How To Remove Boot.vbs Virus

Today my antivirus (NOD32 Security Suite) was creating troubles for me. After every five minutes, a request to debug the application would appear because the some module of NOD32 would crash and then reload. It has been a long time that I have been using NOD32. So I decided to test some other antivirus. There were two good choices for me. One Bitdefender and then second Kaspersky. The problem was that I didn’t want to buy any one of those. So I decided to use a 6 months trial of Kaspersky Internet Security which will be more than enough for me to test it. Here is my previous article about how to get Kaspersky Internet Secutiry trial of 6 months.
I downloaded it and installed it. It began scanning my PC. And to my amazement, it detected a threat that NOD32 was unaware of!! It was the boot.vbs virus. I thought it would be better to remove the virus manually rather than relying on Kaspersky. That way I would learn more. So here are the steps which I did to remove the boot.vbs virus:

  1. Go to Task Manager –> Processes and End the following processes in order:
    1. dxdlg.exe
    2. wscript.exe
  2. Go to Start –> Run –> regedit –> Open the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  3. In the right hand pane, select Userinit and delete everything except “C:\windows\system32\userinit.exe”
  4. userinit
  5. Make sure the processes wscript.exe and dxdlg.exe are not running.
  6. Delete the following files
    1. C:\Windows\System32\dxdlg.exe
    2. C:\Windows\System32\boot.vbs
    3. In your Windows drive, search for boot.vbs and delete all of them.
    4. In your Windows drive, search for kinza.exe and delete all of them.
  7. Disable System Restore and then Enable it again.
  8. Restart your computer.

Hopefully everything will be cleaner now and your computer will be free from boot.vbs virus :-). Please share your experiences.

«
«

66 responses to “How To Remove Boot.vbs Virus”

  1. hi
    could u please help me any one with an answer please.
    my question is : every time i start my lap top this thing pops up “cannot find script filec:/windows/jargon.vbs” how do i get rid!
    many thanks

  2. I also the same message as Rai on startup…as well as Loading script “c:\windows\jargon.vbs” (Access denied) on another comupter
    WHAT IS THIS? It’s happening on 3 of my computers.

  3. Hello,
    Anyone!!! Could you please help me, I have a error message on my pc.
    After start-up im getting a message on my decktop saying “C:\WINDOWS\xhv.vbs”.

  4. window\system32\killvirus.vbs”failed ( Access is denied)
    every time i on the XP I see this pop up.
    Pls help

  5. Thank you for this valuable information. It did work and now I think I have killed the killvirus.vbs finally.

  6. To whom have “start-up getting a message on my desktop saying…..”. Start MSCONFIG (Start-Run-msconfig). Klik Startup.
    Uncheck the line that have file missing name(ex. wproxp.exe, jargon.vbs, xhv.vbs……Hope helping

  7. The same as ria and heather on start-up cannot find script file “c:/windows/jargon.vbs” could you please help me…
    Thank’s

  8. Hi all! Got plagued by the Windows Script Host error about the xhv.vbs missing. The xhv.vbs went missing since my AV have removed it and thus the error message popping up every time I boot up.
    Here’s what I did:
    1. Go to Start->Run then type regedit on the textbox;
    2. Back-up your registry using the File->Export..;
    3. Search for the xhv.vbs and landed here:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\autoMe
    4. Select the entire autoMe folder on the left pane and delete it;
    4. Confirm delete key and all subkeys. What this will do is delete the entry in the msconfig about the starting the “wscript.exe xhv C:\WINDOWS\xhv.vbs”;
    HTH!

  9. i neend help to get rid of script on facebook for me plice if you can i will preshat it if you can do this thank you

  10. I had the VirusDelete.vbs message always popping up . But I could not find the .vbs file from my search , looks like , F-Secure deleted that , but did not clean up this message popping error.
    Anyway , with ur instruction I was successfully got rid of this error.
    Thanks,
    Jack

  11. hello… i need help removing this virus..evreytime i start my computer this msg always pop out ‘can not find script file “C:WINDOWS\999.vbs”. and can not find script file “C:\WINDOWS\astig.vbs”.
    thank you in advance….

  12. hi guys..
    finally i removed this vbs virus from my computer..
    I installed this periform ccleaner,download it here its free!http://www.piriform.com/ccleaner.
    after downloadin,run and put it in ur desktop..then open it and click tools,then select start up..search for the virus that pops out everytime u start ur computer…then delete!
    after deleting click the registry and scan for issues..and the fixed issues its up to u, if u want to back up the registry..and restart ur computer..
    hope this helps…..