Trojan - clean.vbs

December 2016




Issue


I am getting clean .vbs message when the system start. Could you please give a solution?

Solution


The clean.vbs file is installed and used by Aphex Trojan, JudgeETrojan and Judge.E Trojan.
Your computer's security and privacy may be at risk.
  • 1.Open task manager and kill process wscript.exe.
  • 2.Delete VirusRemoval.vbs and Autorun.inf files from all usb drives if u have the virus in them.
  • 3.Go to c:\Windows\System32 and delete the file VirusRemoval.vbs. It is super hidden so first go to Folder Options and check show hidden and check boxes. Also required for the above files.
  • 4.go to start>run and type regedit and enter

Go to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
On the right side look for Shell which should have value of just explorer.exe.
delete anything at right side of explorer.exe if there is anything.
  • 5.Under same key Winlogon also look for Userinit which should have value of

c:\WINDOWS\system32\userinit.exe,
Delete all after the comma.
  • 6.Go to HKCU\Software\Microsoft\Internet Explorer\Main

On the right side locate Window Title and delete its value i.e. Sujin.com.np

Note


Thanks to Ambucias for this tip on the forum.

Related :

This document entitled « Trojan - clean.vbs » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.