"Hacked by Pokemon" virus
Removing "Hacked by Pokemon" virus
Did your Internet Explorer title bar shown this "Hacked by Pokemon"?Don't worry this is not a high risk virus.Just some visual basic program.The file that run this visual basic is BHA.VBS.DLL. I will show you how to remove this bug manually.
What will This Virus Do ?
-Infected every of your partition including removable drive.This is because the script was written to generate bha.vbs.dll and autorun.inf.
-Spread via removable drive such as pendrive or other storage device because of its capability to generate dll file using vbs script.
-Will generate new registry value in your windows registry that is:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL - winpath&"\Bha.dll.vbs
HKCR\vbsfile\DefaultIcon - shell32.dll
And also modify this registry value:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title","Hacked by pokemon"
How to Show Autorun.inf & bha.vbs.dll in Your Computer?
-Go to Tools>Folder Option
-Uncheck Hide protected operating system files (Recommended) and Use simple file sharing(Recommended)
-Click Apply and Close the window.
WARNING: When you open your drive partition, MAKE SURE you open by right clicking it and choose Open, IF NOT,the thread will RUNNING again.
How to Delete/Remove *vbs File ?
1) CTRL + ALT + DEL and find wscript.exe if exist to make sure its running or not. If exist, click End Process.
2)You may delete 2 files that i mention above manually in every partition.
3) or, Start -> Search. Search for *vbs files . Delete the file if it is found.
How To Clean The Registry ?
-After clean and delete the file, now you must clean the windows registry because this thread generate new registry value after they were activated.
-Run registry editor:START--->Run (type regedit)
-Open this location:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL
Delete registry named MS32DLL
-And open this location:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
-Choose Window title and edit the string.
-You may put any names or delete the string value (Window title)
-Then reboot your PC
I hope this GUIDE will help you to eliminate this annoying virus . Good Luck !!!