Sunday, 23 September 2012

How To Remove Boot.vbs virus

Today my antivirus (NOD32 Security Suite) was creating troubles for me. After every five minutes, a request to debug the application would appear because the some module of NOD32 would crash and then reload. It has been a long time that I have been using NOD32. So I decided to test some other antivirus. There were two good choices for me. One Bitdefender and then second Kaspersky. The problem was that I didn’t want to buy any one of those. So I decided to use a 6 months trial of Kaspersky Internet Security which will be more than enough for me to test it. Here is my previous article about how to get Kaspersky Internet Secutiry trial of 6 months.

I downloaded it and installed it. It began scanning my PC. And to my amazement, it detected a threat that NOD32 was unaware of!! It was the boot.vbs virus. I thought it would be better to remove the virus manually rather than relying on Kaspersky. That way I would learn more. So here are the steps which I did to remove the boot.vbs virus:
  1. Go to Task Manager –> Processes and End the following processes in order:
    1. dxdlg.exe
    2. wscript.exe
  2. Go to Start –> Run –> regedit –> Open the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

  3. In the right hand pane, select Userinit and delete everything except “C:\windows\system32\userinit.exe”

  4. Make sure the processes wscript.exe and dxdlg.exe are not running.
  5. Delete the following files
    1. C:\Windows\System32\dxdlg.exe
    2. C:\Windows\System32\boot.vbs
    3. In your Windows drive, search for boot.vbs and delete all of them.
    4. In your Windows drive, search for kinza.exe and delete all of them.
  6. Disable System Restore and then Enable it again.
  7. Restart your computer.
Hopefully everything will be cleaner now and your computer will be free from boot.vbs virus :-). Please share your experiences.

No comments:

Post a Comment