Godzilla virus removal MS32DLL.dll.vbs

Posted by Albin Sebastian May 8, 2008

This virus is spreading through the pen drive / external HDDs. They use the autorun function of windows to run this. Its create files in windows folder in the name of MS32DLL.dll.vbs. and create file named autorun.inf in the root directory of each drive. So whenever we double click on the drive, the script will run from c:\windows\MS32DLL.dll.vbs


After infection

We can not Double Click to open any Drive on our computer. But we can Right Click to Open or Explore.


There is a text “Hacked By Godzilla” on Title Bar of Internet Explorer.


It will effect regedit, task manager, hidden folders/ files etc …

Related files
MS32DLL.dll.vbs
Autorun.inf
Flashy.exe


How to remove -
Download Removal tool Or do the following

Open task manager and end following process
1. wscript.exe
2. mslogon.exe
3. systemnt.exe
4. wscript.exe
5. flashy.exe
6. sondmsg.exe

Open command prompt and do the following
Change attributes of the file
Attrib –s –r –h autorun.inf
Remove autorun.inf from root directory.
Del autorun.inf
Delete MS32DLL.dll.vbs from windows directory
Delete c:\windows\MS32DLL.dll.vbs
Open registry editor
Delete following values
HKLM\Software\Microsoft\Windows\CurrentVersion\Run - MS32DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Run - flashy.exe
HKU\Software\Microsoft\InternetExplorer\Main - "window Title"
HKU\Software\Microsoft\Windows\CurrentVersion\Policies\system - disabletaskmgr
HKU\Software\Microsoft\Windows\CurrentVersion\Policies\system - disableregistrytools
HKU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoFolderOptions
Now restart the PC

How to avoid spreading
To avoid spreading this, disable autorun in windows.
And there is a small tric

Just create a folder named autorun.inf in all the root directory. And change the all the atribs to “+” so that they can’t chant put the files to root direct easly
Eg :
MD autorun.inf & Attrib +h +s +r autorun.inf

  Labels: , ,

9 comments:

Albine Bodo May 17, 2008 at 6:02 PM  

HI, thanks for such a nice blog, very helpful. I'll see you more often.

venkat May 28, 2008 at 10:20 AM  

your blog is nice very helpful virusremoval tools thanku

NANDU May 28, 2008 at 2:52 PM  

how do i remove scit.exe please provide me removal tool

Unknown May 29, 2008 at 7:31 AM  

How to remove wscript.exe xiao.vbs?
and how to prevent it?

Unknown August 22, 2008 at 10:30 PM  

Hey, my friend, you are a lifesaver!

I've been fighting this godzilla virus for half a year, then finally came across your removal utility, and ten seconds solved it!

God bless you, and keep up the good work. This program of yours is awesome.

sparksspace September 11, 2008 at 12:21 PM  

Albin,
Updated that in my blog.

Srinivas Naidu December 8, 2008 at 12:11 PM  

Thank you so much... i been having this trouble for so long... it's really helpful.. tz again.

Anonymous December 12, 2008 at 12:24 AM  

hello albin!

your an angel..

i've been having this problem for 2 weeks, and finally the godzilla virus removal that you provided end this trouble!

thanks alot for the help and God bless!

Anonymous April 18, 2009 at 9:42 PM  

thank you yr sftware but i stil cant del the virus, any way to help me?

Post a Comment

Get updates via Email :