Friday, March 7, 2008

Removing Malicious Virus MS32DLL

Removing Malicious Virus MS32DLL

About the virus

This virus is somewhat marked as a Trojan virus, well, a lot of users doesn't know it's origin but it does take it some pretty nasty habits with it. It comes with the harmless look of MS32DLL.dll, but it comes with a very odd extention, ".vbs" (Visual Basic Script file). This sort of files can be run automatically if it is executed from the Auto run.

When this virus effects one computer, it will automatically clones itself and transfer to any external drive, let it be a thumb drive, an external hardisk, or even a flash card (like SD Card, MMC or Compact Flash). I read a forum stated that some of the other virus that carries the same virus filename also put a text "Hacked by Godzilla" Title bar on Internet Explorer. And it will continue to infect any computer that connects to it.

So far I am not sure whether it is infecting throughout the private network, but I will update if it does.

How Do I Remove It?

There are quite a few steps to remove this Trojan but if your antivirus detects it earlier and erased it you are one step less to complete this detail task:

1. Finding potential processes running

- Press CTRL, ALT and DELETE key together. You will open the Windows Task Manager.
- Click the Processes tab, and comb through the list and see whether there is a program called wscript.exe is running. If you find it, click on it and click End Process.
- After that you can close the Task Manager window.

2. Finding the virus (for those who were not detected by the antivirus - for Microsoft Windows)

- Go to My Computer
- Click Tools at the top bar --> Folder Options
- When you come to the Folder Options window, click on the View tab
- Look for Hidden files and folders
- Click on Show hidden files and folders
- Press OK
- Once the window is closed, click on your C drive once.
- Right click and select Open from the menu bar
- Once you are in there, look for whether there is a filename called MS32DLL.dll.vbs
- If you can't find it in C (like I did), look in C:\Windows
- If you still can't find it, don't worry, press F3 at the top row of your keyboard (in case you don't know) and the search bar will be on your left. Click on All files and folders, and type in the file name MS32DLL.dll.vbs


If you don't find any file in there, congratulations, you are one step out of it.
You can jump to step (4)

3. You found the virus

- Click on the file you found and press SHIFT key and DELETE key
- It will ask you "Are you sure you want to delete (the file name)". Click Yes
- If you find more than one location that has MS32DLL.dll.vbs, then you need to repeat the steps in (3)

4. Editing the Windows Register (do it with full of caution!)

- Click Start --> Run
- Type regedit and press ENTER
- You will come to the Registry Editor window
- On your left there will be the registry directories. Look for:
HKEY_LOCAL_MACHINE --> Software --> Microsoft --> Windows --> Current Version --> Run
- If there is a MS32DLL in there, delete the entry.
- Then you need to look for:
HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer --> Main
- If you see the Window Title has "Hacked by Godzilla" you should delete that entry.
- You can now close the Registry Editor window

5. Stop all auto runs in future (recommended move)

- Click on Start --> Run
- Type gpedit.msc and press ENTER
- You will come to the Group Policy window
- Go to User Configuration --> Administrative Templates --> System
- Look for Turn off Autoplay and double click it. You will come to Turn Off Autoplay Properties window.
- Click Enable and select All drives from the drop-down combo box.
(It is suggested to turn it off to avoid further potential virus infections in future)
- You can now close the Group Policy window

6. Stopping auto run virus programs (if have)

- Click on Start --> Run - Type msconfig and press ENTER. You will come to the System Configuration Utility window
- Click on the Startup tab, and look for any programs that runs under MS32DLL.dll.vbs
- If you find then, uncheck the checkbox on the left of the file
- Click Apply
- Click Close
- When you close the window it will ask you whether to restart or not. Click on Exit without Restart.

7. Hide your system files

- Go to My Computer
- Click Tools at the top bar --> Folder Options
- When you come to the Folder Options window, click on the View tab
- Look for Hide protected operating system file
- Click on Don't show hidden files and folders
- Press OK

8. Restarting your PC
- Before restart, make sure that you empty your recycle bin
- Restart your PC
- You will see a windows prompt that you have changed your system configurations. Check on the checkbox not to remind you anymore and press ok.

You should be free from this malicious Trojan virus
For now

source :
 http://www.interstraits.biz/virusms32.htm

Labels:

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home