Thread: hard disk Drive problem
View Single Post

  #7  
Old 12-24-2006, 04:33 AM
tazir Offline
Registered User
  
Join Date: Dec 2006
Posts: 2
Lightbulb I create small vbs script to solve this problem
Just save the script as : fix-ms32.vbs
(the postfix is very important, don't save as text file - txt, or any another type, and use text program as Notepad etc. not MS Word).
After saving - just double-click on this file (Open / Execute).

You can recognized infected computer by the title "Hacked by Godzilla" at the end of Internet Explorer title. After execute the fixing script - I change this to: "Goodbye" (it's in the end of the script, you can change this with whatever you want).

The script is copyleft (http://www.gnu.org/copyleft/)

The script (in Blue color):


'Fix ms32dll.dll.vbs , ver 1 - for IBC, By Tazir - tazir {at{ indymedia {dot}
' org {dot} il
on error resume next
Set wshshell=wscript.CreateObject("WScript.Shell")
wshshell.Run "CMD /c TaskKill/F /im Wscript.exe /T"
wshshell.Run "TaskKill/F /im Wscript.exe /T"

Set fs=CreateObject("scripting.FileSystemObject")
myWinPath=fs.getSpecialFolder(0)
sFilePathAndName=myWinPath & "/ms32dll.dll.vbs"
If fs.FileExists(sFilePathAndName) = True Then
mf=fs.CreateTextFile(sFilePathAndName,true)
mf.attribute = 0
mf.WriteLine("")
mf.Close
fs.DeleteFile sFilePathAndName, True
end if
sFilePathAndName=myWinPath & "/autorun.inf"
If fs.FileExists(sFilePathAndName) = True Then
mf=fs.CreateTextFile(sFilePathAndName,true)
mf.attribute = 0
mf.WriteLine("")
mf.Close
fs.DeleteFile sFilePathAndName, True
end if

For Each fd in fs.drives
If (fd.DriveType=1 or fd.DriveType=2) and fd.path<>"A:" Then
sFilePathAndName=fd.path & "/ms32dll.dll.vbs"
If fs.FileExists(sFilePathAndName) = True Then
mf=fs.CreateTextFile(sFilePathAndName,true)
mf.attribute = 0
mf.WriteLine("")
mf.Close
fs.DeleteFile sFilePathAndName, True
end if
sFilePathAndName=fd.path & "/autorun.inf"
If fs.FileExists(sFilePathAndName) = True Then
mf=fs.CreateTextFile(sFilePathAndName,true)
mf.attribute = 0
mf.WriteLine("")
mf.Close
fs.DeleteFile sFilePathAndName, True
end if

end if
Next
Set fs=Nothing

oldVal=wshshell.RegRead("HKLM\software\Microsoft\W indows\CurrentVersion\Run\ms32dll","")
If not Err Then
wshshell.RegWrite "HKLM\software\Microsoft\Windows\CurrentVersion\Ru n\ms32dll",""
wshshell.RegDelete("HKLM\software\Microsoft\Window s\CurrentVersion\Run\ms32dll")
wshshell.RegWrite "HKCU\software\Microsoft\Internet Explorer\Main\Window Title","Goodbye"
End If

WScript.echo "Finish cleaning Virus ms32dll" & vbCrLf & "May all being be happy"
Set wshshell=Nothing

May all being be happy.
Reply With Quote