VBS/Small Virus with ms32dll.dll.vbs

[william232]

Hi all lately i have found a virus on my desktop yesterday morning

i am not sure if its a virus or trojan or worm

HijackthisLog is located here

http://wikdesigns.com/docs/hijackthis141007.txt

And the Name of the file is ms32dll.dll.vbs

How can i Fix this?

Thanks,
William

 

[jay_bo]

download vundo fix, run your system in safe mode, then vundo fix which will scan your system.

google: vundo fix

 

[william232]

Which one?

vundo fix - Google Search

 

[jay_bo]

Download VundoFix 6.5.6 - VundoFix is a removal tool developed to remove Virtumonde infections - Softpedia

sorry i would of gave u the link never had time

 

[william232]

I Restarted in Safe Mode but it did not find anything

What else can i do?

 

[Osiris]

remove these entries

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

and then follow this below and then post a new log

1. Double Click on My Computer icon on Desktop and select Tools --> Folder Options
2. When Folder Options cliak at View tab
3. check at Show Hidden files and folders
4. unchuck the Hide extention… and Hide protected operating system file
5. click OK
6. Press Ctrl+Alt+Delete. The Windows Task Manager will dispalay. Click at Processes tab
7. Click menu Image Name (to sort Files)
8. Select wscript.exe (one by one)
9. Click End Process button
10. Open drive (By right click and select Explore. Must not Double Click !) Delete autorun.inf and MS32DLL.dll.vbs (Press Shift+Delete) in all drives include Handy Drive and Floppy disk.
11. Open folder C:\WINDOWS to delete MS32DLL.dll.vbs inside (press Shift+Delete )
12. Go to Start --> Run and enter regedit click OK. Registry Edit dialoq will display.
13. Select HKEY_LOCAL_MACHINE --> Software --> Microsoft --> Windows --> Current Version --> Run to delete MS32DLL (press Delete key on keyboard)
14. Select HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer --> Main to delete Window Title “Hacked by Godzilla” (press Delete key on keyboard)
15. Click Start --> Run and enter gpedit.msc click OK. Group Policy dialoq will display.
16. Select User Configuration --> Administrative Templates --> System --> Double Click on file Turn Off Autoplay then Turn Off Autoplay Properties will display
17. Select Enabled
18. Select All drives
19. Click OK
20. To prevent auto open when we insert CD or plug the Handy Drive that is the way virus infect.
21. ClickStart --> Run and enter msconfig Click OK. the System Configuration Utility dialoq will display
22. Click Startup tab
23. Uncheck MS32DLL
24. Click Apply
25. Clock OK (or Close)
26. When the System Configuration dialoq display select Exit Without Restart
27. Double Click on icon My Computer on Desktop. Then select Tools --> Folder Options
28. On Folder Options dialoq select View tab
29. Check at Hide extention… and Hide protected operating system file
30. Click OK
31. Right Click at Recycle bin. Then select Empty Recycle Bin to make sure the virus is deleted.

 

[william232]

i cannot even locate ms32dll.dll.vbs and autorun.inf but avg is detecting it still.

 

[Osiris]

Did you atleast move those 4 entries? If so, post a new log

Will AVG heal or delete the file?

Can you boot into safemode and run AVG?

Where does AVG say the file is located?

 

[william232]

it say it is located in windows folder on the c drive.

i have work soon ill post a new log now heres the new log

http://wikdesigns.com/docs/hijackthis.log

ill try and start and run avg in safe mode

 

[Osiris]

and you cant browse to it with hidden files and folders enabled?