How To Remove Boot.vbs Virus

Today my antivirus (NOD32 Security Suite) was creating troubles for me. After every five minutes, a request to debug the application would appear because the some module of NOD32 would crash and then reload. It has been a long time that I have been using NOD32. So I decided to test some other antivirus. There were two good choices for me. One Bitdefender and then second Kaspersky. The problem was that I didn’t want to buy any one of those. So I decided to use a 6 months trial of Kaspersky Internet Security which will be more than enough for me to test it. Here is my previous article about how to get Kaspersky Internet Secutiry trial of 6 months.
I downloaded it and installed it. It began scanning my PC. And to my amazement, it detected a threat that NOD32 was unaware of!! It was the boot.vbs virus. I thought it would be better to remove the virus manually rather than relying on Kaspersky. That way I would learn more. So here are the steps which I did to remove the boot.vbs virus:

  1. Go to Task Manager –> Processes and End the following processes in order:
    1. dxdlg.exe
    2. wscript.exe
  2. Go to Start –> Run –> regedit –> Open the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  3. In the right hand pane, select Userinit and delete everything except “C:\windows\system32\userinit.exe”
  4. userinit
  5. Make sure the processes wscript.exe and dxdlg.exe are not running.
  6. Delete the following files
    1. C:\Windows\System32\dxdlg.exe
    2. C:\Windows\System32\boot.vbs
    3. In your Windows drive, search for boot.vbs and delete all of them.
    4. In your Windows drive, search for kinza.exe and delete all of them.
  7. Disable System Restore and then Enable it again.
  8. Restart your computer.

Hopefully everything will be cleaner now and your computer will be free from boot.vbs virus :-). Please share your experiences.

Posted

in

, ,

by

Sanix

Comments

66 responses to “How To Remove Boot.vbs Virus”

  1. karma gurung

    Thank you very much technize.com for helping me to get rid of boot.vbs virus.
    You saved my time and money.

  2. rgv

    dear sir, i ve the same problem, as a result i hd deleted the boot vbs file from windows/system32.. now i m getting a problem in starting the windows. it strucks on the login window, as i click ok, it says loading window, and soon says saving your setting and strucks to login screen. kindly help me sir, i m unable to open the window.

  3. Balram

    Please download tools from by blog in my website and remove virus
    have fun!!!!
    balram

  4. Tamal Deb

    I am thankful, I can remove the boot.vbs virus with the given procediour.

  5. Vinoth

    Hi, am using AVG anti-virus a long time…it detected and deleted boot.vbs. but every time my PC startup. it shows cannot find script file”…system32\boot.vbs”.in my task manager there is no dxdlg.exe wscript.exe file. what can i do/ plz help me….my mail id is-vinoth.su@yahoo.com.
    thanks…

  6. Vinoth

    Hi guys!… now am happy because boot.vbs problem is overcomed.try this tool to recover from any kind of threads,malicious,etc.
    goto->www.strongsecurityhold.com, then choose “true sword” then click try now(trial version but cure our problem).only 10 threads can clean.after complete re-install and try again…
    —try it.
    Thanks
    keep in touch-Vinoth

  7. Sanix

    Thanks everybody :-). Please tell us about your experiences of how you were able to remove this virus.

  8. diego

    Really good help, seems to work at least 4 me
    thanks a lot

  9. Deepak

    this procedure worked a charm the first time… i was soo happy… before u know it, its back…. dunno what else to…

  10. gaurav

    how can i restore folderoption

  11. saroj khatiwoda

    Problem solved, thanks for removing virus

  12. vijay

    Hi thanks a lot, it worked for me. I am recommending this site to others.
    regards

  13. Sanix

    thanks alot vijay. Keep in touch with us and tell us about your experience in computers whether it be problems or solutions. We’ll be happy to publish anything that you find interesting relating to computer technology.

  14. arroz

    I have the boot.vbs in my pendrive, and with the avast antivirus i can erase it, but now when i want to access to it a message appear, “can`t find boot.vbs” and i cant access to the pendrive. I dont have the problem in my system it’s in my pendrive
    Any ideas?

  15. Vernika

    Thanks a lot!
    That waz really helpful!

  16. Kannan

    Hi both the trials are failing in my attemp…
    1. by technize… cant find both the files
    2. by strongsecurityhold.com… webpage not opening

  17. Kannan

    IS THERE ANY ANTIVIRUS AVAILABLE FOR THIS PROBLEM….
    ANYTHING AT ALL???
    IT LITERALLY MADE MY LAPTOP COMMIT SUICIDE….!!!!!
    PLS HELP AND SUGGEST

  18. Anjum Shahzad

    An error “wproxp.exe” comes on my desktop whenever i start my computer. I don’t see it more so that please guide me to resolve or remove this error. Thanks

  19. murali sharma

    hi any body can help how can i remove boot.vbs virus in xp ??

  20. vijay

    how can i remove it when i restar my pc every time apparence it msg(can not find script file”c:\Documents and Settings\test\boot.vbs”)

  21. vijay

    how can i remove it when i restar my pc every time got it msg(can not find script file”c:\Documents and Settings\test\boot.vbs”)

  22. narendra singh

    I have changed the setting to access task manager (not configured) but still this message is comming that “task manager is disabled by the administrator” pl help to resolve the problem.

  23. sai

    thamks for ur valuble data and for ur help

  24. priytosh

    thanx this is working . Is the any solution for
    Memscan:Application.Actmon.keylogger.E

  25. Nitesh

    Everytime i start my system , two files, system32.vbs & calculator.bat open and clog each every folder of my hard drive. Please suggest what can be done?

