how to remove the katrina scandal.vbs Solved/Closed

Question

Hello,    

Ladies & Gentleman   

My problem starts when i borrowed my classmates USB flash drive.   
i click a katrinascandal.vbs and readme.txt. . . . then i found out my drive C: has it to so i delete it but then it came back then all my drive has it to my F: and G: even my PSP has it.   

i opened some site that mite help but then they all say open regedit in the cmd but i can't my regedit is block it always says something like:   
registry editing has been disabled by your administrator   
and even my task manager is block(grayed)   
even if i push Ctrl+Alt_Del i can't see start task manager    

Script is removed for security reasons 


Configuration: Windows 7 / Firefox 3.6.11

jack4rall · Accepted Answer

Hello,     

Try this 1.     

Follow the below steps to remove the katrinascandal.vbs     

First you need to download the below applicatons. Click on the below links      

and download it.     

https://spybot-updates.com     

https://filehippo.com/download_process_explorer/     

------------------------------------------------------------------------     
Click on start --> In search box, type notepad and press Enter.     

Notepad will be opened. Copy the below commands starting from cd \ and      

ending at del, paste it in the notepad and save it as fix.bat.     

Note : Don't forget the extension .bat and make sure you save the file on the desktop     

cd \     
cd windows     
attrib -h -r -s AdobeCS4.vbs     
del AdobeCS4.vbs     
-------------------------------------------------     

Open the following applications, but don't close it after opening

1) Install the regalyz in your PC --> Open it by going to Start --> Programs -->      

Safer Networking --> RegAlyzer     

2) Extract the process explorer and double-click on "procexp" --> click on      

"Agree". Now you can list of processes.     

3) Click on start --> In search box, type msconfig and press "Enter".      

"System Configuration Utility" will be opened --> Click on "Startup" tab.     

Here you should be quick enough for the 3 steps as there is a timer allocated      

in that script.     

So, first      

i) In "Process Explorer" window --> Right-click on the "wscript.exe" process      

and select the option "Kill Process Tree".     

ii) In "System Configuration Utility" --> In "Startup" tab --> uncheck the      

checkbox "AdobeCS4.vbs" --> Click on OK. 

iii) Run the fix.bat file.     

Since you are using windows 7, right-click on fix.bat --> Select the option "Run   

as Administrator".  

4) In RegAlyzer, at the top you can find the Search box, copy each registy lines     

in the below steps --> paste it and press Enter.     

Or you can go manually at the left-side.     

i) HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System      

At the right-side, select "DisableTaskMgr" and press the "Del" key and select      

"Yes to all"     

Select "DisableRegistryTools" and press the "Del" key and select "Yes to all"     

ii) HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer     

At the right-side, select "NoFolderOptions" and press the "Del" key and select      

"Yes to all"     

Double-click on "NoDriveTypeAutoRun" change the value from 128 to 255.     

iii) HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced     

At the right-side, double-click on the "Hidden" file and change from 1 to 2.     

iv) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run     

If you find the file "AdobeCS4.vbs" or "AdobePhotoshopCS4", delete it.     

Now you should be able to open task manager.   

Good Luck.

How to remove the katrina scandal.vbs

1 response

Similar discussions

Subscribe To Our Newsletter!