Radz_Services.vbs???

[joecansjr]

---

Hello people!!!

kindly help me with this one!!!

my flash drive and memory card is infected with it...

the worst is macorrupt ang tanan na file and ang madisplay na lang is kini na file

"Radz_Services.vbs"

Please people, need your experties on this one...

[666satan]

mao sad na ako problem karon bai...

[joecansjr]

asa kaha ta makakita ug tabang ani noh?

[nirdle_phogi]

wala pa ko ka-encounter ana dah, pero interesado ko.. hehhe.. puede ka upload ana na file sa net bro. i compress lang.? gamay ra man tali na na file kay .vbs ra man. para sad ma-studyohan nato kung unsa jud na siya ka deadly na script..

[joecansjr]

wala pa ko ka-encounter ana dah, pero interesado ko.. hehhe.. puede ka upload ana na file sa net bro. i compress lang.? gamay ra man tali na na file kay .vbs ra man. para sad ma-studyohan nato kung unsa jud na siya ka deadly na script..

no idea

unsaon man pag upload?

tagai q ug steps...

[electrogoodie]

Filename: [Win32Root]\sysres.vbs

Whenever a removable drive is inserted, the following files are copied over:

Autorun.inf
ntdir.vbs
radz_services.vbs
c:\windows\sysres.vbs

Manual Solution:

1. Reboot System into safemode
2. Click My Computer --> Tools --> Folder options --> View --> tick: show hidden files and folders --> untick: Hide extensions for known file types --> untick: Hide protected operating system files (Recommended)
3. Goto C:\Windows and look for Sysres.vbs and delete.
4. Goto regedit and search for Sysres.vbs and delete all values that it has.
5. Also in regedit search for ntdir.vbs and radz_services.vbs and delete all value that it has.
6. Insert your WindowsXP Prof SP2 or SP3 Installer CD.
7. Navigate on I386 folder and copy Ntdetect.com
8. Overwrite C:\Ntdetect.com
9. Restart and boot to your WinXP SP2 or SP3 installer CD
10. Select "R" for REPAIR
11. Choose 1: C
12. C:\Windows prompt will appear then type "FIXMBR"
13. Answer "Y" for Yes
14. Type Exit
15. Voila, your computer is fully restored

[griffon_tizoc]

thanx for the info

[crazykirs]

hmm.. pre sakin ang gnawa ko lang.. try mo baka mag work sayo...

right click mo ang radz_services....

tpos properties mo..

tpos ung last tab nya... click mo ung hindi naka check..... tpos
mag kakaroon yan ng isang kopya.. na parang shortcut.. tpos delete mo ung dalawa.. hindi na babalik yan....

yun lang gnawa ko eh./
hope it can help

wala naman kwnta yang virus na yan eh.
info stealer lang yan.. gwa ng tga gensan.

hmm maka alis jan.. ang nod32. pati kaspersky ata na AV.. try nyo lang.

[-twistedSUI-]

^
tried that one thu, ni balik xa the next time i plug in my usb drive,..

so, heres how i get rid of that $#%t,.. ^_^

right click the radz_services.vbs file...
click properties,..
opens with [change to notepad]
apply,. then ok,..

e open ang radz_services.vbs file
mo display xa sa notepad,..
delete all the garbage text sa notepad and save,..

delete daun ang radz_services.vbs

humana,.. dli nana mo balik,.. hehe...

and if human na delete nmo ang naa sa emo USB,. try to check all your hard drives kay naa pud na xa dd2,. same process lng ug pag delete lng pud,..

hope this helps,.

[electrogoodie]

The author of the said malware speaks. He has his antidote and just visit his website. You know why he created such script? Just to protect the ff:

* Internet Explorer HOMEPAGE – Protect from Pornographic Websites.
* Task Manager – Protect from Disable.
* Registry - Protect from Disable.
* Flash Drives/USB – To Protect from Auto running of Virus.
* Local Drives – To Protect from Auto running of Virus.