Hacked By Godzilla – MS32DLL.dll.vbs – wscript.exe
Recently my IE title shows “Hacked by Godzilla” after transfer some files to a handy drive. “Hacked by Godzilla – MS32DLL.dll.vbs” also known as VBS.Zodgila worm was discovered since Nov 23, 2006. It has very low threat (according to symantec report). “Hacked by Godzilla – MS32DLL.dll.vbs” worm spread thru handy drive or floppy disk.
This is basically what Hacked by Godzilla – MS32DLL.dll.vbs – VBS.Zodgila do when it execute:
- Creates the following files:
[DRIVE LETTER]:\MS32DLL.dll.vbs
[DRIVE LETTER]:\MS32DLL.dll.vbs
[DRIVE LETTER]:\autorun.inf
Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000). - Adds the value:
“MS32DLL” = “%Windir%\MS32DLL.dll.vbs” to the registry subkey:
HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows \CurrentVersion \Run
so that it runs every time Windows starts. - Adds the value:
“Window Title” = “Hacked by[REMOVED]” to the registry subkey:
HKEY_CURRENT_USER \Software \Microsoft \Internet Explorer \Main
to modify title in Internet Explorer. - Attempts to copy itself to removable drives and create registry entries every 200 seconds.
Information above was taken from Symantec website.
If your computer affected by “Hacked by Godzilla – MS32DLL.dll.vbs” worms:-
- Your Internet Explorer title will end with “Hacked by Godzilla”
- You might not able to open any of your drive thru double click (you still able to open/explore using right click -> explore)
How to remove “Hacked by Godzilla – MS32DLL.dll.vbs” (VBS.Zodgila) worm?
- Open Task Manager ( Right click on your taskbar and click “Task Manager” )
- Click on Processes tab and select “wscript.exe” and click “End Process” button. (Remember to remove all wscript.exe)
- Go to My Computer, Click on Tools -> Folder Options, click on View tab
- Under Advance settings,
check “Show Hidden files and folders“,
uncheck “Hide extensions for known file types“,
uncheck “Hide protected operating system files (Recommended)”
and click “OK” button - Go to C:\WINDOWS or C:\WINNT and delete file MS32DLL.dll.vbs
- Now go to all your drive in your computer, and delete autorun.inf and MS32DLL.dll.vbs including your USB Drive and Floppy disk. All the autorun.inf and MS32DLL.dll.vbs file is located at the root directory of your drive, ex: c:\MS32DLL.dll.vbs, d:\MS32DLL.dll.vbs …
To access your drive, Go to My Computer, right click on the drive and select “Explore”
- Next we are going to clean your registry record. Click Start -> Run, type regedit
- Go to HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \Current Version \Run and delete MS32DLL (right click on it and select delete)
- Now we are going to disable CD Autorun, Go to HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Cdrom look for Autorun and double click on it and enter 0 as it’s DWORD value
You can skip this steps if you do not wish to disable CD Autorun feature. But Hacked By Godzilla worm spread when CD Autorun is ON.
- Go to HKEY_CURRENT_USER \Software \Microsoft \Internet Explorer \Main and delete “Window Title” which has it’s value of “Hacked by Godzilla“
- Now go back to My Computer, Click on Tools -> Folder Options, click on View tab
- Under Advance settings,
uncheck “Show Hidden files and folders“,
check “Hide extensions for known file types“,
check “Hide protected operating system files (Recommended)”
and click “OK” button - Empty your Recycle Bin.
- Restart your PC and your PC should be clean from Hacked by Godzilla now
Happy surfing!
Posted at April 24th, 2007 by chua
If you think this article helps you to solve your problem and clear your headache, feel free to buy me a drink :)
May 3rd, 2007 at 4:38 am
i think after working so hard u have made this it should work.this means i should be able to delete hacked by godzila now
thanks.
May 3rd, 2007 at 7:30 pm
thank you for the information on deleting the MS32DLL.dll.vbs!
It was a total bitch to get rid of but these guidelines did the job!
thank you for posting them!
May 4th, 2007 at 4:28 pm
thank you for the information to remove those Suckx things…
Now i had only remove those things at C drive ONLY !!
So…how to remove the 2nd Drive ( D drive )
and how to remove from the externel hard disk
if know how to solve this problem mailing me plz !!! thx
May 4th, 2007 at 4:33 pm
hello, thanks for visiting my site
kenn: go to all your drives and delete autorun.inf and MS32DLL.dll.vbs at the root directory ex: d:\autorun.inf, e:\autorun.inf ….
