Le Support de BullGuard
How to remove VBS.Flesh.A
In order to remove it, restart in Safe Mode and do the following:
1. Go to Start, Run, type regedit and press OK.
2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
There you should see someting like: name REG_SZ "C:\Windows\name.vbs"
Make a note with that name and do the following:
NB: Before you edit the registry, please export the keys that you plan to edit, or create a backup of the system.
3. Delete the registry key.
4. Go to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
and delete the Window Title key.
5. Delete the file:
6. To clean the removable storage device (USB stick, PEN drive etc.) right-click on your USB stick/PEN drive icon and select Explore.
NB: Be careful NOT to double-click on the icon because the malware will be reactivated.
7. Locate and delete the autorun.inf file.
1. When you navigate on the web the Internet Explorer window title shows Hacked by name.
1. This is a harmless malware, you do not need to be concerned, your computer has not been hacked.
2. This malware search for flash drives every 200 seconds and when one is found it tries to copy itself on it.
3. It set the autorun.inf file in order to be run when the drive is accessed.
4. It set the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run in order to run at startup.
5. It changes the HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main, Window Title.
The BullGuard Team