how to remove “hacked by godzilla’
Many of you might have seen this, especially IE users, on thier IE title after the transfer of some files to a handy drive.
Hacked by godzilla- MS32DLL.dll.vbs,a low threat worm(symantec) is also known as VBS.Zodgila worm.
It was discovered since Nov 23, 2006
How it works
1)It firstly creates
[****]:\MS32DLL.dll.vbs
[****]:\MS32DLL.dll.vbs
[****]:\autorun.inf
NOTE:**** REFERS TO DRIVE NAMES
2)Secondly it adds the following Windows IE entry level values
“MS32DLL” = “%Windir%\MS32DLL.dll.vbs” to the registry subkey:
HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows \CurrentVersion \Run
3)Finally it changes the IE title
“Window Title” = “Hacked by[REMOVED]” to the registry subkey:
HKEY_CURRENT_USER \Software \Microsoft \Internet Explorer \Main
to modify title in Internet Explorer.
4)As a result your IE title will end with “Hacked by Godzilla” and You might not able to open
any of your drive by double click
Now i will tell you how can you remove the worm
Open Task Manager ( Right click on your taskbar and click “Task Manager” ) Click on Processes tab and select “wscript.exe” and click “End Process” button. (Remember to remove all wscript.exe) Go to My Computer, Click on Tools -> Folder Options, click on View tab Under Advance settings,
check “Show Hidden files and folders“,
uncheck “Hide extensions for known file types“,
uncheck “Hide protected operating system files (Recommended)”
and click “OK” button Go to C:\WINDOWS or C:\WINNT and delete file MS32DLL.dll.vbs Now go to all your drive in your computer, and delete autorun.inf and MS32DLL.dll.vbs………………(visit blog below)
TO SEE MUCH MORE ARTICLES OF THE SAME VISIT www.stolentips.blogspot.com
By: prem
About the Author:
Hacked by godzilla- MS32DLL.dll.vbs,a low threat worm(symantec) is also known as VBS.Zodgila worm.
It was discovered since Nov 23, 2006
How it works
1)It firstly creates
[****]:\MS32DLL.dll.vbs
[****]:\MS32DLL.dll.vbs
[****]:\autorun.inf
NOTE:**** REFERS TO DRIVE NAMES
2)Secondly it adds the following Windows IE entry level values
“MS32DLL” = “%Windir%\MS32DLL.dll.vbs” to the registry subkey:
HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows \CurrentVersion \Run
3)Finally it changes the IE title
“Window Title” = “Hacked by[REMOVED]” to the registry subkey:
HKEY_CURRENT_USER \Software \Microsoft \Internet Explorer \Main
to modify title in Internet Explorer.
4)As a result your IE title will end with “Hacked by Godzilla” and You might not able to open
any of your drive by double click
Now i will tell you how can you remove the worm
Open Task Manager ( Right click on your taskbar and click “Task Manager” ) Click on Processes tab and select “wscript.exe” and click “End Process” button. (Remember to remove all wscript.exe) Go to My Computer, Click on Tools -> Folder Options, click on View tab Under Advance settings,
check “Show Hidden files and folders“,
uncheck “Hide extensions for known file types“,
uncheck “Hide protected operating system files (Recommended)”
and click “OK” button Go to C:\WINDOWS or C:\WINNT and delete file MS32DLL.dll.vbs Now go to all your drive in your computer, and delete autorun.inf and MS32DLL.dll.vbs………………(visit blog below)
TO SEE MUCH MORE ARTICLES OF THE SAME VISIT www.stolentips.blogspot.com
By: prem
About the Author:
About this entry
You’re currently reading “how to remove “hacked by godzilla’,” an entry on TekBoss
- Published:
- 08.07.09 / 12pm
- Category:
- Security
No comments
Jump to comment form | comments rss [?] | trackback uri [?]