How To Remove Boot.vbs Virus

Today my antivirus (NOD32 Security Suite) was creating troubles for me. After every five minutes, a request to debug the application would appear because the some module of NOD32 would crash and then reload. It has been a long time that I have been using NOD32. So I decided to test some other antivirus. There were two good choices for me. One Bitdefender and then second Kaspersky. The problem was that I didn’t want to buy any one of those. So I decided to use a 6 months trial of Kaspersky Internet Security which will be more than enough for me to test it. Here is my previous article about how to get Kaspersky Internet Secutiry trial of 6 months.
I downloaded it and installed it. It began scanning my PC. And to my amazement, it detected a threat that NOD32 was unaware of!! It was the boot.vbs virus. I thought it would be better to remove the virus manually rather than relying on Kaspersky. That way I would learn more. So here are the steps which I did to remove the boot.vbs virus:

  1. Go to Task Manager –> Processes and End the following processes in order:
    1. dxdlg.exe
    2. wscript.exe
  2. Go to Start –> Run –> regedit –> Open the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  3. In the right hand pane, select Userinit and delete everything except “C:\windows\system32\userinit.exe”
  4. userinit
  5. Make sure the processes wscript.exe and dxdlg.exe are not running.
  6. Delete the following files
    1. C:\Windows\System32\dxdlg.exe
    2. C:\Windows\System32\boot.vbs
    3. In your Windows drive, search for boot.vbs and delete all of them.
    4. In your Windows drive, search for kinza.exe and delete all of them.
  7. Disable System Restore and then Enable it again.
  8. Restart your computer.

Hopefully everything will be cleaner now and your computer will be free from boot.vbs virus :-). Please share your experiences.

Posted

in

, ,

by

Sanix

Comments

66 responses to “How To Remove Boot.vbs Virus”

  1. rai

    hi
    could u please help me any one with an answer please.
    my question is : every time i start my lap top this thing pops up “cannot find script filec:/windows/jargon.vbs” how do i get rid!
    many thanks

  2. Heather

    I also the same message as Rai on startup…as well as Loading script “c:\windows\jargon.vbs” (Access denied) on another comupter
    WHAT IS THIS? It’s happening on 3 of my computers.

  3. MIlind

    THancccccccccccccccx aaaa lotttttttttttt…..Now I got my access speed back

  4. jojo

    Hello,
    Anyone!!! Could you please help me, I have a error message on my pc.
    After start-up im getting a message on my decktop saying “C:\WINDOWS\xhv.vbs”.

  5. elbert

    window\system32\killvirus.vbs”failed ( Access is denied)
    every time i on the XP I see this pop up.
    Pls help

  6. Haroon Siddiq

    Thank you for this valuable information. It did work and now I think I have killed the killvirus.vbs finally.

  7. bilhaki

    To whom have “start-up getting a message on my desktop saying…..”. Start MSCONFIG (Start-Run-msconfig). Klik Startup.
    Uncheck the line that have file missing name(ex. wproxp.exe, jargon.vbs, xhv.vbs……Hope helping

  8. rommel

    The same as ria and heather on start-up cannot find script file “c:/windows/jargon.vbs” could you please help me…
    Thank’s

  9. Jello

    Hi all! Got plagued by the Windows Script Host error about the xhv.vbs missing. The xhv.vbs went missing since my AV have removed it and thus the error message popping up every time I boot up.
    Here’s what I did:
    1. Go to Start->Run then type regedit on the textbox;
    2. Back-up your registry using the File->Export..;
    3. Search for the xhv.vbs and landed here:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\autoMe
    4. Select the entire autoMe folder on the left pane and delete it;
    4. Confirm delete key and all subkeys. What this will do is delete the entry in the msconfig about the starting the “wscript.exe xhv C:\WINDOWS\xhv.vbs”;
    HTH!

  10. john townsend

    i neend help to get rid of script on facebook for me plice if you can i will preshat it if you can do this thank you

  11. Jack Shepherd

    I had the VirusDelete.vbs message always popping up . But I could not find the .vbs file from my search , looks like , F-Secure deleted that , but did not clean up this message popping error.
    Anyway , with ur instruction I was successfully got rid of this error.
    Thanks,
    Jack

  12. safwt

    nothing can i say except: Thank u : )

  13. ann

    hello… i need help removing this virus..evreytime i start my computer this msg always pop out ‘can not find script file “C:WINDOWS\999.vbs”. and can not find script file “C:\WINDOWS\astig.vbs”.
    thank you in advance….

  14. ann

    hi guys..
    finally i removed this vbs virus from my computer..
    I installed this periform ccleaner,download it here its free!http://www.piriform.com/ccleaner.
    after downloadin,run and put it in ur desktop..then open it and click tools,then select start up..search for the virus that pops out everytime u start ur computer…then delete!
    after deleting click the registry and scan for issues..and the fixed issues its up to u, if u want to back up the registry..and restart ur computer..
    hope this helps…..

Older Comments
1 2