May 4th, 2007 at 4:47 pm
welcome…
now i havent find those things (autorun.inf and MS32DLL.dll.vbs) at my D-drive and External hard disk
even i run search by… also didnt find those things
thats holy-bullshit
can u gave me ur email or msn ?
seen any problem can direct get the answer from u..ya
haha..
May 14th, 2007 at 2:44 pm
if u still get AUTORUN as default command for your drives… then run “gpedit.msc” and disable the AutoPlay for all drives…
May 14th, 2007 at 2:53 pm
hi piyush chandran: thanks for visiting my site
gpedit.msc is only available in Windows XP Pro edition.
For Windows XP Home user, you need to follow my registry edit steps to turn all autorun off. or you may use other tools to disable the autorun.
May 16th, 2007 at 12:50 am
I need your advise Godzilla had disabled the task manager and hide the folder i cant even find the task man.
Godzilla also inable always the autoplay eve if i disbled it.
I dont know what to do its really a headache…..
Please help….Thanks in advance…
May 16th, 2007 at 12:58 am
i cant open the task manager in my computer it says ” task manager is disabled by the administrator” I cant start working on how to delete this MS32DLL.dll.vbs.
May 16th, 2007 at 1:22 pm
neng: you must login as administrator to do all the works. i advice you to look for your system admin to solve this issue. Good luck
May 18th, 2007 at 8:32 am
18-May
I am having a PC with windows XP as O/S. My IE says that
hacked by godzilla. I saw the procedure to remove the virus.
I clicked the “Task Manager” and went to “process” option
and then I checked for “wscript.exe” under the column
“Image Name”. I DO NOT FIND the file “wscript.exe”
What should I do now to remove the godzilla since the first
step is to select the wscript.exe file and perform the
“end process” operation. Can anyone guide me on this issue.
Thank you for your time and efforts.
Sam
May 19th, 2007 at 6:58 pm
Thanks for your visit.
If you cant find the wscript.exe,
you can try to skip this step and continue the others.
Good luck
May 19th, 2007 at 10:29 pm
[...] http://www.techiecorner.com/122/how-to-f…; [...]
May 20th, 2007 at 9:34 pm
Thanks, thanks a lot for the info.
I deleted the hide files, but I didn’t know what to do at my registry (except IE title one).
Thanks a lot!
May 22nd, 2007 at 6:07 am
hi thanks for ur valueable suggestion.now from my I/E hacked by godzilla is removed and i had delete the ms32dll from registory files.but still i m not able o open any drive directly it is showing script ms32dll is not found.plz advise me wat should i do.
May 22nd, 2007 at 9:28 am
i suspect you didn’t fully delete the autorun.inf
make sure you have clear all the autorun.inf in all your drive.
May 22nd, 2007 at 11:28 am
thanks a lot chua, this godzilla is troubling me a lot from more than couple of month and today by yr help i am able to remove it from my computer, i am very happy….one thing i have a great enthusiasm to learn about registry and i think it is a very powerful tool so can u plz give me a particular website from which i can learn about registry in detail, o.k again thanks for yr help.
May 26th, 2007 at 11:20 pm
Hi, I have had “hacked by godzilla” for a while, I tried to remove it but after I rebooted it was still there I have a feeling I did not completely remove it from all my drives, I am having a hard time finding them, I got the c: drive and the only way I got access to my usb drive was to use my key, this did show me the ms32dll and autorun files on my key so I removed them , but those were the only two drives I got too. Please help!how do I access the other drives to be able to remove everything.
Thanks
May 30th, 2007 at 4:03 pm
i cant find wscript.exe from windows task manager . tell me how to find it,,,
May 30th, 2007 at 5:00 pm
Hi sarah, i think u didnt remove the wscript.exe yet. and pls make sure u disable autorun then you can re run this tutorial again, it should be able to remove it
hi everton, if you cant find the wscripts.exe u can just skip that step n continue to clean ur autorun files
June 1st, 2007 at 3:57 pm
Hi Chua,
My external drive is affected by ms32dll.dll.vbs. However, there isn’t any autorun.inf file found. I tried deleting ms32dll.dll.vbs manually. But when i tried opening my external drive, the same error message appeared.
My PC is not infected though, it doesn’t show anything about hacked by godzilla.
Hope you can help. Thanks
June 1st, 2007 at 9:53 pm
hey..i’m really thanking on whoever had written this solution and it’s very useful…i’ve been thinking on how to remove this worm for weeks….thank you so much!!hope you can write more script about common virus removal….
