• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 757
  • Last Modified:

Can not find script file "C:\MS32DLL.dll.vbs"

Error....Can not find script file "C:\MS32DLL.dll.vbs" trying to open local drive. I've tried all the manual removal instructions (delete ms32.dll.dll.vbs, autorun.inf, etc.) but none of the files or registry entries were located. It seems the vbs.zodgila was present and cleaned but the symtom remains.
0
sillybell
Asked:
sillybell
1 Solution
 
David-HowardCommented:
Automatic and manual removal instructions are listed here.
Please note that you will need to disable System Restore (Explained within the link) and run your scans.
http://www.symantec.com/security_response/writeup.jsp?docid=2006-112416-3424-99&tabid=3
I would suggest as well that once you have updated your antivirus software and disabled System Restore that you boot into Safe Mode (F8 at Startup) and then run your scans.
David
0
 
sillybellAuthor Commented:
Thanks, David but I've already tried the manual removal links and none worked as the files and registry keys were not present to be removed.

0
 
jason_woodsCommented:
Another option is MalwareBytes:
http://malwarebytes.org/
It can install and run in safe mode as well as update (highly recommended).
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
sillybellAuthor Commented:
Sorry I didn't mention but I tried automatic removal tools first.
0
 
sillybellAuthor Commented:
Update: I found a registry key (HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2
\{0447f8d0-cc36-11db-9499-806d6172696f}\shell\autorun\command) that has a string value of "c:\windows\system32\rundll32.exe shell32.dll, shellexec_rundll wscript.exe ms32dll.dll.vbs"

If I delete {0447f8d0-cc36-...}, the double click works to open my c: but when I reboot, the reg key is back and I'm back to square one. Any idea what could be creating this key???
0
 
jason_woodsCommented:
You may have to disable system restore...
0
 
sillybellAuthor Commented:
system restore is disabled...
0
 
jason_woodsCommented:
What tools did you try?
0
 
rpggamergirlCommented:
That's a flashdrive infection, Flash_Disinfector should help.
Download this tool from either of these locations... run and follow the prompts:
http://www.geekstogo.com/forum/redirect.php?url=http%3A%2F%2Fdownload.bleepingcomputer.com%2FsUBs%2FFlash_Disinfector.exe
http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe 
 

If the problem persists, run ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
sillybellAuthor Commented:
Thanks for the posts but I due to time constraints I went ahead and did a format and reload.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now