Removing kpcgrhynko.vbs virus manually
Ok guys, some of you encountered the virus that creates shortcuts on your flashdrives and hiding the original file. It can be acquired when you insert your USB flashdrive on computers already affected by that virus. Anyway, here's how you can remove that:
1. Open the task manager (ctrl+shift+esc on windows 7 or ctrl + alt + del on XP).
2. Navigate through the process named "wscript.exe" and terminate it to refrain the virus from executing.
3. Open the command prompt (press windows + r then type "cmd" without the quotes).
paste the following code
the code above will unhide all the hidden files on your G:/ drive (replace that to the path of your flash drive)
4. Locate the kpcgrhynko.vbs script (or any suspicious .vbs files) and delete it.
NOTE: if the kpcgrhynko.vbs still exists, you can always kill the wscript.exe in the task manager to keep that vbs script from executing.
5. Possibly, that virus may duplicate itself to the computer who inserted that flash drive that was already infected by that virus. To make sure that your computer isn't affected by that virus, scan it with your anti virus or use this instead. Watch out the path which is affected by that virus. Usually it exist in
C:\Users\Ran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup and in C:\Users\Ran\AppData\Local\Temp
The virus itself maybe invisible. So, unhide all files and folder by opening your windows explorer (windows + e) and on the menu bar, click Organize->Folder and Search Options
1. Open the task manager (ctrl+shift+esc on windows 7 or ctrl + alt + del on XP).
2. Navigate through the process named "wscript.exe" and terminate it to refrain the virus from executing.
3. Open the command prompt (press windows + r then type "cmd" without the quotes).
paste the following code
attrib -s -h -r /d /s G:/*.* the code above will unhide all the hidden files on your G:/ drive (replace that to the path of your flash drive)
4. Locate the kpcgrhynko.vbs script (or any suspicious .vbs files) and delete it.
NOTE: if the kpcgrhynko.vbs still exists, you can always kill the wscript.exe in the task manager to keep that vbs script from executing.
5. Possibly, that virus may duplicate itself to the computer who inserted that flash drive that was already infected by that virus. To make sure that your computer isn't affected by that virus, scan it with your anti virus or use this instead. Watch out the path which is affected by that virus. Usually it exist in
C:\Users\Ran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup and in C:\Users\Ran\AppData\Local\Temp
The virus itself maybe invisible. So, unhide all files and folder by opening your windows explorer (windows + e) and on the menu bar, click Organize->Folder and Search Options
A dialog box will pop-up. Go to View tab and select show hidden files, folders and drives
Click apply then OK.
If you found the kpcgrhynko.vbs, delete it. But make sure wscript.exe is not executing otherwise you won't be able to delete it.
and you're done.. ;)
nice rob! very clear
ReplyDeleteThanks sir. REALLY helpful
ReplyDeleteWell we as a whole realize that insurance is superior to anything cure, so it is prescribed to utilize secure perusing over the web. In addition a decent and all around redesigned antivirus ought to dependably be on the framework to keep the circumstance where you need to do additional endeavors to expel FBI Virus Removal tools.
ReplyDelete