RE: [Keralites] Hacked by Godzilla...!!!Gift from Noushad

 Recently my IE title shows “Hacked by Godzilla” after transfer some files to a handy drive. “Hacked by Godzilla - MS32DLL.dll.vbs” also known as VBS.Zodgila worm was discovered since Nov 23, 2006. It has very low threat (according to symantec report). “Hacked by Godzilla - MS32DLL.dll.vbs” worm spread thru handy drive or floppy disk.

This is basically what Hacked by Godzilla - MS32DLL.dll.vbs - VBS.Zodgila do when it execute:

·        Creates the following files:
[DRIVE LETTER]:\MS32DLL.dll.vbs
[DRIVE LETTER]:\MS32DLL.dll.vbs
[DRIVE LETTER]:\autorun.inf
Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).

·        Adds the value:
“MS32DLL” = “%Windir%\MS32DLL.dll.vbs” to the registry subkey:
HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows \CurrentVersion \Run
so that it runs every time Windows starts.

·        Adds the value:
“Window Title” = “Hacked by[REMOVED]” to the registry subkey:
HKEY_CURRENT_USER \Software \Microsoft \Internet Explorer \Main
to modify title in Internet Explorer.

·        Attempts to copy itself to removable drives and create registry entries every 200 seconds.

Information above was taken from Symantec website.

If your computer affected by “Hacked by Godzilla - MS32DLL.dll.vbs” worms:-

·        Your Internet Explorer title will end with “Hacked by Godzilla”

·        You might not able to open any of your drive thru double click (you still able to open/explore using right click -> explore)

How to remove “Hacked by Godzilla - MS32DLL.dll.vbs” (VBS.Zodgila) worm?

·        Open Task Manager ( Right click on your taskbar and click “Task Manager” )

·        Click on Processes tab and select “wscript.exe” and click “End Process” button. (Remember to remove all wscript.exe)

·        Go to My Computer, Click on Tools -> Folder Options, click on View tab

·        Under Advance settings,
check “Show Hidden files and folders“,
uncheck “Hide extensions for known file types“,
uncheck “Hide protected operating system files (Recommended)”
and click “OK” button

·        Go to C:\WINDOWS or C:\WINNT and delete file MS32DLL.dll.vbs

·        Now go to all your drive in your computer, and delete autorun.inf and MS32DLL.dll.vbs including your USB Drive and Floppy disk. All the autorun.inf and MS32DLL.dll.vbs file is located at the root directory of your drive, ex: c:\MS32DLL.dll.vbs, d:\MS32DLL.dll.vbs …

To access your drive, Go to My Computer, right click on the drive and select “Explore”

·        Next we are going to clean your registry record. Click Start -> Run, type regedit

·        Go to HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \Current Version \Run and delete MS32DLL (right click on it and select delete)

·        Now we are going to disable CD Autorun, Go to HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Cdrom look for Autorun and double click on it and enter 0 as it’s DWORD value

You can skip this steps if you do not wish to disable CD Autorun feature. But Hacked By Godzilla worm spread when CD Autorun is ON.

·        Go to HKEY_CURRENT_USER \Software \Microsoft \Internet Explorer \Main and delete “Window Title” which has it’s value of “Hacked by Godzilla“

·        Now go back to My Computer, Click on Tools -> Folder Options, click on View tab

·        Under Advance settings,
uncheck “Show Hidden files and folders“,
check “Hide extensions for known file types“,
check “Hide protected operating system files (Recommended)”
and click “OK” button

·        Empty your Recycle Bin.

·        Restart your PC and your PC should be clean from Hacked by Godzilla now

Happy surfing!

 

 

********************************************DISCLAIMER******************************************** This email and any files transmitted with it are confidential and contain privileged or copyright  information. If you are not the intended recipient you must not copy, distribute or use this email or the information contained in it for any purpose other than to notify us of the receipt thereof. If you have received this message in error, please notify the sender immediately, and delete this email from your system.  Please note that e-mails are susceptible to change.The sender shall not be liable for the improper or incomplete transmission of the information contained in this communication,nor for any delay in its receipt or damage to your system.The sender does not guarantee that this material is free from viruses or any other defects although due care has been taken to minimise the risk. ************************************************************************************************** 

__._,_.___

Messages in this topic (2) Reply (via web post) | Start a new topic

Messages | Polls

KERALITES - A moderated eGroup exclusively for Keralites...
To subscribe send a mail to Keralites-subscribe@yahoogroups.com.
Send your posts to Keralites@yahoogroups.com.
Send your suggestions to Keralites-owner@yahoogroups.com.

To unsubscribe send a mail to Keralites-unsubscribe@yahoogroups.com.

Homepage: www.keralites.net

Change settings via the Web (Yahoo! ID required)
Change settings via email: Switch delivery to Daily Digest | Switch format to Traditional
Visit Your Group | Yahoo! Groups Terms of Use | Unsubscribe

Recent Activity

•  247
  New Members

Visit Your Group

Moderator Central

Get answers to

your questions about

running Y! Groups.

Check out the

Y! Groups blog

Stay up to speed

on all things Groups!

Wellness Spot

on Yahoo! Groups

A resource for living

the Curves lifestyle.

.

__,_._,___