Godzilla virus removal MS32DLL.dll.vbs

This virus is spreading through the pen drive / external HDDs. They use the autorun function of windows to run this. Its create files in windows folder in the name of MS32DLL.dll.vbs. and create file named autorun.inf in the root directory of each drive. So whenever we double click on the drive, the script will run from c:windowsMS32DLL.dll.vbs

After infection

We can not Double Click to open any Drive on our computer. But we can Right Click to Open or Explore.

There is a text “Hacked By Godzilla” on Title Bar of Internet Explorer.

It will effect regedit, task manager, hidden folders/ files etc …

Related files
MS32DLL.dll.vbs
Autorun.inf
Flashy.exe

How to remove -
Download Removal tool Or do the following

Open task manager and end following process
1. wscript.exe
2. mslogon.exe
3. systemnt.exe
4. wscript.exe
5. flashy.exe
6. sondmsg.exe

Open command prompt and do the following
Change attributes of the file
Attrib –s –r –h autorun.inf
Remove autorun.inf from root directory.
Del autorun.inf
Delete MS32DLL.dll.vbs from windows directory
Delete c:windowsMS32DLL.dll.vbs
Open registry editor
Delete following values
HKLMSoftwareMicrosoftWindowsCurrentVersionRun – MS32DLL
HKLMSoftwareMicrosoftWindowsCurrentVersionRun – flashy.exe
HKUSoftwareMicrosoftInternetExplorerMain – “window Title”
HKUSoftwareMicrosoftWindowsCurrentVersionPoliciessystem – disabletaskmgr
HKUSoftwareMicrosoftWindowsCurrentVersionPoliciessystem – disableregistrytools
HKUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer – NoFolderOptions
Now restart the PC

How to avoid spreading
To avoid spreading this, disable autorun in windows.
And there is a small tric

Just create a folder named autorun.inf in all the root directory. And change the all the atribs to “+” so that they can’t chant put the files to root direct easly
Eg :
MD autorun.inf & Attrib +h +s +r autorun.inf

Download Removal tool