umnict
asked on
Autorun.vbs virus not able to open my hard drive c: d:
While opening my drive it display message
Can not find script file "C:\autorun.vbs
help me to solve this
I have Microsoft Windows Xp and AVG as a antivirus which is not able to detect the virus
Can not find script file "C:\autorun.vbs
help me to solve this
I have Microsoft Windows Xp and AVG as a antivirus which is not able to detect the virus
Click Start->Run->MSConfig <Enter>
See if you can locate the pointer to it in the Startup tab. Uncheck it to deselect it from starting up.
See if you can locate the pointer to it in the Startup tab. Uncheck it to deselect it from starting up.
i think you have this virus on your system, please look at this
http://www.sarc.com/avcenter/venc/data/vbs.gaggle.e@mm.html#removalinstructions
and i recommend you to install and download the SpyBot spyware removal ,
http://www.safer-networking.org/en/download/index.html
http://www.sarc.com/avcenter/venc/data/vbs.gaggle.e@mm.html#removalinstructions
and i recommend you to install and download the SpyBot spyware removal ,
http://www.safer-networking.org/en/download/index.html
First, configure Windows to Show hidden *and* protected files.
Refer: http://www.winxptutor.com/showallfiles.htm
After you enable Windows to show hidden *and* protected system files, follow these steps:
1. Open Task Manager (taskmgr.exe) and terminate all instances of wscript.exe processes.
2. Open My Computer, right-click the C:\ drive in My Computer, and choose "open"
3. Delete the two files named "Autorun.inf" and "FS6519.dll.vbs"
4. Similarly, delete the two files in the other drives also.
5. Start MSCONFIG.EXE, click the Startup tab and uncheck "FS6519.dll.vbs" and click OK
6. Delete the file "FS6519.dll.vbs" from C:\Windows, if present
7. Restart Windows
Refer: http://www.winxptutor.com/showallfiles.htm
After you enable Windows to show hidden *and* protected system files, follow these steps:
1. Open Task Manager (taskmgr.exe) and terminate all instances of wscript.exe processes.
2. Open My Computer, right-click the C:\ drive in My Computer, and choose "open"
3. Delete the two files named "Autorun.inf" and "FS6519.dll.vbs"
4. Similarly, delete the two files in the other drives also.
5. Start MSCONFIG.EXE, click the Startup tab and uncheck "FS6519.dll.vbs" and click OK
6. Delete the file "FS6519.dll.vbs" from C:\Windows, if present
7. Restart Windows
ASKER
http://www.safer-networking.org/en/download/index.html
I tried spy bot and update and run it also i was not able to fix the problem
There wasn't any wscript.exe in task manager and I also find "FS6519.dll.vbs" but unable to find that file also deleted the autorun.inf . Now I have installed norton 10.1 and its also not able to detect the virus name
1. Open Task Manager (taskmgr.exe) and terminate all instances of wscript.exe processes.
2. Open My Computer, right-click the C:\ drive in My Computer, and choose "open"
3. Delete the two files named "Autorun.inf" and "FS6519.dll.vbs"
4. Similarly, delete the two files in the other drives also.
5. Start MSCONFIG.EXE, click the Startup tab and uncheck "FS6519.dll.vbs" and click OK
6. Delete the file "FS6519.dll.vbs" from C:\Windows, if present
7. Restart Windows
I tried spy bot and update and run it also i was not able to fix the problem
There wasn't any wscript.exe in task manager and I also find "FS6519.dll.vbs" but unable to find that file also deleted the autorun.inf . Now I have installed norton 10.1 and its also not able to detect the virus name
1. Open Task Manager (taskmgr.exe) and terminate all instances of wscript.exe processes.
2. Open My Computer, right-click the C:\ drive in My Computer, and choose "open"
3. Delete the two files named "Autorun.inf" and "FS6519.dll.vbs"
4. Similarly, delete the two files in the other drives also.
5. Start MSCONFIG.EXE, click the Startup tab and uncheck "FS6519.dll.vbs" and click OK
6. Delete the file "FS6519.dll.vbs" from C:\Windows, if present
7. Restart Windows
ok
would you please use the hijackthis and past it here
http://download.hijackthis.eu/hijackthis_199.zip
would you please use the hijackthis and past it here
http://download.hijackthis.eu/hijackthis_199.zip
ASKER
Logfile of HijackThis v1.99.1
Scan saved at 8:39:26 PM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTra
C:\PROGRA~1\Grisoft\AVGFRE
C:\PROGRA~1\Grisoft\AVGFRE
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc3
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.ex
C:\WINDOWS\system32\wuaucl
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn
C:\WINDOWS\system32\drwtsn
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCAL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTra
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVGFRE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O17 - HKLM\System\CCS\Services\T
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLog
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Scan saved at 8:39:26 PM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTra
C:\PROGRA~1\Grisoft\AVGFRE
C:\PROGRA~1\Grisoft\AVGFRE
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc3
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.ex
C:\WINDOWS\system32\wuaucl
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn
C:\WINDOWS\system32\drwtsn
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCAL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTra
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVGFRE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O17 - HKLM\System\CCS\Services\T
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLog
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
i didn't see anything wrong in your log file, but i noticed that you have two anytivurs (norton and AVG) you don't have to have two antiviurs, only one is good to your system, you have to unistall one.
about the viurs, try to search you registry for the 'autorun.vbs" key and delete all the values there this maybe help.
about the viurs, try to search you registry for the 'autorun.vbs" key and delete all the values there this maybe help.
ASKER
I was able to fix the problem at last
Step 1. Scan all the Hard drive to antivirus in my case norton antivirus
But the problem of not able to open your drive and be fixed only if u delete all the files which is left from the virus ....for that you have to able to see hidden files and system file then delete all the autorun file there will be lot of files including autorn.zip autorun.ini. autorun.vbs after removing all those file and after restart of your pc only or just log out u will be able to access your drives
Step 1. Scan all the Hard drive to antivirus in my case norton antivirus
But the problem of not able to open your drive and be fixed only if u delete all the files which is left from the virus ....for that you have to able to see hidden files and system file then delete all the autorun file there will be lot of files including autorn.zip autorun.ini. autorun.vbs after removing all those file and after restart of your pc only or just log out u will be able to access your drives
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
then delet the "AUTORUN.INF" file from the root hard drive .