TechSpot

Is there a file of hijackThis that can be use to scan protable device

By mackenzie_tins
Mar 8, 2008
  1. i cannot removed the trojan virus on my SD memory card using norton, can i use the hijackThis file on my portable device
     
  2. CCT

    CCT TS Evangelist Posts: 2,653   +6

    HijackThis is basically a Registry scanner.

    Download AVG and update it and it allows for specifying scans of a particular drive. Other AV programs may also.

    I would suggest you turn OFF autoloads/autorun first for the USB/Firewire device ports so it doesn't try to migrate into your comp. In XP this easy with TweakUI.
     
  3. jobeard

    jobeard TS Ambassador Posts: 9,311   +617

    unload the important pictures and just reformat it as FAT32
     
  4. mackenzie_tins

    mackenzie_tins TS Rookie Topic Starter

    i have already reformat my other usb, but the other one it seems like the virus is very hard to remove.

    when i scanned it with norton, i found one threat "W32.SillyDc", but i cannot removed it it says there that 'threat cannot be removed from an unsupported file'........but when i installed avg and scanned it, no threats found. so i scanned it again with norton and it was found by norton....what does it mean, AVG wasnt able to scan it and norton can. is the risk of W32.SillyDC very high?

    also, when i scanned my SD device "drive F" with norton, no threats found, but when i clicked on the SD device directly to open it there is a pop up saying "can not find script file F:\killVBS.vbs".......and after downloading avg, i scanned it again with avg and nothing was found and eveyime i clicked on it directly there is a pop up......why norton and avg weren't able to scan F:\killVBS.vbs. what am i going to do. does the virus already migrated on my system?
     
  5. kritius

    kritius TS Guru Posts: 2,084

    Please follow these steps,

    Remember to back up the registry, see how HERE Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.

    In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows
    NT>CurrentVersion>Winlogon

    In the right panel, locate the entry:
    Userinit = "%System%\userinit.exe,%System%\wscript.exe "%system%\killVBS.vbs""

    Right-click on the value name and choose Modify. Change the value data of this entry to:
    C:\Windows\System32\userinit.exe,
    Close Registry Editor.

    Right-click Start then click Search

    In the Named input box, type:
    AUTORUN.INF

    In the Look In drop-down list, select a drive, in your case "drive F" then press Enter.

    Select the file, then open using Notepad.

    Check if the following lines are present in the file:
    [AutoRun]
    shellexecute=wscript.exe killVBS.vbs
    If the lines are present, delete the file.
    Repeat steps for AUTORUN.INF files in the removable drive.
    Close Search Results.
     
  6. mackenzie_tins

    mackenzie_tins TS Rookie Topic Starter

    i wasnt able to find Userinit = "%System%\userinit.exe,%System%\wscript.exe "%system%\killVBS.vbs"" in the registry, it is still "C:\Windows\System32\userinit.exe,",so i have to change nothing there right?

    and regarding the steps for "drive F", i also wasn't able to find anything, actually whenever i clicked the search to search on "drive F" searching is very fast, it would just last for only 1 second and it would say "search is complete. there are no results to display"....how come it searched that fast, when in fact i have a lot of pictures and videos on my SD device.

    ahhhhhhhhhhh this thing is getting me crazy....i need to copy the pictures on my SD device for my project, but i am scared to open it because of that killVBS. vbs thing. pls. help me is there any other way
     
  7. mackenzie_tins

    mackenzie_tins TS Rookie Topic Starter

    can i reformat my SD device into FAT32? because the file type of my SD device is only FAT....
     
  8. jobeard

    jobeard TS Ambassador Posts: 9,311   +617

    if you reformat, you LOOSE EVERYTHING!!!

    btw; killVBS.vbs would do it to you too :(

    you need a partition recovery tool, not a reformat technique.

    Sadly, it is highly likely that those pictures are already gone :(

    best wishes
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...