June 2nd, 2007 at 7:35 pm
please help..
I cannot uncheck “Hide extensions for known file types“,
and“Hide protected operating system files (Recommended)”.
I unchecked both and applyed and clicked ok but when i close folder options and go again both the “hide” options have benn rechecked…
Im helpless, coz without being able to view the hidden files i cant find any autorun.inf and MS32DLL.dll.vbs in any drive…
this godzilla was really tricky. it had removed my folder options from the tool menu, and disabled my registry edit too.. when i tried to run regedit a message popped up sayind the editing settings arent allowed. bt with online help i fixed both those problems, bt this cannot uncheck problem still remains, as so does godzilla…
June 3rd, 2007 at 12:19 am
Gillynne: you are welcome
rimi: r u login under adminstrator account? and please open only 1 window explorer to do the Folder Option.
June 9th, 2007 at 9:50 pm
Thanks! I used it and it works. Thanks for making the Net a safer place.
June 15th, 2007 at 3:58 pm
Hi! Could you please help me with the Virus, Godzilla? I have done alot of anti-virus scans online and downloaded some Antivirus programs but they cant seem to pick the virus out. If I do go through the process of yours, will it the vrius return?
June 23rd, 2007 at 9:12 pm
i’ve done all of the steps and i think i’ve vemoved the godzilla virus… however when i try to open C:\ i get an error message saying “can not find script file “c:\ms32dll.dll.vbs”" HELP!!! i can still access the c drive by choosing explore but this kinda worries me. if anyone can help please email me at fletcher68@gmail.com
thank you so much
June 28th, 2007 at 12:49 am
I don’t know if you can help me.
I’ve got that virus in one of my computers, and I mostly need to use that one (for the files, they are very important).
Well, what I do went I realize about the problem, was install a group of anti-virus for test it with the virus, but the only one which have effect, was “the hacker 6.1″, and… well, I try to install too the Noton A-Virus 2007, but a can’t complete the instal process, and I had to restart the computer for request of the Norton installation. BUT… … … after the restart, the system (winXP) start, but I can’t do nothing, even close the programs with the “task maneger” is impossible.
Please, HEEEELP MEE.
June 28th, 2007 at 3:52 am
just back from my vacation
Mich: Yes, your pc will be affected again if you still using those handy drive that already affected by the virus.
Fletcher: If you r sure that ms32dll.dll.vbs has been removed then it should be ok.
Charlie: you can try to install spybot to scan and clear your computer. Here is the link to download spybot. http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1
Remember to update the spybot database before doing the scan.
June 28th, 2007 at 11:27 am
Thanks, I find the solution through this website. My pc was infected by ms32dll.dll.vbs. I haven’t tried yet, but I guess its gonna work.
June 30th, 2007 at 5:58 pm
Thnx a lot 4 puttin suggestions abt d Godzilla virus….
Recently my IE was hacked by godzilla n was not able 2 use d internet….
Now it works fit n fine n am very much gr8ful 2 you… Cheers buddy
July 6th, 2007 at 3:52 am
hey u RO..OcKK MAN…
n solved my problem..
1 more prob..my pc has bcm slow..not bcoz of removing dis virus but it was earlier also..what shud i do 4 dat?
July 9th, 2007 at 2:24 pm
Thanks, it worked a treat. I’ve been trying to fix a friends computer and this script thing kept coming up when I double clicked the hard drives. I’m busy checking all the thumb drives but I’m using Ubuntu to clear those – Go on Godzilla trying hacking Ubuntu !
July 9th, 2007 at 10:02 pm
hey, thx for the info on clearing the virus.
but i still hav 1 more problem, i found out that the virus comes from my 2gb toshiba thumb drive, how do i clear it away?
i want to be able to use it
July 9th, 2007 at 10:51 pm
prachi: you can try to clear off some space for your Hard disk and perform a defragmentation. After the defrag it should be more smoother.
Max: if you have disabled the autorun, you can browse your thumb drive and delete the autorun.inf and MS32DLL.dll.vbs. once autorun.inf and MS32DLL.dll.vbs got removed your thumb drive will be clean again
July 10th, 2007 at 12:46 am
thnx…
hey 1 more problem wat shud i do 4 dis
disable CD Autorun …as none of my cd is bng displayed…now plz.. tell how 2 enable it again..
July 12th, 2007 at 9:06 am
Hi
Been havin trouble with this for a long time. Tired all the step instructed by you but except for deleting autorun.inf files got no where near this horrible bug.
