need some help…thz
my pc was infected by a virus called vbs:solow. AVAST scanning result showed the infected original file is “.MS32DLL.dll” in C:/WINDOWS
i have tried to repair, move it to chest for many times, scan again and again…finally it was gone. but everytime when i start my pc , it comes out a msg “cannot find the script file C:/WINDOWS/boot.ini”
besides, when i double click on my local drive C or D, it also comes out a msg “cannot find script file D:/.MS32DLL.dll.vbs” or “cannot find script file C:/.MS32DLL.dll.vbs”. Is the virus really gone? i have tried few software to remove it.the scanning results showed nothing too. but why these kind of msgs keep appearing?how can i remove the virus thoroughly.
Disable System Restore and reenable it after step 3.
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on.
Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
Next, the worm creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"FS6519" = “%Windir%\FS6519.dll.vbs”
The worm also creates the following registry entry, which modifies the title bar of Internet Explorer:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main"Window Title" = “TAGA LIPA ARE!”
HOW TO REMOVE VBS.Solow.B :
Temporarily Disable System Restore (Windows Me/XP). [how to]
Update the virus definitions.
Reboot computer in SafeMode [how to]
Run a full system scan and clean/delete all infected files
Delete related files:
a) Open My Computer → Tools Menu → Folder Options → View Tab:
b) Select: Show hidden Files and Folders
c) Uncheck: Hide Extensions for known file type and Hide Protected operating system
d) Click Yes Then OK.
e) Delete autorun.inf and FS6519.dll.vbs in all your hard drive. Commonly found in root of Drive C. Use your Windows “Search” function to find all.
Delete any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"FS6519" = “%Windir%\FS6519.dll.vbs”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main"Window Title" = “TAGA LIPA ARE!”