How to remove VBS Malware gen from your PC

One of my colleagues often comes to my chamber with 3 to 4 thumb drives and requests to scan these drives for viruses. I did scan all his drives and deleted the virus using free antivirus software Avast 4.8. Two drives did not show viruses in the removable disk but when I inserted the 3^rd pen drive it showed the message that the drive has stains of VBS Malware gen. Avast flashed this message and asked for action. There were several options to act like 1. Delete the file, 2. Move to chest, 3. Rename the file, 4. No action.

I tried all the options but of no avail. I stopped the memory drive for safe removal and inserted my own thumb drive. To my utmost surprise, my own pen drive also got infected with VBS Malware. After doing boot scan with antivirus I deleted the viruses from my hard disk and got relieved that now my system was free of viruses. But this was not to happen as after insertion of pen drive in the USB port Avast flash the message again that the pen drive was infected with VBS Malware. I scanned my Antivirus program and found that even my Antivirus program was infected.

Earlier I have been puzzled by some other viruses and removed these viruses using Online Antivirus scanners. This time I also did the same but could not succeed in my attempts of getting rid of VBS Malware gen. Online scanner showed the infection and removed successfully all the viruses. I was relieved that now onward I will get freedom from VBS Malware. But my confidence shattered when Avast again flashed the message showing that VBS was very much there. You won’t believe, it all went on for a fortnight.

The last hope: World Wide Web (www):

Left with no other alternative, I thought to take refuge with www. I double clicked the Internet Explorer and to my surprise it opened a site by default and that was www.shyam.co.np. This site claimed that this was not an act of virus, but had links to some very useful sites. I got suspicious, changed my home page, and restarted the Internet Explorer. Again Internet Explorer opened the same site. Now I was convinced that this site is anyhow connected with VBS problem. I immediately informed the Microsoft site about this site using the fishing filter. I am awaiting response from Microsoft.

As a last resort, I opened the google and put the keyword VBS Malware in the search box. When the search page opened I got a sigh of relief that I was not the only sufferer but the search page was full of queries and requests. I took a snapshot of the search page and placed it below.

I forgot to tell you that this was happening to me second time. First time I searched several forums but most of the forums suggested to disable the system restore and scan the system with online scanners. I did it using several online scanners but failed to get rid of VBS Malware. I wish to acknowledge the site and the person whose suggestions helped me to get rid of VBS in my earlier attempt but unfortunately I forgot the name and could not trace that site this time. May be that site has been moved or that particular page has already expired. Unfortunately, I forgot the name of the program suggested by that great soul. I searched my hard disk and one item caught my attention. It was ComboFix with a sign of a red colored cross. I dusted my fainted memory that hinted me that this program could be the same program that I used earlier to remove the VBS. I clicked on the program but it told me to download it again as its functionality was now over due to expire date.

I downloaded ComboFix from the net. I installed this program and scanned computer with ComboFix. After scanning with Combo, I scanned my computer using Avast 4.8 free version. Just to make sure whether VBS has been removed or still there, I inserted my thumb drive in USB port. I scanned this drive to be sure that VBS is not there and it was a great pleasure to know that at last I got rid of the VBS Malware. Some people say that it is software but to me it appeared a junked nut. Now I was happy but one last question in my mind was whether shyam.co.np was still my home page or not so to verify it I opened Internet Explorer. This time address bar was empty showing blank page. I thanked ComboFix and developers of Combo who helped me get rid of both VBS malware gen and Shyam.co.np. If you are faced with the similar problem I am giving some useful links to various resources available on the net.

1. How to use ComboFix ?

2. ComboFix download

Top Online Virus Scanners:

You may face similar situation if system is infected with any other virus, malware or spyware that is difficult to remove with your machine installed antivirus software. Although ComboFix will remove several malware and viruses but none of the antivirus can remove all malicious software from your system. Easiest way to get rid of these, if unable to remove by above method, is to use online virus scanners. First try to restore your computer to an earlier date. If computer can not be restored to an earlier date, you should disable system restore by right clicking “My Computer” and then selecting “Properties”. Here, you can disable the “System Restore”. When you have done it, connect to the net and search online virus scanners. In most of cases, these online scanners may clean the malicious software. Most of these scanners work with Internet explorer. You can choose online scanners from the list given below.

F-Secure

BitDefender

Computer Associates Malware Scanner

ESET

NanoScan

McAfee FreeScan

TrendMicro

_________________________________________________