?
Solved

VBS.Solow.B - Need help to remove

Posted on 2007-09-29
8
Medium Priority
?
660 Views
Last Modified: 2013-12-09
Operating System : Window XP SP2
Infected with Virus : VBS.Solow.B

- Performed Full System scan but cannot detected by symantec anti-virus.
- Run had been disable
- Cannot view hidden file at folder option
- Tried to Fix with hikackthis - No GO

Navigate to and delete the following registry entries by Symantec website but how to run the regedit as the run button is disable?

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"FS6519" = "%Windir%\FS6519.dll.vbs"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window Title" = "TAGA LIPA ARE!"

Kindly advise how to remove this virus. Thanks so much in advance.

0
Comment
Question by:newbies1512
6 Comments
 
LVL 33

Expert Comment

by:hongjun
ID: 19986308
0
 
LVL 22

Expert Comment

by:orangutang
ID: 19986339
0
 
LVL 70

Expert Comment

by:Merete
ID: 19986348
Name VBS/Solow-B  Low threat..
Type Worm
 How it spreads>>> Removable storage devices << do you have any storage devices plugged in? Remove all external usb devices and hardware where possible, any slaved hdd?

 Affected operating systems Windows
 Side effects Installs itself in the Registry.
 Protection available since 14 February 2007 08:05:47 (GMT)  

that said and done try scanning in safemode, check the regestry keys in safe mode also,
often times success is higher when windows is not using anything.
if all fails slaving the hdd can also work wonders but you woudl need a second desktop.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 19986683
Hi,

That's a Flash drive infection!
Flash_Disinfector will take care of it.
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

This infection will also impose the following Group policy restrictions:
- NoFind
- NoRun
- DisableRegistryTools
- DisableTaskMgr
- NoFolderOptions
- SystemRestore - DisableConfig
- SystemRestore - DisableSR
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 19986686
The tool will also create a bogus folder, autorun.inf in every partition to stop the spread of infection.
It wont stop the infected file from getting in, but it does prevent the loading point from getting created.
0
 
LVL 70

Expert Comment

by:Merete
ID: 21185231
Do you still require assistance,
Your question is still open?
Is your account still active
You can now close your own question use the delete link
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
If you are like me and like multiple layers of protection, read on!
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question