Can not find any MS32DLL.dll.vbs files at anywhere in the system, even in the registry steps could not find anything as suggested.
I am using a windows xp. Please help.
Thanks Sree
July 12th, 2007 at 9:56 am
ei!!! thank you very much….. i delete that thing in my PC….. thanks for the fix… hmmmm… any good free anti virus there??
thanks…
*smiles*
July 13th, 2007 at 2:07 pm
thanks alot… i tried fixing it manually before reading your help…
probably i’ve screwed some things up before.. but still, your help, HELPS a whole lot…
thanx!
July 16th, 2007 at 10:28 pm
hi thank a lot for the valueable help of your.this process is very effective and now there is no godzilla in my pc.
thanks a lot…
July 17th, 2007 at 5:58 am
Hi
This virus was on the boot drive, I did a clean install so I assume it has gone?
I am not so sure about the slave drive, which is unplugged at the moment.
Is there a safe way to check and delete this virus from the slave without it infecting the boot drive
Thanks for any help
July 18th, 2007 at 4:11 pm
prachi: Start -> Run -> type “regedit” and look for HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Cdrom look for Autorun and double click on it and enter 1 as it’s DWORD value
*** Remember, this virus will spread thru ur affected thumb drive to your pc if Autorun feature is turn on again.
Sree: Did you use any other anti spyware program to clean your pc before? If so the files might be deleted by the anti spyware program.
Aimee: Try Avast anti virus, it’s free for Home use
http://www.techiecorner.com/102/avast-anti-virus-free-anti-virus-software/
Bigbear: yes you can clean your slave drive, but first you must disable the Autorun feature in your pc. follow the instruction i give to prachi and change the value to 0 will be able to disable the autorun
July 20th, 2007 at 8:49 pm
hihi
i’ve follow ur guide to remove the virus but the virus still there after i restart my pc.i goin 2 crazy coz i’ve 50gb files.can u help me on dis?
thax…
hope u can understand my question coz my eng not so good…
July 23rd, 2007 at 10:36 am
After following all your instructions, does it mean that the virus is completely gone? Can I turn on the “Autorun” feature again?
I think that the virus came from my thumbdrive. So if I clean my thumbdrive as suggested above, does it mean that my thumbdeive will no longer infect other computers?
Thank you so much for your advice!
July 25th, 2007 at 12:43 am
thanks for all the tips.. it seems to have worked.. i had tried everything..but nothing had worked so far.. thanks again
July 29th, 2007 at 9:07 pm
Thanks a lot. Followed your instructions and they worked. Great!
August 2nd, 2007 at 2:46 pm
Hie..i am not able to find that .exe file which mentioned above.however i couuldn’t open my drive(its showing me an xplorer view wnever i 2 click on it)..and my internet explorer is not showing haked by godzila…still i can filnd that .MS32DLL.dll.vbs file in my pc…..wat’ld i do??
August 2nd, 2007 at 4:54 pm
This tip helped me a lot & I really thanks to the propretory
August 3rd, 2007 at 12:49 am
i can’t find ms32dll.dll.vbs on my computer even after showing my hidden files and folders and godzilla has disabled regedit so i cant go into my registry. Can anyone help please because i just cant get rid of godzilla. please this is urgent, if only there is another way.
August 3rd, 2007 at 1:11 pm
Many thanks! This got rid of the bug. After restarting the comp, I could double click on all the drives the same as before, no problem.
August 8th, 2007 at 3:18 pm
hi chua,
i can’t run the “regedit”, at the dialog box shown “registry editing has been disable by your administrator”, i’ve already swicth to administrator user, but still can’t run it. plz help me… i’m getting crazy with this godzilla.
*sorry my eng not so good.
August 8th, 2007 at 6:13 pm
ady: hmmm weird, if you are administrator you will be able to run regedit. try to logoff and do a clean login using username as Administrator. If you are using welcome screen login, change it to the classic login screen n try this
August 16th, 2007 at 1:01 am
While clicking process button in the task manager window there is no file named ‘wscript.exe’. What is the solution?
August 16th, 2007 at 1:04 am
I cannot find ‘C:\WINNT’.Also AVG could not solve the problem.
August 16th, 2007 at 8:09 pm
hi, i didnt find wscript.exe on the task manager, i also didnt find MS32DLL.dll.vbs. so how come my browser has hacked by godzilla?
August 16th, 2007 at 10:35 pm
gilz / devendu: if u cant find the wscript.exe you can try to skip that steps n continue all the steps + clean the autorun.inf n MS32DLL.dll.vbs.
