With connection to internet there are chances of transfer of unknown viruses to your PC.It might happen through unscanned pendrives of your friends too.In same way a new annoying virus enterd into my friend's PC.The CD drive used to get ejected automatically every time he opened any local drives in PC .Finally it was traced out that the file causing the problem was ProtectFile.vbs.
Still ..the removal of ProtectFile.vbs was causing problem. The virus makes hidden, read-only multiple copies of itself in all the drives which are difficult to be detected. It can’t be deleted or renamed without disabling its “read-only” property. And lastly when we try to delete any one of the multiple copies, it uses an autorun.inf (executed automatically by windows) file to recreate itself from its copies in other drives.
ProtectFile.vbs is designed to be difficult to be deleted.
- Go to Task manager(Press Ctrl+Alt+Del).
- In the Processes tab , Kill the processes : explorer and wscript.exe(if available)
- Now go to Applications tab and press new task
- Enter cmd .Go to the drive c:\
- Type del /f/q/a protectfile.vbs
and del /f/q/a autorun.inf - Go to c:\windows\system32
and enter del /f/q/a secureguard.vbs
Now you have deleted all the infected files in your system - Goto regedit(enter regedit in Run) and search for protectfile.vbs and delete all entries with this name.
- Now search for the secureguard.vbs and modify it as in the path del only"c:\windows\system32\secureguard.vbs... and let the other part of the path be there alive..
- Restart your system
Isn't it great removing virus manually???
27 comments:
Thanks for such a nice post. I was really worried about my computer's odd behavior. I was completely lost until saw your post. Thank you again.
nice to know tht it fixed ur problem :)
Thanks a lot mate. I found the vbs file and had cleared that, but wasn't aware of the secureguard.vbs.
Thanks for the detailed descript :)
I was just curious, apart from ejecting, does it really did anything harmful?
I scanned the file with 3 antiviruses and 4 antispywares and antimalwares and none could detect anything wrong with it.
Is this just a stupid annoyeware or something, or did it contain something vicious hidden in the code?
@Ridge
Welcome dude
yeah...its just a stupid malware tht gets hidden in all drives...quite annoying too
Hi
I am also suffering from the same virus, I followed the guideline given here
but still virus is there in my sytem , as i tried to delete the secureguard it gave me a messge
"access denied!". so this file secureguard could not be removed from my system.
can any one please help me out.
@haru_abk
Hi Haru. You can delete the file by adding your user and grant it full rights. If you're using windows XP Professional, do the following steps:
1. Open windows explorer. Tools->Folder Options->View, then under advance settings, uncheck the last option for 'Use Simple File Sharing (Recommended)'
2. Right click on the drive/directory from which you want to remove the file.
Properties->Security
Click on Add under 'Group or User name'. Then add your current user and press ok. Do it even if you are already an administrator.
Then back on the security tab, click on ALL the users 1 by 1 and for each user, tick the 'Allow' on 'Full Control'
Then OK. And then delete it. If it still doesnt work, start windows in safe mode and log in with the administrator and then do it.
If it still doesnt work, you can use the simplest method.
Download the latest version of Spybot - Search & Destroy. Install and Update. Click on 'Mode' at top and set to 'Advanced mode'.
Then under left side panel, goto 'Tools' and open 'Secure Shredder'.
Its a VERY powerful handy software. You can simply search for all copies of secureguard and protectfile and shred them using the shredder. It deletes all system files.
Simple :)
Spybot can be downloaded from
http://www.filehippo.com/download_spybot_search_destroy/
PS: You can use just the shredder as well.
I am uploading it on Rapidshare. Just download, extract the exe and dll and run.
http://rapidshare.com/files/165259509/Secure_Shredder.rar
Thanks Ridge!
@haru_abk
Hope it helped. did you manage to delete it? which method did you employ?
@Haru_abk
I hope you got your problem solved..
Always use Avira Antivir + Threatfire + Spybot
These keep your system away from viruses,trojan and malwares... :)
@Ridge
Nice to see you back again
Thankx for your support here in helping out Haru
when I serch for secureguard.vbs,nothing was found.Now what I will do ? Is this harmfull ?
My e-mail is sibun.kk@gmail.com
@SIBUN
simple search u might not get tht file...
but if u face the CD ejecting problem ..then follow the above steps
its not dangerous..but its irritating
Hello,
Thanks a lot for this post. I followed the steps and now the C: partition on my local hard disk is fine. Also I had a question-
- Ever since i made the registry change, whenver the system boots up to the desktop, it gives a windows script host window saying -"Unknown option specifed- /fq/a" . Was there a mistake in the way i made the regedit? There is no other problem on the C: other than this.
- Also, I have another 2 partitions on the hard driove E: and F: - they were also infected. The issue now is that when i try to access these drives from "My Computer" it says - "Cannot find script file'E:\Protectfile.vbs"...this was happening with C: before, howver after the registry change am able toopen C:without any issues..but not E: and F:. But am able to opn them if I got to Run and type their names.
Can you please help me?
@Annie
Probably it may b in startup
Delete it from startup by going to msconfig
let me know if it worked
else try to follow the steps once again
hi can u tell me after searching for secureguard.vbs in regedit ...whatto delete and what not to. currently its showing c:\windows\system32\secureguard.vbsis it ok ?
hi can u tell me after searching for secureguard.vbs in regedit ...whatto delete and what not to. currently its showing c:\windows\system32\secureguard.vbsis it ok ?
after removing secureguard.vbs, when i boot my pc it shows an error message :
cannot find script file c:/windows/system32/secureguard.vbs
what should i do
@vicky
its not ok...its a virus
@kushal
try to remove it from startup
hey thanks ...this worked brilliantly....except while searching for protectfile .vbs in registry there were many results but i deleted only the ones which had "protectfile.vbs" in it....it solved my problem...thanks...
one more questions...how can i clean it from my pen drive without it affecting my pc again...
@shish
go to dos
then enter to ur pen drive
type dir /a
chk if those files r present
if its der
den delete it using dos commands..hope u knw..else follow the steps in this post
Thanks...I am facing the problem again...alert of VBS: autorun-J[wrm] in C:\System Volume Information\_restore{141.......
how do i clean this...tried reparing it with avast antivirus ..but did not work...
@shish
Disable System restore
And try the steps again..it might work
it is generally preferred to stop system restore while removing any virus
@shish
You can also try to delete the old restore files which have that file in it. You'll have to take ownership of System Volume Information folder, otherwise you wont be able to delete anything. Infact I think it doesnt even allow you to access it.
hi..i tried follwing the steps again after turnign system restore off...but it says file not found
also took ownership of folder but did not find any restore files...
any other way??
@shish
I dont knw where u went wrong
do upload the screenshot of error u get ...just giv the link here
did u chk Run > msconfig > startup tab ????
Thanx a lot friend.....It's really working....Thanx once again..
Who knows where to download XRumer 5.0 Palladium?
Help, please. All recommend this program to effectively advertise on the Internet, this is the best program!
i didn't get the step 8, where to find the secureguard.vbs file? in registry. Since when i find this file i am not getting any path as you have mentioned in the post.