This virus is spreading through the pen drive / external HDDs. They use the autorun function of windows to run this. Its create files in windows folder in the name of MS32DLL.dll.vbs. and create file named autorun.inf in the root directory of each drive. So whenever we double click on the drive, the script will run from c:\windows\MS32DLL.dll.vbs
CAUSES OF GODZILLA VIRUS
We can not Double Click to open any Drive on our computer. But we can Right Click to Open or Explore.
It will effect regedit, task manager, hidden folders/ files etc …
VIRUS FILES
MS32DLL.dll.vbs
Autorun.inf
Flashy.exe
HOW TO REMOVE GODZILLA VIRUS
Open task manager and end following process
1. wscript.exe
2. mslogon.exe
3. systemnt.exe
4. wscript.exe
5. flashy.exe
6. sondmsg.exe
Open command prompt and do the following
Change attributes of the file
Attrib –s –r –h autorun.inf
Remove autorun.inf from root directory.
Del autorun.inf
Delete MS32DLL.dll.vbs from windows directory
Delete c:\windows\MS32DLL.dll.vbs
Open registry editor
Delete following values
HKLM\Software\Microsoft\Windows\CurrentVersion\Run - MS32DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Run - flashy.exe
HKU\Software\Microsoft\InternetExplorer\Main - "window Title"
HKU\Software\Microsoft\Windows\CurrentVersion\Policies\system - disabletaskmgr
HKU\Software\Microsoft\Windows\CurrentVersion\Policies\system - disableregistrytools
HKU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoFolderOptions
Now restart the PC
NOTE:
To avoid spreading this, disable autorun in windows.
And there is a small tric.Just create a folder named autorun.inf in all the root directory. And change the all the atribs to “+” so that they can’t chant put the files to root direct easly
Eg :MD autorun.inf & Attrib +h +s +r autorun.inf
CAUSES OF GODZILLA VIRUS
We can not Double Click to open any Drive on our computer. But we can Right Click to Open or Explore.
It will effect regedit, task manager, hidden folders/ files etc …
VIRUS FILES
MS32DLL.dll.vbs
Autorun.inf
Flashy.exe
HOW TO REMOVE GODZILLA VIRUS
Open task manager and end following process
1. wscript.exe
2. mslogon.exe
3. systemnt.exe
4. wscript.exe
5. flashy.exe
6. sondmsg.exe
Open command prompt and do the following
Change attributes of the file
Attrib –s –r –h autorun.inf
Remove autorun.inf from root directory.
Del autorun.inf
Delete MS32DLL.dll.vbs from windows directory
Delete c:\windows\MS32DLL.dll.vbs
Open registry editor
Delete following values
HKLM\Software\Microsoft\Windows\CurrentVersion\Run - MS32DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Run - flashy.exe
HKU\Software\Microsoft\InternetExplorer\Main - "window Title"
HKU\Software\Microsoft\Windows\CurrentVersion\Policies\system - disabletaskmgr
HKU\Software\Microsoft\Windows\CurrentVersion\Policies\system - disableregistrytools
HKU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoFolderOptions
Now restart the PC
NOTE:
To avoid spreading this, disable autorun in windows.
And there is a small tric.Just create a folder named autorun.inf in all the root directory. And change the all the atribs to “+” so that they can’t chant put the files to root direct easly
Eg :MD autorun.inf & Attrib +h +s +r autorun.inf
No comments:
Post a Comment