# virusremoval.vbs



## magneticme200 (Apr 21, 2008)

i hv avast av...yestrday i scannd my pc..
it found a virus in c:\windows\sys..\virusremoval.vbs
it could nt repair the same...so i deleted it...
now wenevr i start my comp..an error comes 
"could nt find the script c:.,,,,\virusremoval.vbs"
i dnt want to hv this startup msg...and also wanna knw wat is it related to??
y is it at the startup.???


----------



## ravi_9793 (Apr 21, 2008)

create a new blank file in notepad.......... rename it as "virusremoval.vbs"
and save in same folder.


----------



## magneticme200 (Apr 21, 2008)

ravi_9793 said:


> create a new blank file in notepad.......... rename it as "virusremoval.vbs"
> and save in same folder.


is it gonna surely help??
bt i want to remove this process/service frm startup?...!!


----------



## casanova (Apr 21, 2008)

This would have created an entry in your startup. Download some startup manager. TuneUp Utilities 2008 has a nice startup manager. Disable the startup key for virusremoval.vbs from the TuneUp's start up manager.


----------



## joy.das.jd (Apr 21, 2008)

TO remove this first of all look into task manager and see it WSCRIPT process is running or not. If it running then end the process. Then go to windows/ system32 directory and delete the virusremoval.vbs . Then open msconfig and delete the startup key from there. Sometime there is a blank startup item with no name of process. Delete those entries and you are done...


----------



## blueshift (Apr 21, 2008)

Goto Registry Editor by typing *regedit* in _Run_ command.

Browse to these registry keys:

```
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
```
In the right pane, look for the values of *Userinit[/b and Shell keys. It must have values C:\WINDOWS\system32\userinit.exe and Explorer.exe respectively. Anything more than that can be safely deleted.
Like suppose possibly if the value is 'C:\WINDOWS\system32\userinit.exe, C:\Windows\System32\VirusRemoval.vbs' then double-click the key to edit and delete C:\Windows\System32\VirusRemoval.vbs

Also for Startup entries, you can check these keys:


		Code:
	

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

*


----------



## english_sos (May 12, 2008)

it is infact a very nagging .vbs script virus, better known as the sujin virus. stop doing all the registry hacking yourself just download an antisujin kit available from this link 
*back2mangalman.blogspot.com/2007/12/sujin-virus-removal-tool-version-10-by.html
i faced the same problem and trust me it worked like charm.
regards
***things are easy if u know the solution.

english_sos


----------



## Pathik (May 12, 2008)

Actually it is not exactly a virus. It is a very useful VBscript. You can eit it and use it to get rid of those pesky andu-pandu USB viruses


----------



## english_sos (May 12, 2008)

Sorry Pathik If Kaspersky Says It Is A Virus, It Is. And Please Follow The Link You Will Find A Mine Of Information. Good Mine Yaar, Not Those Blasted Type.


----------



## blueshift (May 14, 2008)

I too don't think that it actually is a virus after reading the code. It just changes the IE title name and the startup page. It doesn't do any destruction like the trojans do.


----------



## magneticme200 (May 14, 2008)

yes its true...it has chngd my IE homepage frm default to *bro.gov.in/
and i dnt knw smehw i cnt chnge it evn..!!


----------



## Pathik (May 14, 2008)

Edit the virusremoval.vbs file and change all instances of that URL with about:blank

Or change these two keys:

```
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKCU\Software\Microsoft\Internet Explorer\Main\Window Title
```


----------



## BiggyIT (Jul 16, 2008)

I think you will find some solution in this link
*www.meganetscan.com/Tips&Fixes.html


----------



## nirjhar (Jul 20, 2008)

Use anivir 
 is the best antivirus
            specilly for autorun.inf
   And pendrive virus


----------



## prabirjit (Aug 7, 2008)

I faced the same 'bro.gov.in'  problem- no well-known anti-virus programs could detect or block its infection. Finally Malwarebytes' Anti-Malware program removed the virus -here is the report for experts to see:
   Registry Data Items Infected:
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
  [FONT=&quot]HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully[/FONT].

But the trace remained in the internet explorer - I just tackled that,  thanks to digit forum suggestion to use AntiSujin.


----------

