Friday, August 15, 2008 ; 1:05 AM
Restore access to drives under My ComputerDoes this happen with you?
* You cannot access or enter the hard drives on your computer when you click on a partition say C or the D Drive?
* You find an annoying autorun.inf or MSwin32.dll.vbs or r.cmd or bqk.bat or klp8j6i.com on all your flash drives and partitions?
* Task Manager disabled? Cant view hidden files?
* Startup is slow? PC hangs while booting up?
The Solution 1. Download and run this file! Unlock.v1.2 f 2. Save all your work and Restart your computerNote: The Script Killer file might take a few minutes to run and might display error messages. Its normal. The file will not do any harm. If it helped or if it didnt, please drop in a comment! thanks!
Read further only if you would like to read more about the problem and how I solved it! Also read my article on Removing the FlashDrive autorun.inf Virus for more info
A few words of explanation about the (so called) virus
The contents of a typical malicious autorun.inf
[autorun]shellexecute=wscript.exe mswin32.dll.vbsFor any person with basic understanding of scripts, it will be quite clear what this script is all about :P and which settings on your computer are being changed.
What is wscript.exe ?
It is the Windows Scripting Host!
How I did I do it ?
Now this is the fun part :D
The following operations are performed by the file:
1. Terminates the Windows Processes wscript.exe and monit.exe.
2. Deletes all autorun.inf files on system.
3. Deletes all mswin32.dll.vbs files on system.
4. Deletes all r.cmd files on system.
5. Deletes all bqk.bat files on system.
6. Deletes all klp8j6i.com files on system.
7. Deletes the virus entry from startup/registry.
8. Disables Scripting.
After the operation is complete all the temporary files are deleted.Download Noscript.exe and permanently disable scripts! or Read more on How to manually disable (or re-enable) the Windows Scripting Host, Symantec or read what Sophos has to say about itOkay, the programming above is crude but hey it works ;)I want to reverse engineer this script to use its rapid spreading power against it. To make it cure the infection of all the systems it infects. Maybe in due time …My congratulations to to the guys who made this virus/vbscript :P has gotten into almost every system in my collegeComments and suggestions welcome and I hope it helps !