August 17th, 2007 at 6:57 pm
thnx a lot dude !! u hav helped me to get rid out of this .U hav done a nice Job.
August 20th, 2007 at 9:39 pm
Does this disable the internet browser capabilities. I went through you steps to remove this but still cant use the internet. This problem started before i found out that it had godzilla virus now i still have no internet. I loaded monzilla internet browser even with a good connection. Is there something else i can look at??
August 24th, 2007 at 5:20 pm
Thanks a lot buddy….u details helped me kill this ‘Hacked by Godzilla’….This thing works…!!!
August 28th, 2007 at 12:54 am
[...] ok i got what problem it was Hacked By Godzilla – MS32DLL.dll.vbs – wscript.exe Hacked By Godzilla – MS32DLL.dll.vbs – wscript.exe i did what it said everything was ok then i reboot my i got this error look at screen i did [...]
August 28th, 2007 at 1:24 am
dude please help me out…im frustrated
ms32dll.dll.vbs
once i formatted my windows drive thinkin this virus will go…
but it didn’t…..
now i tried to follow these steps exactly as u’ve mantioned above
first of all i couldn’t find wscript on the processes tab in the task manager
& in the tools->folder options->view im not able to check “Show Hidden files and folders“, &
uncheck “Hide protected operating system files
after clicking ok button on its own it wud ve chked uncheck “Hide protected operating system files &
uncheck “Hide extensions for known file types“….
& im not able to find MS32DLL.dll.vbs in c:\windows
in any of the drives ms32dll is not found & also autorun.inf
even in registry im not able to find MS32DLL
IF I DOUBLE CLICK ON MY DRIVE IT SAYS “cannot find the script file driveletter:\ms32dll.dll.vbs”
AND AS SOON AS I LOGIN TO MY WINDOWS IT SAYS “cannot find c:\recycled\SVCHOST.exe”
plz help me out dude
August 30th, 2007 at 12:48 pm
Man you are genius.
September 1st, 2007 at 8:32 am
Mark: This virus does not affect ur browser capability. if u still not able to access the internet i think ur computer is infected by other viruses. Try to use Firefox as ur default browser.
Charan: this virus is hidding in ur thumb driver / handy drive. If u want to get rid of this virus, first of all u need to clean ur thumbdrive. If ur thumbdrive isn’t clean and u format your computer, it don’t help to solve the problem. If u cant find MS32DLL.dll.vbs then u have to look for the autorun.inf.
The error shows when u double click in your drive is caused by this autorun.inf script. And if possible empty ur recycle bin and do a full system scan using antivirus and spybot.
September 5th, 2007 at 6:05 am
i couldn’t find wscript.exe in the task manager is it because i have vista????
plz help
thanks
September 7th, 2007 at 10:40 am
ohhhhhhhhhhhhhhhhhhhh !!! thnks to much!!!! thanks a lot!!! it was a little difficult to me to do that, because i cant undstnd very wll the english, but i tried to do it step by step, and… everything worked!! …. XD
September 10th, 2007 at 6:58 pm
u r the god to me , gr8 guidence. It worked wonderful.
Thanx a lot man ..
September 12th, 2007 at 8:46 am
elie sabbagh: i haven’t tried on vista yet. if you cant find wscript.exe then you can try to skip that steps and proceed to next step
September 15th, 2007 at 1:27 pm
hi guys
i trying very hard u did mention the instruction as follow but after i did the same way yes this MS32DLL.dll.vbs is gone and no more Autorun.inf
but why after click my computer we see drive A: drive c: drive d: and about when we selecting drive c: bu using mouse arrow key to clic it open c: drive this messages appearing ((( MS32DLL.dll.vbs is missing cannot open drive)) how to fix this???
September 17th, 2007 at 3:07 pm
Thanks! great work! You help me a lot
Greetings from Poland
September 19th, 2007 at 11:59 am
sws55788: i think you miss the steps to remove the autorun.inf. Once you removed those autorun.inf, it’ll be ok again.
September 20th, 2007 at 12:46 pm
Hi, my dads com was infected with this virus. I was using your guide to try and remove the virus and ran into some problems.
“check “Show Hidden files and folders“,
September 22nd, 2007 at 12:07 am
i have removed “Hacked by Godzilla” from my computer and the best help i found from http://howto.redcomputer.net/windows/hacked_by_godzilla.php
that articale really works.
Some time you will find the folder options has being disabled by this virus and also you cannot access to regedit. I got it done by searching google.com for the problems.
So I think this would help others having the same problem.
