Remove Killgodzilla (Manual) by olliegoblue27

VIEWS: 0 PAGES: 4

									                           Remove Killgodzilla (Manual)

                           MANUAL REMOVAL INSTRUCTIONS

                            Terminating the Malware Process

This procedure terminates a legitimate process that is used by the malware to load itself.

    1. Open Windows Task Manager.
       • On Windows 98 and ME, press
       CTRL+ALT+DELETE
       • On Windows NT, 2000, XP, and Server 2003, press
       CTRL+SHIFT+ESC, then click the Processes tab.
    2. In the list of running programs*, locate the process:
       WSCRIPT.EXE
    3. Select the process, then press either the End Task or the End Process button,
       depending on the version of Windows on your computer.
    4. To check if the process has been terminated, close Task Manager, and then open it
       again.
    5. Close Task Manager.




*NOTE: On computers running Windows 98 and ME, Windows Task Manager may not show
certain processes. You can use a third party process viewer such as Process Explorer to
terminate the malware process.

If the process you are looking for is not in the list displayed by Task Manager or Process
Explorer, continue with the next solution procedure. If the malware process is in the list
displayed by either Task Manager or Process Explorer, but you are unable to terminate it,
restart your computer in safe mode.

Removing Autostart Entry from the Registry

This solution deletes/modifies a registry entry added/modified by this malware. Before
performing the steps below, make sure you know how to back up the registry and how to
restore it if a problem occurs. Refer to this Microsoft article for more information about
modifying your computer's registry.

    1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
    2. In the left panel, double-click the following:
       HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
       Windows>CurrentVersion>Run
    3. In the right panel, locate and delete the entry:
       KILLMS32DLL = "%Windows%\killgodzilla.vbs"

Removing Other Malware Entry from the Registry

This solution deletes/modifies registry keys/entries added/modified by this malware. Before
performing the steps below, make sure you know how to back up the registry and how to
restore it if a problem occurs. Refer to this Microsoft article for more information about
modifying your computer's registry.
    1. Still in Registry Editor, in the left panel, double-click the following:
       HKEY_CURRENT_USER>Software>Microsoft>
       Internet Explorer>Main
    2. In the right panel, locate and delete the entry:
       Window Title = ""
    3. Close Registry Editor.

Deleting Malware-created AUTORUN.INF

    1. Right-click Start then click Search... or Find..., depending on the version of Windows
       you are running.
    2. In the Named input box, type:
       AUTORUN.INF
    3. In the Look In drop-down list, select a drive, then press Enter.
    4. Select the file, then open using Notepad.
    5. Check if the following lines are present in the file:
       [autorun]
       shellexecute=wscript.exe killgodzilla.vbs
    6. If the lines are present, delete the file.
    7. Repeat steps 3 to 6 for AUTORUN.INF files in the remaining removable drives.
    8. Close Search Results.

Important Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of
infected computers.

Users running other Windows versions can proceed with the succeeding solution set(s).

Running Trend Micro Antivirus

Scan your computer with Trend Micro antivirus and delete files detected as
VBS_SOLOW.DA. To do this, Trend Micro customers must download the latest virus pattern
file and scan their computers. Other Internet users can use HouseCall, the Trend Micro online
threat scanner.


Thank you for
Trend Micro Antivirus
Hacked By Godzilla

                                            spyware
                 Handy Drive           Floppy Disk


1.                      Double Click
Open       Explore
2.                       Title Bar       Internet Explorer       “Hacked By Godzilla”

                           Godzilla 2
----------------------------------------------
      1                        killGodzilla      http://www.rajapark.ac.th/aca/KillGodzilla.zip
               .zip                                 kill godzilla



1. Scan                        Drive                                         Harddisk , Floppy Disk,
Network Drive                        Read/Write              Access Permission
2. Mode                       Auto Scan                  Argument "/auto"          System Admin
                              Script
3.      Freeware
4.                              36KB

                                                                                 Title Bar    Internet
Explorer                  “Hacked By Godzilla”

----------------------------------------------

     2           manual                   delete    MS32DLL.dll.vbs            regedit ,
msconfig      gpedit.msc            autorun
1.Double Click        My Computer Desktop             Tools --> Folder Options
2.                Folder Options           View
1)          Show Hidden files and folders
2)              /                    Hide extention…    Hide protected operating system
file
3)     OK

3.       Ctrl+Alt+Delete
4.                     Windows Task Manager                           Processes
1)              Image Name (     sort File)
2)               wscript.exe (     )
3)        End Process

5.        (                              Explore      Double Click           )               autorun.inf
   MS32DLL.dll.vbs      (                Shift+Delete )
Handy Drive    Floppy disk

6.               C:WINDOWS                       MS32DLL.dll.vbs       (          Shift+Delete )

7.         Start-->Run                             Run             regedit          OK
                     Registry Edit
8.        HKEY_LOCAL_MACHINE --> Software --> Current Version --> Run
MS32DLL (           Delete        )

9.              HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer --> Main
                 Window Title “Hacked by Godzilla” (              Delete           )

10.      Start --> Run                    Run            gpedit.msc       OK
                   Group Policy
11.        User Configuration --> Administrative Templates --> System --> Double Click
    Turn Off Autoplay                     Turn Off Autoplay Properties
1)        Enabled
2)        All drives
3)    OK
                                                   Handy Drive


12.          Start --> Run                     Run            msconfig       OK
                       System Configuration Utility         Startup
1)                  /                      MS32DLL
2)          Apply
3)          OK (      Close)
                         System Configuration       Exit Without Restart

13.Double Click           Mycomputer Desktop               Tools --> Folder Options
14.                   Folder Options          View
1)    /                       Hide extention…      Hide protected operating system file
2)    OK

15. Click                    Recycle bin         Shortcut Menu             Empty Recycle bin



                                                   ...




            :

http://www.rajapark.ac.th/webboard/question.asp?GID=58


http://web1.rru.ac.th/index.php?option=com_simpleboard&Itemid=60&func=view&catid=6&i
d=1690&lang=th

								
To top