To clear the. VBS VIRUS IN THE SYSTEM

Source: CCID Author: smtk

Because VBS is easy to embed into webpages, more and more hackers use this method to spread Trojan viruses. When vbsvirus is detected, you can see the .vbs.exe file under Windows. The wscript.exe process exists in the system process, and the machine slows down, which is similar to other viruses. If you encounter this situation, you can use the following methods to scan and kill.

Step 1: Stop running wscript.exe. Click Start> Run and enter gpedit. msc.

Step 2: on the left side of the "Group Policy" pane, choose "Computer Configuration> Windows Settings> Security Settings> Software Restriction policy, click the menu item "Operation> Create Policy. Select "Other Rules" from the left ".

Step 3: Right-click the blank area in the right pane and select "New Path rule" from the menu. In the displayed window, click "Browse" after "path", select the wscript.exe file under the C: windowssystem32 folder, and set "Security Level" to "not allowed" (see figure)

　　

If you have a file that you do not want to run, you can add it here.

Step 4: remove the wscript.exe extension from the system321_dllcacheand istrap files in C: Windows to prevent viruses from breaking through the restrictions. Note: During this period, there will be an alert for the Windows File Protection Mechanism. Click "cancel> yes.

Step 5: Upload the "wscript.exe" process to the worker task manager.

Step 6: Use IceSword and other tools to delete the following three files.

C: Windows. vbe

C: WindowsSystem32.vbe

C: Documents and SettingsAll Users Start Menu \ Program start \. vbs

Step 7: Open the Registry Editor and expand

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows
CurrentVersionPoliciesExplorerRun
<*> <. Vbe> key. Note that "<*>" indicates the computer name. The name varies depending on the computer.

Finally, you can modify the wscript.exe file of the file name before restoring it.