-=royal=-
October 2nd, 2007 at 6:36 pm
speed of the program is very slow also folder option does not open with double click it open with right click
October 12th, 2007 at 4:19 pm
I was about to format my PC.
You saved me! thanks a lot.
October 22nd, 2007 at 4:17 am
hi thanks for ur suggestions.now from my I/E “hacked by godzilla” is removed and i had delete the ms32dll from registory files.but still i m not able o open any drive directly it is showing script ms32dll is not found.plz advise me wat should i do.
And i made sure that all system “ms32dll.dll” n “autorun.inf” were deleted.
i did it twice
November 6th, 2007 at 6:07 pm
dear sir,
as you have shown in the procedure to delete the ms32dll.vbs, let me tell you that i have deleted the autorun.inf file but the above mentioned file is not getting deleted.. it is showing error ” cannot delete the file, as it is being used by another program or person” close any file that might be using that file or program”
can you help
November 7th, 2007 at 6:59 pm
While starting my PC after loggin giving error as C:\recycled\SVCHOST.exe not found. Make sure you have entered currect name
November 14th, 2007 at 11:13 pm
buddy, i was not able to find autorun.inf & MS32DLL.dll.vbs in any of my drives. Plz suggest how can i search those files.
November 15th, 2007 at 1:14 pm
jaikishan: if possible start your windows using Safe Mode. During your computer boot time, keep pressing F8, it will show you some selection, you select “Start winxp in Safe mode”. Once started, you can try to remove those files.
Anshul: did you show all your files?
# Go to My Computer, Click on Tools -> Folder Options, click on View tab
# Under Advance settings,
#check “Show Hidden files and folders“,
#uncheck “Hide extensions for known file types“,
#uncheck “Hide protected operating system files (Recommended)”
# and click “OK” button
If you do not see these files then your anti virus or spyware cleaner cleaned it off.
November 18th, 2007 at 3:46 pm
seriously, i coulen’t find any wscript.exe on processes, ms32dll.dll.vbs on my windows folders too
November 22nd, 2007 at 12:46 am
[...] Click here to learn how to repair or delete MS32DLL.dll.vbs on your windows machine [...]
November 30th, 2007 at 5:05 am
hey..i tried doing it but as soon as i press the process button in the task manager the task manager window gets closed on its own…it’s as if the virus evolved man!
December 6th, 2007 at 9:14 am
hi thanks for d info man its helpful but wen i tried to do so d virus in d mother hdd dats D DRIVE IN MY CASE COULDNT BE DELETED it always gave msg its in use why this happened can u inform me bout dat. waiting for reply.
thanks
December 6th, 2007 at 11:09 am
hi bhushan, did u do this step?
” Click on Processes tab and select “wscript.exe” and click “End Process” button. (Remember to remove all wscript.exe)”
you must ensure all the wscript.exe is not running then only you can remove all the files.
December 11th, 2007 at 3:50 pm
I have problem with my windows vista I can’t remove “hacked by godzilla”
anybody pls help me how to remove from my pc.
December 15th, 2007 at 9:13 pm
Hi,
I can’t open my drive by double clicking it, it shows a dialogue box “Can’t find C://MS32DLL…… ” ….
Something to note too… I manage to find the MS32DLL.vbs file but I can’t find the autorun.inf file. Also, I had already disabled my CD autorun earlier on…
Appreciate if u can advise…
Thanks
December 18th, 2007 at 4:25 pm
madie: sorry i havent try this on vista. if anyone tried this on vista please help madie. TQ
Smsinggal: i think you miss the steps to show all hidden file.
# Go to My Computer, Click on Tools -> Folder Options, click on View tab
# Under Advance settings,
check “Show Hidden files and folders“,
uncheck “Hide extensions for known file types“,
uncheck “Hide protected operating system files (Recommended)”
and click “OK” button
Then you’ll able to see the autorun.inf
December 22nd, 2007 at 4:29 pm
Thanks for the Pos.
Got rid of the Bitch.
December 25th, 2007 at 6:26 pm
hi! buddy. thanks a looooooooooooooooooooooooooot. it works.
January 12th, 2008 at 11:49 am
Hi Chua,
thanks for replying, I still can’t find the autorun.inf even though I’ve check “Show Hidden files and folders” and uncheck “Hide extensions for known file types“ & “Hide protected operating system files (Recommended)”
Please advise on how I should do. Thank you
January 23rd, 2008 at 8:24 am
Thank you,
This trojan worm infected almost every computer in my task force while deployed. Your instructions saved American soldiers a means of communication. And potentially their lives.
