Google
 

Wednesday, May 30, 2007

"Hacked by Pokemon" virus

Removing "Hacked by Pokemon" virus

Did your Internet Explorer title bar shown this "Hacked by Pokemon"?Don't worry this is not a high risk virus.Just some visual basic program.The file that run this visual basic is BHA.VBS.DLL. I will show you how to remove this bug manually.




What will This Virus Do ?


-Infected every of your partition including removable drive.This is because the script was written to generate bha.vbs.dll and autorun.inf.

-Spread via removable drive such as pendrive or other storage device because of its capability to generate dll file using vbs script.

-Will generate new registry value in your windows registry that is:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL - winpath&"\Bha.dll.vbs

HKCR\vbsfile\DefaultIcon - shell32.dll

And also modify this registry value:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title","Hacked by pokemon"

-All your partition cannot open normally if your PC infected because the authority was given to the 'autoplay' option not 'open' option if normal condition.To ensure this,just right click one of your drives and see the first bolt option,is it open or autoplay.




How to Show Autorun.inf & bha.vbs.dll in Your Computer?



-Go to Tools>Folder Option

-Uncheck Hide protected operating system files (Recommended) and Use simple file sharing(Recommended)

-Click Apply and Close the window.

WARNING: When you open your drive partition, MAKE SURE you open by right clicking it and choose Open, IF NOT,the thread will RUNNING again.


How to Delete/Remove *vbs File ?

1) CTRL + ALT + DEL and find wscript.exe if exist to make sure its running or not. If exist, click End Process.

2)You may delete 2 files that i mention above manually in every partition.

3) or, Start -> Search. Search for *vbs files . Delete the file if it is found.

How To Clean The Registry ?

-After clean and delete the file, now you must clean the windows registry because this thread generate new registry value after they were activated.

-Run registry editor:START--->Run (type regedit)

-Open this location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL

Delete registry named MS32DLL

-And open this location:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

-Choose Window title and edit the string.

-You may put any names or delete the string value (Window title)


-Then reboot your PC


I hope this GUIDE will help you to eliminate this annoying virus . Good Luck !!!

2 comments:

HELLO said...

At last there is a solution to this nasty virus. I managed to remove the 'Hacked by Pokemon' but I still cant open my disk drives when I double clicked them. Does that means that I will have to forever use right click and open to open my disk drive ?

Unknown said...

Interesting and beautiful blog lovely presentation thanks for sharing your views. please keep this

we24support-mouthshout
we24support-fourmt
we24support-how to install window

Your Ad Here