We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.

BullGuard Ondersteuning

We zijn hier om u te helpen 24/7


E-mail ons ondersteuning team en we komen binnen 24 uur bij u terug


 

 

How to remove VBS.Flesh.A



THREAT NAME
VBS.Flesh.A

CLEAN INSTRUCTIONS

In order to remove it, restart in Safe Mode and do the following:

1. Go to Start, Run, type regedit and press OK.

 

2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

There you should see someting like:    name REG_SZ    "C:\Windows\name.vbs"

Make a note with that name and do the following:
NB: Before you edit the registry, please export the keys that you plan to edit, or create a backup of the system.

3. Delete the registry key.

 

4. Go to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
and delete the Window Title key.

 

5. Delete the file:


C:\Windows\name.vbs

6. To clean the removable storage device (USB stick, PEN drive etc.) right-click on your USB stick/PEN drive icon and select Explore.
NB: Be careful NOT to double-click on the icon because the malware will be reactivated.

7.  Locate and delete the autorun.inf file.


SYMPTOMS

1. When you navigate on the web the Internet Explorer window title shows Hacked by name.



DESCRIPTION
1. This is a harmless malware, you do not need to be concerned, your computer has not been hacked.

2. This malware search for flash drives every 200 seconds and when one is found it tries to copy itself on it.

3. It set the autorun.inf file in order to be run when the drive is accessed.

 

4. It set the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run in order to run at startup.

 

5. It changes the HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main, Window Title.

 


Author:
The BullGuard Team