system
19
Hi everyone!
I’ve just fixed a computer infected with usbAl.vbs, so i decided to post you my solution in a few steps.
- Enable hidden files and folders and disable hide system files, from folder options.
- Stop the script service from Task manager, usually it will be something like “wscript.exe” process (The virus is run using the Windows-based script host).
If you do not want to save any data just format your usb drive and proceed to step 5, otherwise continue with step 3
- Open your usb drive and remove all shortcuts and the usbAl.vbs
- Open command prompt and write the following (I’ll use G: as an example drive letter, you replace the letter with the infected drive’s letter)
cd G:
G:
attrib -s -h /S /D
!Wait until the command finishes
- Go to C:\Users..YOUR_USER_ACCOUT…\AppData\Local\Temp and delete the file usbAl.vbs
- Copy %appdata%\Microsoft\Windows\Start Menu\Programs\Startup and paste it in windows explorer and press enter. Delete usbAl.vbs from there
Not the simplest guide, but if you know a bit of windows you’ll be alright.
This was on a windows 7 x86 machine, so if you have XP or something more antique just adapt the directories so they will suite your OS
Best regards,
Momchil Marinov