Solved

Can not find script file "C:\MS32DLL.dll.vbs"

Posted on 2009-04-14
10
742 Views
Last Modified: 2013-11-22
Error....Can not find script file "C:\MS32DLL.dll.vbs" trying to open local drive. I've tried all the manual removal instructions (delete ms32.dll.dll.vbs, autorun.inf, etc.) but none of the files or registry entries were located. It seems the vbs.zodgila was present and cleaned but the symtom remains.
0
Comment
Question by:sillybell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 27

Expert Comment

by:David-Howard
ID: 24140429
Automatic and manual removal instructions are listed here.
Please note that you will need to disable System Restore (Explained within the link) and run your scans.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-112416-3424-99&tabid=3
I would suggest as well that once you have updated your antivirus software and disabled System Restore that you boot into Safe Mode (F8 at Startup) and then run your scans.
David
0
 

Author Comment

by:sillybell
ID: 24140587
Thanks, David but I've already tried the manual removal links and none worked as the files and registry keys were not present to be removed.

0
 
LVL 4

Expert Comment

by:jason_woods
ID: 24140696
Another option is MalwareBytes:
http://malwarebytes.org/
It can install and run in safe mode as well as update (highly recommended).
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 

Author Comment

by:sillybell
ID: 24140977
Sorry I didn't mention but I tried automatic removal tools first.
0
 

Author Comment

by:sillybell
ID: 24142360
Update: I found a registry key (HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2
\{0447f8d0-cc36-11db-9499-806d6172696f}\shell\autorun\command) that has a string value of "c:\windows\system32\rundll32.exe shell32.dll, shellexec_rundll wscript.exe ms32dll.dll.vbs"

If I delete {0447f8d0-cc36-...}, the double click works to open my c: but when I reboot, the reg key is back and I'm back to square one. Any idea what could be creating this key???
0
 
LVL 4

Expert Comment

by:jason_woods
ID: 24142404
You may have to disable system restore...
0
 

Author Comment

by:sillybell
ID: 24147471
system restore is disabled...
0
 
LVL 4

Expert Comment

by:jason_woods
ID: 24147679
What tools did you try?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24154679
That's a flashdrive infection, Flash_Disinfector should help.
Download this tool from either of these locations... run and follow the prompts:
http://www.geekstogo.com/forum/redirect.php?url=http%3A%2F%2Fdownload.bleepingcomputer.com%2FsUBs%2FFlash_Disinfector.exe
http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe 
 

If the problem persists, run ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 

Accepted Solution

by:
sillybell earned 0 total points
ID: 24156813
Thanks for the posts but I due to time constraints I went ahead and did a format and reload.
0

Featured Post

RoboForm Secure Password Management System

RoboForm Everywhere - Superb Browser Support
Windows / Apple / IOS / Android / Linux / Chrome OS
Use different complex passwords everywhere
Best Secure Password Management by far
Synchronize all of your devices instantly
Safe, Secure & Highly Recommended!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ransom.CRYPTXXX Activity 2 9 131
Zepto Ransomware - Decrypt/Restore files 5 281
Laptop fan running all the time 21 129
Defence against Ransomeware on Remote Desktop Server 5 83
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question