h4ck3v1l.vbs

system · March 18, 2009, 12:05pm

New virus.

Anybody who infected by this virus will found thier task manager, regedit, cmd and more replace by setup notepad file.

To remove just terminate the active process of the virus in c:\windows

After that search the registry debugger with value notepad.

This is the link to the virus. Just for thus who want to play with this virus only, ok?

hxxp://www.mediafire.com/?sharekey=361a91a1915e45ef7f7ec40ada4772a63509bdb034fc9ec5c95965eaa7bc68bc

Lisandro · March 18, 2009, 1:08pm

Maybe post a broken link to avoid accidental click on it.
How can the user get cleaned of it?

system · April 13, 2009, 10:10am

Hi, can anyone help me here? I got infected with this one and my ctrl + alt + del opens a notepad and I lost the ability to install. How to fix this? I’m a newbie… please help me

polonus · April 13, 2009, 11:35am

Hi purpleheart,

H4CK3V1L.VBS remove instruction

Temporarily Disable System Restore, Reboot computer in SafeMode;
Locate H4CK3V1L.VBS virus files and uninstall H4CK3V1L.VBS files program. Follow the screen step-by-step screen instructions to complete uninstallation of H4CK3V1L.VBS.
Delete/Modify any values added to the registry related with H4CK3V1L.VBS,Exit registry editor and restart the computer;

4.Clean/delete all H4CK3V1L.VBSinfected file(s):H4CK3V1L.VBS and related,or rename H4CK3V1L.VBS virus files;

5.Please delete all your IE temp files with H4CK3V1L.VBS manually,run a whole scan with antivirus program ;

End Of The Article H4CK3V1L.VBS,some content are from prevx.

CKDXV.EXE
RIHGCKRK.DLL
FCKKTH.DLL
0RE4CIEI.EXE
4C7AH0T0.EXE
ERWICKFU.DLL
JWRICKJL.DLL
Generic.PWS.WOW.B7078E…
RJFMCGEZZGMKCKXZ.EXE
GDWCKLMX.DLL
XAQCKNAX.DLL
64CODEC.DLL
HACKSOR.EXE
MOFOMCKA.SYS
7BB94C56.EXE
OKCKTSBB.DLL
EQCGCOUNNKHOMHCK.DLL
__C004C990.EXE
MFCKY32.EXE
MFCKV32.EXE
MFCKS32.DLL
K444LEHQ1H4E.DLL
APPCK.DLL
CKSTPRLLNQUL.DLL
WLCKAKTX.DLL
LTPCKDOP.DLL
3P0CKEKO.EXE
PROBLEM SOLVED - Googl…
SCLICK.EXE
AWCKFMRL.DLL
HBPICKCHINA.DLL
ENTPACKE-FOTO.EXE
FUCKINB.EXE
EXPLORERHACK.EXE
DPWSOCK32.DLL
4CD9.SYS
JFSWBRCK.DLL
CKFW.EXE
IH48D5.EXE
SKACKXVL.DLL

Give us a HJT logfile txt as an attached txt file in your next posting to analyze.
HJT 2.02 download here: http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/

After that we can see if we have to delete the following entries in HJTif found:

Startup HJT 2.02 and delete the following if found:

O4 - HKLM..\Run: [h4ck3v1l] C:\WINDOWS\h4ck3v1l.vbs
F3 - REG:win.ini: load=

greets,

polonus

system · April 14, 2009, 8:59am

Hi, actually I no longer have the h4ck3v1l.vbs, but what I have is the damages from the malware. Like lost the ability to install (creating a setup wizard) and unable to open task manager (ctrl + alt + del opens a notepad). I’m not aware for any other damages (only know which is used often).

Here is the hijackthis log…

system · April 14, 2009, 10:50am

zzzzzzz

Read my post. You can settle the problem from the post I sent earlier. I think the prolem is you cannot open the regedit only. Find prog that can open regedit. Remember, the program should not having any setup.exe file to run as it will be terminate and replace by the setup file you have been seen before. Good luck… hehehehe. don try download virus la…

system · April 14, 2009, 11:02am

Nothing can be do form your HJT…
Theregistry create by the virus are not in the HJT…

polonus · April 14, 2009, 5:25pm

Hi mojako_2you and purpleheart,

Download this little tool here: http://securityresponse.symantec.com/avcenter/UnHookExec.inf
Right click the UnhookExec.inf file and then click install. It just is as simple as that,

polonus

system · April 15, 2009, 12:28am

I can open regedit without problem, but I’m a newbie, I don’t know what to do in there

system · April 15, 2009, 4:20am

The unhook inf didn’t work, I tried for long to repair the damage. Thanks to all, I think I’m gonna reformat my laptop.

system · April 17, 2009, 2:29pm

After opening the registry ctrl+f(find@search) notepad value with under debugger type registry. Just delete the registry and the windows will work back as normal.

system · April 18, 2009, 11:12am

Just to be sure, I took a look at your HJT log. There are a couple of things that need attention.
An analysis of your HJT log shows the following:

We didn’t detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
We recommend you to use a firewall.

It seems that you don’t use an anti-virus scanner or your scanner is not active. Only an anti-virus scanner can protect you against new viruses.

Platform: Windows XP SP2 (WinNT 5.01.2600)
A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft’s windowsupdate site to download the newest version of the service pack.

O9 - Extra button: (no name) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
Unnecessary (deactivated) entry that can be fixed. Related to FlashGet.

There were a few other entries rated questionable but research shows that they are Toshiba related and should be OK.

system · April 18, 2009, 11:50am

if your pc handle sp2 then he will handle sp3 go try it its will be better to got sp3 than sp2 !

system · June 2, 2010, 3:11pm

hey guys, i a newbie in this. where do i find the registry debugger and value notepad? thanks

h4ck3v1l.vbs

Announcements