• Home
  • Posts RSS
  • Comments RSS
  • Edit
Blue Orange Green Pink Purple

Glimpse of the Wildworld

Welcome to my blog. In here you will find random useful information that I have compiled for future reference. And also blog posts about me and in other events including games, music, technology and the like. Have a nice day! c:

Deleting "Radz_services.vbs" virus.

I was making my project in java at school and inserted my usb to open my files. Unfortunately, the computers in school were infected with the "radz_services.vbs" virus. Troublesome, indeed but I managed to find a way how to kill this virus.

Here are the steps to remove this malicious file:
Once activated this script will copy 3 files to your drives:
 - Autorun.inf,
- ntidr.vbs and
- Radz_services.vbs
And also copies SysRes.vbs to C:\WINDOWS.

Step 0 make sure that you open all your drives.
And you have set "show hidden files" in Tools->Folder Options.. View tab.
Step 1. Download Process Explorer (freeware)
Step 2. In the process Explorer under explorer.exe
find wscript.exe
Step 3. Right click then kill process.
Step 4. find autorun.inf, ntidr.vbs and radz_services.vbs in all your drive.
delete the 3 files in the drives.
Step 5. Go to C:\WINDOWS and delete SysRes.vbs.
Step 6. find all instance of ntidr and radz in the registry.
I found them in
HKLM\Software\Microsoft Visual Studio\FileMRUList\ (probably because I attempted to open this file in Visual Studio)
HKLM\Software\Microsoft\MountPoint2\ something encrypted texts
under Shell\AutoPlay, Shell\Auto Run, Shell\Explore and Shell\Open

Step 7. Search for sysres.vbs in the registry.
"C:\WINDOWS\system32\wscript.exe" "C:\WINDOWS\SysRes.vbs"

Step 8. Search for ntidr and radz in your computer and delete them.
Read More 0 comments | Posted by Prince Yap edit post

0 comments



Post a Comment
Newer Post Older Post Home

Brick by Brick

  • About
      My real name is Princeton Tuban Yap. I already blowed 19 candles. I'm currently located here in the Philippines, specifically at Mactan Country Homes, Babag Timpolok Lapu-Lapu City. My secret lair is located at La Aldea Buena Mactan Block 29 Lot 12, with the same details as of the first address. I finished my elementary years at Mandaue Christian School, my highschool years at Indiana Aerospace University and currently studying at the University of Sancarlos Technological Center. I'm taking up BS Computer Engineering and I fix computers as a sideline hehe.
  • Search






    • Home
    • Posts RSS
    • Comments RSS
    • Edit

    © Copyright Princeyap's Blog. All rights reserved.
    Designed by FTL Wordpress Themes | Bloggerized by FalconHive.com
    brought to you by Smashing Magazine

    Back to Top