January 28th, 2008 at 1:18 pm
___ cheers mate it seems to have worked. cheers
/ \
( l )
( )
____ ( )____
( ) ( )
January 30th, 2008 at 1:10 pm
I ahve windows vista and i am having a hard time following your steps ecause i cant find the tools in the my computer. Please help
January 31st, 2008 at 10:22 am
I have window vista, and the problem is there is no tools in the my computer version of vista. If you can find it, please advise
February 10th, 2008 at 2:11 am
error i am facing is TTMS131.dll.vbs
March 5th, 2008 at 1:34 pm
I am having trouble finding the MS32 and autorun.inf files. I have run searches etc. and have resorted to search each idividual file and folder. I really need help to find this damn things. OH and by the way,cab this virus also infect portable devices like MP3’s?
March 5th, 2008 at 10:30 pm
HELP!
i turned on my laptop one day and got 3 virus hits on autorun. i deleted them all and thought everything was fine, but when i tried to access my memory key (usb) the screen flickered and now it wants me to select a program. the same is happening for my C drive.
I’ve read how to remove the virus, and I’ve tried to do what you say. Unfortunatly there is no “wscript.exe” in the prosceses tab. also, when i search “autorun.inf” there are no files that contain the virus, and when i run “msconfig” and look in the startup options there’s nothing there either.
I have tried to continue with the steps, but nothing really works.
please help me…
April 15th, 2008 at 10:48 pm
i cant get to folder options
and i dont have the wscript.exe in my task manager…but it does show hacked by godzilla on the title bar and i cant open any drive by double click
can someone help me?
April 22nd, 2008 at 4:00 pm
thx bro…
it helped alot…!
May 19th, 2008 at 4:26 pm
Hello Mr. Techie,
Thanks a lot for the detailed steps. I could remove this crap easily.
Cheers
Vivek
May 21st, 2008 at 7:44 pm
I got this virus, but I removed it using the tutorial. Then all of the sudden, and for no reason I get it again. There were no other drives involved. This one was crazy, it infected all 4 of my partitions and my USB stick, and I accidentally killed XP in the process. After loading XP back onto the computer, all signs of the virus seem gone, but then an hour later, what do you know, it’s back. I manage to get rid of it this time, but I have no idea how to stop it coming back.
May 25th, 2008 at 3:26 pm
I still cannot get rid of Hacked by Godzilla! It will not let me delete the file MS32DLL.dll.vbs! It says that is in use and will not delete it! I’m so buggered… what can I do?
June 6th, 2008 at 4:37 pm
Hi Chua,
Thank you for the steps to get rid off the Hacked by Godzilla. I have followed every single steps you have given and it works. EXCEPT that now I cannot double click on the folders in my windows explorer. Please advise. Thank you.
June 8th, 2008 at 10:37 pm
Thanks a lot for that info, how on earth does someone figure all that out? It worked and now I feel better about using my computer on the net. Cheers!!!
June 9th, 2008 at 12:13 pm
Hello there, I’ve tried to disabled the virus by following your tutorial. It works, but, only for the certain account (current account where I was in when I doing the virus removal). When I restarted my computer and logged on as another user, there are some symptoms remained. What should I do? I have tried to retry all the steps again until I have no longer found any MS32DLL.dll.vbs and autorun.inf in my computer, but when I tried to click on the C: drive in my computer in one of the user account available, it said: “Cannot find file: “MS32DLL.dll.vbs” file”. Please help!
June 10th, 2008 at 10:50 am
Josie: i think your folder got infected by the virus too. you can try to right click on the folder and select explore. Please check if your folder have autorun.inf file, if yes, remove it. Autorun.inf is the one tat cause the folder cant be double click
Fariz: you have not end the virus process in the task manager. Please make sure the process is dead before cleaning the files. Else you will see those symptoms all the time.
June 11th, 2008 at 3:41 pm
Fariz, try this, open notepad application. Go to File, Open and (look in = Local Disk “C”, for anyone else could be any letter depending of your configuration) type in autorun.inf. If the file open the autorun.inf is still on your C drive. Just go Tools, Folder Options, View Tab and Make sure you uncheck Hide protected operating system files and show hidden files and folders. Then go back to your local disk “C”, you will see autorun.inf. Just delete it and Voila !!!!!
June 15th, 2008 at 6:49 pm
i accidently deleted the MS32DLL.DLL.VBS how then i can redownload or restore it? the worm is gone but then i still cannot open the drive by double click it
June 20th, 2008 at 10:38 am
People may be interested to know howto get rid of the message that continues after the trojan is removed. Its to do with windows mount point registry settings.
