Viruses BD can't delete

Kynichan

Hello!

I came here cause I have a problem with BD: it won't delete Worm.VBS.Solow.A

I have this virus for 2 or 3 months now...

It has also infected the restore systems but now it's gone (I've deleted restore points).

I don't know how delete the virus from the system, it has infected all my disks...

Here's the rapport:

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MS32DLL=>C:\WINDOWS\MS32DLL.DLL.VBS Détecté: Worm.VBS.Solow.A

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MS32DLL=>C:\WINDOWS\MS32DLL.DLL.VBS Désinfection impossible

<System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MS32DLL=>C:\WINDOWS\MS32DLL.DLL.VBS Déplacement impossible

C:\MS32DLL.dll.vbs Infecté: Worm.VBS.Solow.A

C:\MS32DLL.dll.vbs Désinfection impossible

C:\MS32DLL.dll.vbs Déplacé

C:\WINDOWS\MS32DLL.dll.vbs Infecté: Worm.VBS.Solow.A

C:\WINDOWS\MS32DLL.dll.vbs Désinfection impossible

C:\WINDOWS\MS32DLL.dll.vbs Déplacement impossible

C:\WINDOWS\MS32DLL.dll.vbs=>(unicode) Infecté: VBS.Flesh.A

C:\WINDOWS\MS32DLL.dll.vbs=>(unicode) Désinfection impossible

C:\WINDOWS\MS32DLL.dll.vbs Déplacement impossible

\MS32DLL.dll.vbs Infecté: Worm.VBS.Solow.A

\MS32DLL.dll.vbs Désinfection impossible

\MS32DLL.dll.vbs Déplacé

F:\MS32DLL.dll.vbs Infecté: Worm.VBS.Solow.A

F:\MS32DLL.dll.vbs Désinfection impossible

F:\MS32DLL.dll.vbs Déplacé

Sorry if it's in French but the French Malware part of the forum is closed (?), so I came here...

Viruses are impossible to desinfect or remove but the MS32DLL.dll.vbs ones...

Can someone here help me please?

Thanx in advance.

AndreiASM

You should try to do the following:

1. Kill all the prcesses in memory related ro MS32DLL.dll

2. Eliminate the registry entries of the worm, and then delete all the files which the worm copied (named MS32DLL.dll.vbs)

The virus also creates the following registry key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Windows title - "Hacked by Godzila". It also checks every 200 seconds avaible devices, in order to spread.

Post if it worked. If ou ccan't delete the files, try to start Windows in Safe Mode, and see if it works. You should try before to eliminate the HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MS32DLL

registry key, to ensure that the virus won't start at the next reboot.

Andrei

vladx

Hello Kynichan.

Try what AndreiASM said and if this fails, you could boot in safemode, run cmd.exe and type bdc /files /boot /arc /mail /log=bdcscan.log /fixed /del.

AndreiASM

Hi, Kynichan! Did you try the advices? Do you still have the worm or you succsefully deleted it?

Kynichan

Hi, Kynichan! Did you try the advices? Do you still have the worm or you succsefully deleted it?

ah... sorry, I didn't try yet cause I have a lot to do...

So maybe I will sound stupid but how can I "kill all the processes in memory".

I'm a novice, sorry... I need more explanations please... é__è

Niels

Hi Kynichan

To kill processes in the memory you have to open task manager : press on control+alt+del(ete) then go to the processes tab or by going to start,run,at the run dialog box type taskmgr. Then take a look if you find related processes. To kill them leftclick on them and press on kill process. I suggest that you use this site to see if you can kill it : http://www.processlibrary.com

Regards

Niels