[AI] problem in internet explorer

Chaodhari, Sanjeev IN BOM SISL Sanjeev.Chaodhari at siemens.com
Wed Jul 4 06:35:48 EDT 2007


Dear Chetan
Hi
I am pasting an article which might solve your problem.
This may or may not work.
For more information you can google in for " internet explorer hacked by Godzilla"
Article begins
Recently my IE title shows "Hacked by Godzilla" after transfer some files to a handy drive. "Hacked by Godzilla - MS32DLL.dll.vbs" also known as VBS.Zodgila
worm was discovered since Nov 23, 2006. It has very low threat (according to symantec report). "Hacked by Godzilla - MS32DLL.dll.vbs" worm spread thru
handy drive or floppy disk.

This is basically what Hacked by Godzilla - MS32DLL.dll.vbs - VBS.Zodgila do when it execute:
List of 4 items
* Creates the following files:
[DRIVE LETTER]:\MS32DLL.dll.vbs
[DRIVE LETTER]:\MS32DLL.dll.vbs
[DRIVE LETTER]:\autorun.inf
Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
* Adds the value:
"MS32DLL" = "%Windir%\MS32DLL.dll.vbs" to the registry subkey:
HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows \CurrentVersion \Run
so that it runs every time Windows starts.
* Adds the value:
"Window Title" = "Hacked by[REMOVED]" to the registry subkey:
HKEY_CURRENT_USER \Software \Microsoft \Internet Explorer \Main
to modify title in Internet Explorer.
* Attempts to copy itself to removable drives and create registry entries every 200 seconds.
list end

Information above was taken from
Symantec website.

If your computer affected by "Hacked by Godzilla - MS32DLL.dll.vbs" worms:-
List of 2 items
* Your Internet Explorer title will end with "Hacked by Godzilla"
* You might not able to open any of your drive thru double click (you still able to open/explore using right click -> explore)
list end

How to remove "Hacked by Godzilla - MS32DLL.dll.vbs" (VBS.Zodgila) worm?
List of 14 items
* Open Task Manager ( Right click on your taskbar and click "Task Manager" )
* Click on Processes tab and select "wscript.exe" and click "End Process" button. (Remember to remove all wscript.exe)
* Go to My Computer, Click on Tools -> Folder Options, click on View tab
* Under Advance settings,
check "Show Hidden files and folders",
uncheck "Hide extensions for known file types",
uncheck "Hide protected operating system files (Recommended)"
and click "OK" button
* Go to C:\WINDOWS or C:\WINNT and delete file MS32DLL.dll.vbs
* Now go to all your drive in your computer, and delete autorun.inf and MS32DLL.dll.vbs including your USB Drive and Floppy disk. All the autorun.inf and
MS32DLL.dll.vbs file is located at the root directory of your drive, ex: c:\MS32DLL.dll.vbs, d:\MS32DLL.dll.vbs ...
Block quote start

To access your drive, Go to My Computer, right click on the drive and select "Explore"
Block quote end
* Next we are going to clean your registry record. Click Start -> Run, type regedit
* Go to HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \Current Version \Run and delete MS32DLL (right click on it and select delete)
* Now we are going to disable CD Autorun, Go to HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Cdrom look for Autorun and double click on it and
enter 0 as it's DWORD value
Block quote start

You can skip this steps if you do not wish to disable CD Autorun feature. But Hacked By Godzilla worm spread when CD Autorun is ON.
Block quote end
* Go to HKEY_CURRENT_USER \Software \Microsoft \Internet Explorer \Main and delete "Window Title" which has it's value of "Hacked by Godzilla"
* Now go back to My Computer, Click on Tools -> Folder Options, click on View tab
* Under Advance settings,
uncheck "Show Hidden files and folders",
check "Hide extensions for known file types",
check "Hide protected operating system files (Recommended)"
and click "OK" button
* Empty your Recycle Bin.
* Restart your PC and your PC should be clean from Hacked by Godzilla now
list end

Happy surfing!

Thanks.
When you don't have any choice, you have a choice to work hard.
Sanjeev
Email: Sanjeev.chaodhari at siemens.com
 Or daarshnicsanjeev at hotmail.com
Space: http://daarshnicsanjeev/spaces/live.com
 Call: +919820637390 
Direct office: +9102267572118
-----Original Message-----
From: accessindia-bounces at accessindia.org.in [mailto:accessindia-bounces at accessindia.org.in] On Behalf Of Chetan Sharma
Sent: Tuesday, July 03, 2007 12:22 PM
To: accessindia at accessindia.org.in
Subject: [AI] problem in internet explorer

Hello Friends,

It seems that my computer is infected with some malware Etc. whenever, I launch internet explorer and hear the title bar it says something like this, internet explorer hacked by godzilla" I have run adaware and AVG anty spyware and according to their diagnosis, no threat is present in my PC. but I am more than sure that some sort of infection is definitely there. I did a system restore and apparently,    solved my problem for a day or two, but it popped up again.Now could anybody suggest how should I remove this infection without formatting my computer? What precisely  is "GODZILLA"? is this a name of any spyware or something else?
With regards,


   
Chetan Sharma
Manager
Regional Office
Oriental Bank of commerce
Second floor
Anand Bhawan
Sansar Chandra Road
Jaipur
302001
Rajasthan
India
Ph: 91-141-2314662
Fx: 91-141-2365315
Hand Phone: (0)9414323675
To unsubscribe send a message to accessindia-request at accessindia.org.in with the subject unsubscribe.

To change your subscription to digest mode or make any other changes, please visit the list home page at
  http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in




More information about the AccessIndia mailing list