Threat name: Vbs.Autorun.FM
Type: Malware
Filename: [Win32Root]\sysres.vbs
Threat : Whenever a removable drive is inserted, the following files are copied over:
Autorun.inf
ntdir.vbs
Here is the manual solution:
- Reboot System into safemode
- Go to C:\Windows and look for Sysres.vbs and delete.
- Go to regedit and search for Sysres.vbs and delete all of its values.
- Also in regedit, search for ntdir.vbs and radz_services.vbs and delete all values.
- Reboot your pc.
2 comments:
Filename: [Win32Root]\sysres.vbs
Whenever a removable drive is inserted, the following files are copied over:
Autorun.inf
ntdir.vbs
radz_services.vbs
c:\windows\sysres.vbs
Manual Solution:
1. Reboot System into safemode
2. Click My Computer --> Tools --> Folder options --> View --> tick: show hidden files and folders --> untick: Hide extensions for known file types --> untick: Hide protected operating system files (Recommended)
3. Goto C:\Windows and look for Sysres.vbs and delete.
4. Goto regedit and search for Sysres.vbs and delete all values that it has.
5. Also in regedit search for ntdir.vbs and radz_services.vbs and delete all value that it has.
6. Insert your WindowsXP Prof SP2 or SP3 Installer CD.
7. Navigate on I386 folder and copy Ntdetect.com
8. Overwrite C:\Ntdetect.com
9. Restart and boot to your WinXP SP2 or SP3 installer CD
10. Select "R" for REPAIR
11. Choose 1: C
12. C:\Windows prompt will appear then type "FIXMBR"
13. Answer "Y" for Yes
14. Type Exit
15. Voila, your computer is fully restored
by electrogoodie
Thanks for the detailed solution electrogoodie... :)
Post a Comment