Skip to main content

WSCRIPT.EXE Script Virus

Posted in
Before Any Changes Are Made MAKE SURE TO BACK UP YOUR FILES 1 > Go to Folder Options and set to show HIDDEN FILES and FOLDERS and UNHIDE Protect OPERATING SYSTEM FILES 2 > End task from TASK MANAGER program wscript.exe 3 > Open notepad.exe, look for the file wscript.exe in your c:/windows/system32/ 4 > Modify the said program and save it (note: if it wont save, you'll have to end its task first, step 1, and make sure its not a read only file(right click on the icon and properties, remove the check from read only then hit apply) 5 > Click Start then go to "Run" type "MSCONFIG" and hit ok. 6 > Go to the "Startup" tab then look for a start up program that is attached to "wscript.exe", write down the location and to "Run" and type REGEDIT. 7 > Search for the string and delete it from the registry 8 > This certain virus creates an *.exe program of the same name of the folder each folder it resides. Run a search for *.exe on your drives and sort the results by size and date. Each of them has an ICON of a Folder and is 145KB work of file. 9 > This will show that the infected *.exe all have the same sizes and date it was created. Now you'll have to delete them all out and purge it from your "Recycle Bin" X > Restart the computer and run another search for them ( the *.exe's which happens to be the script for this virus ) make sure to leave no copies from the computer since opening any of these, even by accident will cause the script to activate again and you'll have to start over. X1 > Before restoring your back up. Make sure you have a script killer program installed first and then run a search for the *.exe with file size 145kb from your back up. DELETE them and make sure you don't have them in your "Recycle Bin" X2 > Check the "Task Manager" and see if WSCRIPT.EXE is still running ( if its still there, the string in the REGISTRY is still active, do the the step REGEDIT step once again). If none, then computer is now completely sanitized. :) Forum Notes : WSCRIPT.exe is a legit program from Microsoft™ but the virus adds a line in the executable that will cause the program to perform outside its purpose. The command line that was added to its program causes to spawn an infected application inside all folders of your drives and by running or opening any of those application causes the activation of the virus.

AddToAny

Share this