well i recently had a redlof virus attack on my pc
in short this virus puts a vbscript file named kernel32.dll in system folder and executes it when ever an infected file is opened via
registry entry at hklm/soft/mic/wind/currverr/run
it infects files with .html .htm extensions ( ihad these only infected dunno if it infects other files) (ie if you have saved some webpages for future reaading (like icz tutes ,msdn kb articles,under the hood articles) it infects them (adds 12 kb of vbscritpt stuff to those files)
this also uses wscript.exe
on browsing through for info i read in one symantec(search noscript in symantec) article that you can delete the wscript.exe
well i tried renaming it but this file refuses to be renamed
it generates a new version of it every time it is renamed
so i cut it from that folder and pasted it some where
still it got generated (pesky file huh)
so started to search why it is so
on going through event viewer ( isaw a warning stating a window file protected file is being replaced)
so searched for info again and came to tech spot
(i ve read the article by accel to also on disabling sfc)
is it recommended
can i delete this wscript alone is it possible to do it
what kind of implication may be there if it is deleted
any replies are welcome
in short this virus puts a vbscript file named kernel32.dll in system folder and executes it when ever an infected file is opened via
registry entry at hklm/soft/mic/wind/currverr/run
it infects files with .html .htm extensions ( ihad these only infected dunno if it infects other files) (ie if you have saved some webpages for future reaading (like icz tutes ,msdn kb articles,under the hood articles) it infects them (adds 12 kb of vbscritpt stuff to those files)
this also uses wscript.exe
on browsing through for info i read in one symantec(search noscript in symantec) article that you can delete the wscript.exe
well i tried renaming it but this file refuses to be renamed
it generates a new version of it every time it is renamed
so i cut it from that folder and pasted it some where
still it got generated (pesky file huh)
so started to search why it is so
on going through event viewer ( isaw a warning stating a window file protected file is being replaced)
so searched for info again and came to tech spot
(i ve read the article by accel to also on disabling sfc)
is it recommended
can i delete this wscript alone is it possible to do it
what kind of implication may be there if it is deleted
any replies are welcome