Below I have extracted registry info from an infected test machine that shows the “wscript.exe .MS32DLL.dll.vbs” stuck in the autorun mount point. All you have to do is browse to the key (the {07852ef4-9baf-11db-a10c-806d6172696f} below refers to the drive, I have 3 partitioned drives on the computer so I have 3 registry entries) and remove the “wscript.exe .MS32DLL.dll.vbs” only from the default value.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07852ef4-9baf-11db-a10c-806d6172696f}\Shell\AutoRun\command]
@=”C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs”
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07852ef5-9baf-11db-a10c-806d6172696f}\Shell\AutoRun\command]
@=”C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs”
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07852ef6-9baf-11db-a10c-806d6172696f}\Shell\AutoRun\command]
@=”C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs”
July 12th, 2008 at 3:10 pm
it worked perfectly
Thank you so much~
July 14th, 2008 at 9:25 pm
[...] http://www.techiecorner.com/122/hacked-by-godzilla-wscriptexe-ms32dlldllvbs/ [...]
July 25th, 2008 at 4:15 pm
my comp was hacked by godzilla..i installed mcafee which deleted the ms32dll.dll.vbs and autorun.inf file..but now i cannot open any of the drives..the only way to access them is by typin the letters in the address bar..also i cannot unhide files..everytime i select tht option and click apply it doesnt change adn when i check back it still says do not show hidden filesl and folders…thts a prob..please help
August 4th, 2008 at 9:57 am
Dude, you rock! Thanks a million.
September 9th, 2008 at 9:49 pm
Point of interest for those hoping to avoid problems like this in the future:
I have Kaspersky Internet Security, and as soon as I plugged my infected USB Device into my computer it comes up with a message telling me that .MS32DLL.dll.vbs is a virus and lets me delete it.
As such, I did not get ‘hacked’ by Godzilla
However, when I found the same thing to repeat itself when I removed it and plugged it in again, I found out that I needed to manually delete some other files, namely autorun.inf and W32PT.dll.vbs (although i think the w32pt.dll was an unrelated virus).
Lesson is, get a better security suite!
November 28th, 2008 at 6:26 am
These instructions work for a similar virus infestation that I found on my girlfriend’s computer. The symptons were almost the same. Instead of CRACKED BY GODZILLA it said CRACKED BY YOUR-FAD and then some numbers. I figure it is just a cheap copy-cat of the godzilla worm. I think Graffiti, and computer viruses are an indication of someone’s insecurity and desire to be recognized. Which makes the YOUR-FAD worm author an even more pathetic person IMHO. I feel sorry for this person really. It took a google search and 2 minutes of deleting files to fix it. Is that the best you can do you little punk?
December 11th, 2008 at 10:15 am
# Aafaq Says:
July 25th, 2008 at 4:15 pm
my comp was hacked by godzilla..i installed mcafee which deleted the ms32dll.dll.vbs and autorun.inf file..but now i cannot open any of the drives..the only way to access them is by typin the letters in the address bar..also i cannot unhide files..everytime i select tht option and click apply it doesnt change adn when i check back it still says do not show hidden filesl and folders…thts a prob..please help
i think that virus leaved an autorun.inf in all your drive……. create an autorun.inf at your desktop after creating copy and paste it to drives were you cant open…(to create autorun.inf.. rightclick on your desktop choose new.. create text document and save it as autorun.inf)
wish this could help…….
December 11th, 2008 at 10:47 am
to: Smsinggal
the virus change the registry entry “ShowSuperHidden” valeu data to 0 instead of 1, which means viewing system files is restricted and since autorun.inf were virus maker made is a system file.. here’s the alternative way to delete those garbage…
try create an autorun.inf at your desktop after creating, copy and paste it to drives were you cant open..(replace the existing autorun.inf)….(to create autorun.inf.. rightclick on your desktop choose new.. create text document and save it as autorun.inf)
delete autorun.inf after you replace the existing one…
wish this could help…….
January 27th, 2009 at 3:12 am
Thank you so much for your help! You are very kind.
April 2nd, 2009 at 7:20 pm
thanks !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!
!
!
April 18th, 2009 at 10:25 pm
Works !!!
Hacked By Godzilla PWND !!
Thank you so very much, this was very annoying.
April 23rd, 2009 at 9:25 pm
Used this walk-through to successfully remove an extremely stubborn variant that was using TTMS313.dll.vbs Thanks!