Malware wscript.exe

Hari ini kita baca article pasal virus ini. lama juga saya nak bunuh semua virus ini.

Before you full remove the malware wscript.exe.. do the following

1. install Malwarebytes. can be found http://www.malwarebytes.org/products/malwarebytes_free/
2. I would suggest you to download and run the latest Microsoft Safety Scanner on your computer and check if it helps:
   http://www.microsoft.com/security/scanner/en-us/default.aspx
   Note: Any data files that are infected may only be cleaned by deleting the file entirely, which means there is a potential for data loss.



Before Any Changes Are Made MAKE SURE TO BACK UP YOUR FILES
1 > Go to Folder Options and set to show HIDDEN FILES and FOLDERS and UNHIDE Protect OPERATING SYSTEM FILES
2 > End task from TASK MANAGER program wscript.exe
3 > Open notepad.exe, look for the file wscript.exe in your c:/windows/system32/
4 > Modify the said program and save it (note: if it wont save, you'll have to end its task first, step 1, and make sure its not a read only file(right click on the icon and properties, remove the check from read only then hit apply)
5 > Click Start then go to "Run" type "MSCONFIG" and hit ok.
6 > Go to the "Startup" tab then look for a start up program that is attached to "wscript.exe", write down the location and to "Run" and type REGEDIT.
7 > Search for the string and delete it from the registry. i found the string is (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run or HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) in may laptop

8 > This certain virus creates an *.exe program of the same name of the folder each folder it resides. Run a search for *.exe on your drives and sort the results by size and date. Each of them has an ICON of a Folder and is 145KB work of file.

9 > This will show that the infected *.exe all have the same sizes and date it was created.
    Now you'll have to delete them all out and purge it from your "Recycle Bin"



10 > Restart the computer and run another search for them ( the *.exe's which happens to be the script for this virus ) make sure to leave no copies from the computer since opening any of these, even by accident will cause the script to activate again and you'll have to start over.
11 > Before restoring your back up. Make sure you have a script killer program installed first and then run a search for the *.exe with file size 145kb from your back up. DELETE them and make sure you don't have them in your "Recycle Bin"
12 > Check the "Task Manager" and see if WSCRIPT.EXE is still running ( if its still there, the string in the REGISTRY is still active, do the the step REGEDIT step once again). If none, then computer is now completely sanitized. :)

Forum Notes : WSCRIPT.exe is a legit program from Microsoft™ but the virus adds a line in the executable that will cause the program to perform outside its purpose. The command line that was added to its program causes to spawn an infected application inside all folders of your drives and by running or opening any of those application causes the activation of the virus.