    1. Sanix

      Nitesh if you have an antivirus, please update it and run a full system scan. If you don’t have an antivirus software, please install a good antivirus software. You can have a look at some of the free antivirus softwares here:
      Top 5 Free Antivirus Software

  26. Nitesh

    @ Sanix
    I have got kaspersky 2009 trial edition which is fully updated. I have also scanned the entire system but the problem is not yet resolved.
    Thanks for ur help anyway…

  27. Sanix

    Can you send me your hijackthis report so that I may be able to understand your system better. For getting the hijackthis report, see the following article:
    How to use Hijackthis

  28. arber

    where is task manager

    1. Sanix

      arber you can press Ctrl-Shift-Esc to access the task manager.

  29. Rahul

    problem solved. Thanks a ton 🙂

  30. Latha reddy

    Hello Balaram,
    ur blog is very nice. Good Work! My boot.vbs problem solved with ur blog.Thanks a lot!

  31. Haz

    Hey, very informative blog….:-)
    Try Norman Security Suite 7. Its awesome…

  32. lotus

    Hi, i had vbs in my pc, everytime i opened (by double clicking) my hard drive partitions, those opened in new windows and by right click there appeared some unreadable characters,i tried kaspersky but was not able to remove those files then i didn’t care about it and left it. A few days back my hard drive partitions did not open on double clicking and there appeared a message [windows script host, can not find script file “partition name:\ltus.vbs”.]. i scanned with kaspersky 2009 and there appeared some viruses named “vulnerability”, kaspersky is not doing anything against it and partitions are still not opening normally, so plz tell me what to do for these probs????plz help me!

  33. lotus

    Hi, A few weeks ago i discovered vbs in my pc, everytime i opened (by double clicking) my hard drive partitions, those opened in new windows and by right click there appeared some unreadable characters,i tried kaspersky but unable to remove those files then i didn’t care about it and left it. A few days back my hard drive partitions did not open on double clicking and there appeared a message [windows script host, can not find script file “partition name:\ltus.vbs”.]. I scanned with kaspersky 2009 and there appeared some viruses named “vulnerability”, kaspersky is not doing anything against it and partitions are still not opening normally, so plz tell me what to do for these probs????plz help me!

  34. Lee Tiung Ping

    Hai, everybody, I success remove the Boot.vbs and wproxp.exe file from my PC. I remove use simple way. I install Ubuntu (Linux OS) at my Hard Disk ‘partition D’. I scan the virus from window and copy all the file directory. After that, I reboot my PC by using Ubuntu. I mounted my partition C Windows systems file. I check the directory of the virus. I remove directly the virus from Linux. so easy job.
    But after I remove all the virus file; I face some problem—–> every time when I boot Windows systems, my PC cannot run ‘regedit’ and show a message :”Windows cannot find wproxp.exe”. and every time when I boot Windows OS, the systems still find the Boot.vbs file even my Windows don’t have the virus.
    Hai; everybody, any Idea ???

  35. arti

    So whats happen if “C:\windows\system32\userinit.exe” this is deleted..how can u fixed?????
    anyone plzzz

  36. Amreth

    Hi..
    There is a virus in my pendrive “cleanvirus.vbs” which disables write operations i.e. it is only read only
    I tried doing the following stuffs:
    1. Format it …. not possible as it is read only .
    2.In linux used g partition not possible.. same reason.
    3.Tried changing it to write and read cannot change it…
    4.used s/w to make all the bits to set 0 while booting up…
    NOT POSSIBLE!!!!
    Please help me to get rid of this virus…
    Thank u in advance!!!

  37. Jerry

    Good Day Sir, I have a little shop here and same time , i’m also new to computers- I wanted to know whats this “can not find script file”c:windowsauto1vbs”.. Sir, would you kindly explain to me and to what i do? thank you.. My email ad is baresin_31@yahoo.com MORE POWER!!!

  38. keiye

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
    ifollow those instructions except sa di ko madelete yung Default REG_SZ ang nag aapear is UNABLE TO DELETE ALL SPECIFIED VALUES, what will i do please reply

  39. keiye

    So whats happen if i cant delete the Default REG_SZ in HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon?????
    anyone plzzz….. keiye_1223@yahoo.com

  40. kasun

    thank u very much………iam feeling sooooooooooo cooolllll

  41. jazz

    upon computer boot i receive a “cant find script file /jargon.vbs” error. please help
    thank you

  42. praveen

    i want to know how can i solve the problem of
    (can not find script file “c:\window\system32\cleanVirus.vbs”)
    please solve my problem.

  43. melvin

    @praveen
    dude ….not a probs…just uninstall and re install ur antivirus ,make sure ur antivirus is updated or try system restore…..

  44. sheila

    @arti
    I have the same problem. Can I restore this using the affected disk as a slave to another disk? Please help!

  45. ehon

    hi,i have a problem every time i open my com.it alwys apear cannot found “c:windowsauto1.vbs” can you help me for this thank and more power….

  46. ehon

    pls…help me

  47. rewati

    An error “wproxp.exe” comes on my desktop whenever i start my computer. I don’t see it more so that please guide me to resolve or remove this error. Thanks

  48. rewati

    Anjum Shahzad :An error “wproxp.exe” comes on my desktop whenever i start my computer. I don’t see it more so that please guide me to resolve or remove this error. Thanks

    rewati :An error “wproxp.exe” comes on my desktop whenever i start my computer. I don’t see it more so that please guide me to resolve or remove this error. Thanks

  49. Ghimire

    An error wproxp.execomes on my desktop whenever i start my computer. I don’t see it more so that please guide me to resolve or remove this error

  50. Miguel

    EXCELENT, that virus make me crazy, now I can revenge my dead netbook :'(. Thanks you :D:D

1 2
Newer Comments