Hi all,
I have a virus on my flash disk key.
When I mounted it on my pc for the first time the computer restarted automatically. The virus changed my desktop bacground picture and I cant change it using the pannel control since the option of the backgroud are disabled. Also, every time I restart my PC a window appears and prints:
Dont worry (my name) ! I'm a friend. Have a nice day
Exploering the Flash disk I found 2 hidden files:
autorun.inf and Wallpaper.vbs
I deleted the from the Key disk when click again on the disk icon in order to explore it these file are copied again inside.
Looking at the processes using the task manager I noticed that a process wscrip.exe is running and I'm conviced that it is the source of the problem unfortunately It seems that it is a component of windows.
Where can I find the scripts used by wscript in order to lunch the virus ?
Any other advise or solution is welcommed.
Please help.
I changed the extention of the file Wallpaper.vbs into Wallpaper.rtf
I edited it with wordpad and I find a script and some regedit suspecious file locations.
What Should I do ? Can I delete these suspecious files.
Sorry, but you need login in to view this attachment
It's not easy to remove a virus.
You can't do it while your windows is runing because the virus is also running. When you delete a file the virus can create a new one.
You can start the computer from CD which contains a anti-virus software and try to remove the virus.
Another idea is to remove your harddrive and connet it to another pc for virus scanning and removing (but this is dangerous since the other pc could also be infected)
In my opinion a complete new installation of your system is the best.
Else you can not be sure that the virus is completely removed (and also the virus could have downloaded other viruses or trojans or other bad software)!
