Jemelbdfpx.vbs - SanDisk Electronics - Others

it is a virus plz follow the instruction bellow to remove this virus:

1. Go to Task Manager –> Processes and End the following processes in order:
   1. dxdlg.exe
   2. wscript.exe
2. Go to Start –> Run –> regedit –> Open the following key:
   HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
3. In the right hand pane, select Userinit and delete everything except “C:windowssystem32userinit.exe”
4. 
5. Make sure the processes wscript.exe and dxdlg.exe are not running.
6. Delete the following files
   1. C:WindowsSystem32dxdlg.exe
   2. C:WindowsSystem32boot.vbs
   3. In your Windows drive, search for boot.vbs and delete all of them.
   4. In your Windows drive, search for kinza.exe and delete all of them.
7. Disable System Restore and then Enable it again.
8. Restart your computer.

Hopefully everything will be cleaner now and your computer will be free from boot.vbs virus . Please share your experiences.

I think this is what your looking for.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FAutorun.FC

1. Go to Start, Run and type: cmd press Ok.

2. At the command prompt, type in your primary drive location, usually C:

3. You may need to change the directory. If so type: cd \ hit Enter.

4. Type: attrib -s -h -r -a autorun.inf hit Enter.

5. Type: dir and hit Enter. This will allow you to see and confirm the Autorun files.

6. Type: del autorun.inf hit Enter. Repeat the above commands for each drive on your computer including your flash/usb drive.

7. Now search for and remove sowar.vbs, SysRes.vbs, Cool USEP Scandal.vbs

• At the command prompt, type in your primay drive location, usually C: hit Enter.
• Type: attrib sowar.vbs.* -s -h -r -a hit Enter.
• Type: dir /s sowar.vbs Hit Enter.

8. If the file is present, type: del sowar.vbs hit Enter.

• Repeat the above commands for each drive on your computer including your flash/usb drive.
• Then repeat these instructions to search for and delete SysRes.vbs, Cool USEP Scandal.vbs on each drive if present.

9. Exit the command prompt and reboot normally.

10. Disable autorun.

Can not Find. Script File
C:\WINDOWS\System32\CleanViirus.vbs

Download this file to your desktop.
http://securityresponse.symantec.com/avcenter/UnHookExec.inf
Once on your desktop,Right click and select install.

You have this virus/worm "VBS/Solow-B" or FS6519.dll.vbs and need to delete it.

To delete the value from the registry

Click Start > Run.
Type regedit
Click OK.

Navigate to and delete the following registry entries:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun"FS6519" = "%Windir%FS6519.dll.vbs"
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain"Window Title" = "TAGA LIPA ARE!"

Exit the Registry Editor.

Run antivirus scan

Are you comfortable going into the registry, if so , do this:

virusremoval.vbs

1. From the start menu click Run -> type Regedit


2. Registry Editor will open


3. In the Registry Editor, go to Edit menu and press find

4. In the find dialog box type - virusremoval.vbs and press find next button
5. The search will end at some folder in the registry at the key - "userint"; doubleclick it; you will find many paths separated by commas - eg: c:windows/system32/userinit.exe,c:/windo... and so on.
Among those paths you will find "C:\windows\system32\virusremoval.vbs". Delete the path. Ensure that remaining paths are unaltered so that your genuine scripts are not affected.


6. Press F3 (find next) to see if the same path exists somewhere else in your registry. If found again at some other place remove the path there also.


7. Repeat F3 until you get a message that search has finished.

If I could be of further assistance, let me know. If this helps or solves the issue, please rate it.
Thanks, Joe



I’m happy to assist further over the phone at https://www.6ya.com/expert/joe_8b8c2cd6ce148309

Probably this is a spyware, use a good anti spyware or do the following:

Run Process Explorer (right click on task bar>task manager>Processes) and Kill the Following Processes:
wscript.exe
dxdlg.exe (kill this one first)

Run Autoruns and under logon tab, remove
C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\boot.vbs
Search for entries named wproxp and remove it

Remove the following files from your PC:
C:\WINDOWS\system32\dxdlg.exe
wproxp.exe (Most probably in your system32 or windows folder)
C:\WINDOWS\system32\boot.vbs

Here's what you should do. actually I prefer using DOS to do this. ok, so fire up the DOS and goto C:
this virus actually put two files on each partition that It will infect, autorun.inf and the .vbs file which contains the code of the virus. currently the attributes of these two files are hidden, read-only and system. so using attrib command, type:
attrib -h -r -s autorun.inf
attrib -h -r -s m*.vbs
del m*.vbs
del auto*.inf

also look for the windows folder and look for the other .vbs file of the virus and change its attribute.

not yet done.

activate your task manager(ctrl-alt-del) and look for wscript.exe, you should end this task.

take not you must do this in every partition or flashdisk that have been infected. Take note you should also check the registry since this virus append it's .vbs to the [Run] field of the registry and also it alters the Title of your Internet Explorer to Hacked by Godzilla.

after your done, you need to reboot your system.

hi my friend got that last week to... ehat you need to do is download kaspersky. after running kaspersky. that will be gone. you can download kaspersky @ majorgeeks.com Here are some examples of autorun viruses which rely on the autorun function of Windows to infect PC’s and flash drives. Funny UST Scandal.avi.exe Autorun.vbs win32.autorun.k copy.exe imgkulot taga lipa are autorun.vbs recycler FS6519.dll.vbs strawberry from baguio W32/Perlovga (copy.exe | host.exe) VBS_RESULOWS.A Bha.dll.vbs w32automa worm (Autorun.vbs) Trojan.Win32.VB.atg | Win32/Dzan | Worm_vb.bnr (tel.xls.exe | mmc.exe) W32/RJump.worm (RavMonE) Worm.Win32.Delf.bf | W32.Fujacks (spoclsv.exe) W32.Fujacks.BH (****.vbs) WORM_AGENT.PGV (soundmix.exe) W32/Hakaglan.worm (RVHost.exe) Trojan.Win32.VB.ayo [AVP] (Macromedia_Setup.exe) Trojan.VBS.DeltreeY.b#1 (Destrukto!!! | destrukto.vbs) if you want to manually delete it... Solution is here: 1. Start Notepad [Start Menu-All Programs-Accessories-Notepad] or right-click any empty space in your desktop then select New-Text Document 2. Copy the following text. (note: Everything in between the square brackets should be in one line) REGEDIT4 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingAutorun.inf] @="@SYS:DoesNotExist" 3. Save the file with a name (anything) like DisableAutoRun.reg (The extension .reg is the important part) 4. Double Click your newly created registry file. Choose yes or continue to the warning that will appear. hope this helps