The worms that infect windows are really funny.
Kinza, IPH, Boot.vbs… what not…
Simple and Stupid worms… that make Windows go crazy..
I studied them, got ‘inspired’ by removal tools and tried some more… and here i give you a ‘open source’ .bat file that would remove those stupid stuffs…
here is the file: www.parikrama.net.np/worm_buster.bat
download the file and run it..
here is the thing it does…
cd\
shutdown -a
taskkill /f /im wproxp.exe
taskkill /f /im isetup.exe
taskkill /f /im imapd.exe
taskkill /f /im dxdlg.exe
taskkill /f /im imapdb.exe
taskkill /f /im imapd.exe
taskkill /f /im imapdb.exe
taskkill /f /im scvvhsot.exe
taskkill /f /im wscript.exe
taskkill /f /im Kinza.exe
taskkill /f /im iph.exe
taskkill /f /im iph.exe
taskkill /f /im iph.exe
taskkill /f /im iph.exe
taskkill /f /im iph.exe
taskkill /f /im iph.exe
taskkill /f /im iph.exe
reg add “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon” /v Userinit /f /d “%windir%\system32\userinit.exe”,
reg add “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon” /v Shell /f /d “explorer.exe”
reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer” /t Reg_Binary /v NoDriveAutoRun /f /d ffffff03
reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer” /t Reg_dword /v NoDriveTypeAutoRun /f /d 36
reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer” /t Reg_dword /v NoFolderOptions /f /d 0
reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System” /t Reg_dword /v DisbleRegistryTools /f /d 0
reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System” /t Reg_dword /v DisableTaskMgr /f /d 0
del /a /f /s boot.vbs
del /a /f /s virusremoval.bat
del /a /f /s wproxp.exe
del /a /f /s isetup.exe
del /a /f /s imapd.exe
del /a /f /s ActMon.ini
del /a /f /s dxdlg.exe
del /a /f /s imapde.dll
del /a /f /s imapdd.dll
del /a /f /s imapdc.dll
del /a /f /s imapdb.exe
del /a /f /s imapd.exe
del /a /f /s imapdb.dll
del /a /f /s imapdb.exe
del /a /f /s Kinza.exe
del /a /f /s iph.exe
del /a /f /s system.bat
del /a /f /s autorun.inf
del /a /f /s semiantivirus.vbs
_______________________
Initially it kills the processes.. then activates the Folder Options, unlocks the registry and task manager
Then it searches and kills all the worms found.
thanks for this post. yesterday i got this virus on my machine…let us see if your tool works!!if you have any idea how to remove this manually, pls help.
thank you
[autorun]
open=wscript.exe SemiAntiVirus.vbs
icon=%systemroot%\System32\SHELL32.dll,8
action=Open folder to view files
shell\open=Open
shell\open\Command=wscript.exe SemiAntiVirus.vbs
shell\Auto=AutoPlay
shell\Auto\Command=wscript.exe SemiAntiVirus.vbs
shell\Explore\Command=wscript.exe SemiAntiVirus.vbs
shell\Find=Search…
shell\Find\Command=wscript.exe SemiAntiVirus.vbs
shell\Format…=Format…
shell\Format…\Command=wscript.exe SemiAntiVirus.vbs
its simple.
go to command prompt and stop the process wscript.exe by this command : taskkill /f /im wscript.exe
then go to root by command cd\
then type del /a /f /s semiantivirus.vbs to search and delete all semiantivirus.vbs in your c drive.
now to immunize your pendrive just make a folder called autorun.inf in your pendrive, this will prevent further transmission of the viruses.
ps. del /a /f /s autorun.inf will delete the hidden undeletable file from the pendrive.
thanks buddy. i did not know about killing a task using command prompt. How ever, i did the same using process explorer. But now, an error message comes during the start up. i wrote about it my blog. have a look
what error message do you have in the startup. do post we can try solving the problem.