all lately i have found a virus on my desktop yesterday morning

i am not sure if its a virus or trojan or worm

HijackthisLog is located here

http://wikdesigns.com/docs/hijackthis141007.txt

And the Name of the file is ms32dll.dll.vbs

How can i Fix this?

Thanks,
William

jay_bo · 10-14-2007, 09:05 AM

download vundo fix, run your system in safe mode, then vundo fix which will scan your system.

google: vundo fix

william232 · 10-14-2007, 12:05 PM

Which one?

vundo fix - Google Search

jay_bo · 10-14-2007, 05:13 PM

Download VundoFix 6.5.6 - VundoFix is a removal tool developed to remove Virtumonde infections - Softpedia

sorry i would of gave u the link never had time

william232 · 10-15-2007, 12:10 AM

I Restarted in Safe Mode but it did not find anything

What else can i do?

Osiris · 10-15-2007, 11:56 AM

remove these entries

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

and then follow this below and then post a new log

Double Click on My Computer icon on Desktop and select Tools --> Folder Options
When Folder Options cliak at View tab
check at Show Hidden files and folders
unchuck the Hide extention… and Hide protected operating system file
click OK
Press Ctrl+Alt+Delete. The Windows Task Manager will dispalay. Click at Processes tab
Click menu Image Name (to sort Files)
Select wscript.exe (one by one)
Click End Process button
Open drive (By right click and select Explore. Must not Double Click !) Delete autorun.inf and MS32DLL.dll.vbs (Press Shift+Delete) in all drives include Handy Drive and Floppy disk.
Open folder C:\WINDOWS to delete MS32DLL.dll.vbs inside (press Shift+Delete )
Go to Start --> Run and enter regedit click OK. Registry Edit dialoq will display.
Select HKEY_LOCAL_MACHINE --> Software --> Microsoft --> Windows --> Current Version --> Run to delete MS32DLL (press Delete key on keyboard)
Select HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer --> Main to delete Window Title “Hacked by Godzilla” (press Delete key on keyboard)
Click Start --> Run and enter gpedit.msc click OK. Group Policy dialoq will display.
Select User Configuration --> Administrative Templates --> System --> Double Click on file Turn Off Autoplay then Turn Off Autoplay Properties will display
Select Enabled
Select All drives
Click OK
To prevent auto open when we insert CD or plug the Handy Drive that is the way virus infect.
ClickStart --> Run and enter msconfig Click OK. the System Configuration Utility dialoq will display
Click Startup tab
Uncheck MS32DLL
Click Apply
Clock OK (or Close)
When the System Configuration dialoq display select Exit Without Restart
Double Click on icon My Computer on Desktop. Then select Tools --> Folder Options
On Folder Options dialoq select View tab
Check at Hide extention… and Hide protected operating system file
Click OK
Right Click at Recycle bin. Then select Empty Recycle Bin to make sure the virus is deleted.

william232 · 10-15-2007, 05:04 PM

i cannot even locate ms32dll.dll.vbs and autorun.inf but avg is detecting it still.

Osiris · 10-18-2007, 08:37 AM

Did you atleast move those 4 entries? If so, post a new log

Will AVG heal or delete the file?

Can you boot into safemode and run AVG?

Where does AVG say the file is located?

william232 · 10-18-2007, 12:48 PM

it say it is located in windows folder on the c drive.

i have work soon ill post a new log now heres the new log

http://wikdesigns.com/docs/hijackthis.log

ill try and start and run avg in safe mode

Osiris · 10-18-2007, 12:50 PM

and you cant browse to it with hidden files and folders enabled?

Member Login