Giới Thiệu · Remediate VBS Worm
I have developed a small tool that will aid you to remove VBS malware from a machine or in a network. I made this some months ago when I saw quite a lot of these doing the rounds. The tool is written entirely in batch, should you wonder.You should run the script in the following sequence, at least on a normal machine: Plug in your infected USB (if any) and choose A, then B and afterwards C. After these steps, perform a full scan with your installed antivirus product or perform an online scan.
Some tips and tricks:
Using option A, the tool will attempt to clean the infection. It will also fix any registry changes made by the malware. (for example it will re-enable Task Manager should it be disabled).
! When you use option B, be sure to type only the letter of your USB drive! So if you have a USB drive named G:\, you should only type G This option will eradicate any related malware on the USB drive, as well as unhide your files (make them visible again). With option C you can download Panda USB Vaccine to prevent any other autorun malware entering your computer. With option D you have the possibility to disable or re-enable the Windows Script Host (WSH), to prevent any malware abusing it. I advise to end the script with Q as to ensure proper logfile closing. A logfile will open automatically, but is also created by default on the C:\ drive. (C:\Rem-VBS.log) When the tool is running, do not use the machine for anything else. (it takes about 30 seconds to run) Accidentally used an option and want to exit the script? Use CTRL + C to stop it.
You can use this to remedy the following malware:
Excedow Jenxcus Houdini/Dinihu Autorun worms Any other VBS (VBScript) or VBE malware Any other malware that abuses the WSH (Windows Script Host)
