Sat 23 Jun 2007
Hacked by MOOzilla - Autoplay on all drives - IISdll.dll.vbs virus
Posted by FunDa under Firefox , Task Manager , antivirus , download , free , problems , virus , websitesNo Comments
A type of USB pen / flash drive virus is a trojan worm made with VB Script. It gives an Autoplay or “Auto” option on all drives in the computer, affecting C: , D: , E: and so on.
It changes the Internet Explorer homepage to http://www.lastchaos.in.th/
And puts “Hacked by MOOzilla” in the Internet Explorer title
So, it comes like “Google -Hacked by MOOzilla” Or MySpace - Hacked by MOOzilla
This is in addition to affecting the pen drive (USB flash drive) with the same “autorun” and “autoplay”
To remove the infected files, you don’t have to send it to authorised service personnel or buy a new USB drive !
You just have to delete the “autorun.inf” and “IISdll.dll.vbs” files from the USB drive and the hard drive and kill the process “wscript.exe”
When you press Alt-Ctrl-Del (The three finger exercise - Alter + Control + Delete ), the Task Manager runs and shows you the programs which are running. Click “Processes” in the Task Manager.
Select “wscript.exe” and “End Process”
wscript.exe is not a virus, but a normal windows scripting host file which runs several Windows scripts or functions written in VB Script. But the virus is also programmmed in VBScript and so it has to be stopped but not deleted.
Right click and open the drives and delete the files “autorun.inf” and “IISdll.dll.vbs”
These files may not be visible (they are set as hidden files and system files) , so if you don’t see them,
take Tools > Folder Options… > View
Choose “Show hidden files and folders” in “Hidden files and folders”
And remove the tick from “Hide protected operating system files (Recommended)”
Now, when you go to the drives ( ALWAYS RIGHT CLICK AND OPEN - NEVER DOUBLE CLICK ),
you can see and delete the files autorun.inf and IISdll.dll.vbs
There is also a copy of the virus in the Windows directory “C:/Windows/iidDLL.dll.vbs” in most computers. Or just do this del %windir%\IISDLL.dll.vbs (It deltes the virus from your windows folder)
Then you should clear the registry too at these places.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Window Title”