Hacked By Godzilla - Recovery

View previous topic View next topic Go down

Hacked By Godzilla - Recovery

Post by Admin on Tue Aug 21, 2007 8:52 pm

Hacked By Godzilla - MS32DLL.dll.vbs - wscript.exe


This is basically what Hacked by Godzilla - MS32DLL.dll.vbs - VBS.Zodgila do when it execute:

* Creates the following files:
[DRIVE LETTER]:\MS32DLL.dll.vbs
[DRIVE LETTER]:\MS32DLL.dll.vbs
[DRIVE LETTER]:\autorun.inf
Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
* Adds the value:
“MS32DLL” = “%Windir%\MS32DLL.dll.vbs” to the registry subkey:
HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows \CurrentVersion \Run
so that it runs every time Windows starts.
* Adds the value:
“Window Title” = “Hacked by[REMOVED]” to the registry subkey:
HKEY_CURRENT_USER \Software \Microsoft \Internet Explorer \Main
to modify title in Internet Explorer.
* Attempts to copy itself to removable drives and create registry entries every 200 seconds.

Information above was taken from Symantec website.
If your computer affected by “Hacked by Godzilla - MS32DLL.dll.vbs” worms:-

* Your Internet Explorer title will end with “Hacked by Godzilla”
* You might not able to open any of your drive thru double click (you still able to open/explore using right click -> explore)

How to remove “Hacked by Godzilla - MS32DLL.dll.vbs” (VBS.Zodgila) worm?

* Open Task Manager ( Right click on your taskbar and click “Task Manager” )
* Click on Processes tab and select “wscript.exe” and click “End Process” button. (Remember to remove all wscript.exe)
* Go to My Computer, Click on Tools -> Folder Options, click on View tab
* Under Advance settings,
check “Show Hidden files and folders“,
uncheck “Hide extensions for known file types“,
uncheck “Hide protected operating system files (Recommended)”
and click “OK” button
* Go to C:\WINDOWS or C:\WINNT and delete file MS32DLL.dll.vbs
* Now go to all your drive in your computer, and delete autorun.inf and MS32DLL.dll.vbs including your USB Drive and Floppy disk. All the autorun.inf and MS32DLL.dll.vbs file is located at the root directory of your drive, ex: c:\MS32DLL.dll.vbs, d:\MS32DLL.dll.vbs …

To access your drive, Go to My Computer, right click on the drive and select “Explore”

* Next we are going to clean your registry record. Click Start -> Run, type regedit
* Go to HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \Current Version \Run and delete MS32DLL (right click on it and select delete)
* Now we are going to disable CD Autorun, Go to HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Cdrom look for Autorun and double click on it and enter 0 as it’s DWORD value

You can skip this steps if you do not wish to disable CD Autorun feature. But Hacked By Godzilla worm spread when CD Autorun is ON.

* Go to HKEY_CURRENT_USER \Software \Microsoft \Internet Explorer \Main and delete “Window Title” which has it’s value of “Hacked by Godzilla“
* Now go back to My Computer, Click on Tools -> Folder Options, click on View tab
* Under Advance settings,
uncheck “Show Hidden files and folders“,
check “Hide extensions for known file types“,
check “Hide protected operating system files (Recommended)”
and click “OK” button
* Empty your Recycle Bin.
* Restart your PC and your PC should be clean from Hacked by Godzilla now

Happy surfing!
avatar
Admin
Admin

Number of posts : 137
Age : 33
Registration date : 2007-03-11

View user profile http://rulerz.niceboard.com

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum