Internet Explorer Hacked By Godzilla

Satheesh C B | Sunday, September 07, 2008 | 1 comments

Recently one of my friends  IE title shows “Hacked by Godzilla” after transfer some files to a handy drive.This  Virus   normally spreads through portable drives .

Sparktech012

If your system is infected by this virus  then your Internet Explorer title will end with “Hacked by Godzilla”.Following are other symptoms of the Godzilla Virus :

  1. Task manager is disabled.
  2. Regedit (Command for registry edit) is disabled.
  3. Folder options got disappeared From windows explorer.
  4. Double clicking on any of your system drive( c: ,d: etc) initiates a new instance of the virus. (You won’t be able to open any of your drive by double click rather you have to open then by right click >> explore.)
  5. msconfig command is disabled - this virus is not dependent on system startup but it disables the msconfig command used to modify the system startup programs
  • It creates the following files:
    [DRIVE LETTER]:\MS32DLL.dll.vbs
    [DRIVE LETTER]:\MS32DLL.dll.vbs
    [DRIVE LETTER]:\autorun.inf
    Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
  • Adds the value:
    “MS32DLL” = “%Windir%\MS32DLL.dll.vbs” to the registry subkey:
    HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows \CurrentVersion \Run
    so that it runs every time Windows starts.
  • Adds the value:
    “Window Title” = “Hacked by[REMOVED]” to the registry subkey:
    HKEY_CURRENT_USER \Software \Microsoft \Internet Explorer \Main
    to modify title in Internet Explorer.
  • Attempts to copy itself to removable drives and create registry entries every 200 seconds.

    How can  I get rid of it?

    1. First download process explorer ,run it and end all the process which are running as wscript.exe

    2. Download RRT.exe (Remove restrictions tool) . RRT (Remove Restrictions Tool) v.2.0 is a tiny tool that does the work for AVs, it re-Enables all what the virus had disabled, and brings every thing including task manager ,regedit ,msconfig and hidden folder options back.

    3. Now, you have regedit command enabled.

    Browse to Go to HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \Current Version \Run and delete MS32DLL (right click on it and select delete)

    Go to HKEY_CURRENT_USER \Software \Microsoft \Internet Explorer \Main and delete “Window Title” which has it’s value of “Hacked by Godzilla“ or you can also write your name as a recognition for yourself.

    4. Open My Computer,File menu go to Tools -> Folder Options, click on View tab

    Under Advance settings,
    check “Show Hidden files and folders“,
    uncheck “Hide extensions for known file types“,
    uncheck “Hide protected operating system files (Recommended)
    and click “OK” button

    5. now right click on each of your drive and click explore now delete the files with names autorun.inf and MS32DLL.dll.vbs including your USB Drive

    6. Restart your PC and your PC should be clean from Hacked by Godzilla

  • Update :Also check this Removal Tool from Mr. Albin: http://albin.1983.googlepages.com/Fix.Godzilla.exe

    Details here:

    http://tec-updates.blogspot.com/2008/05/godzilla-virus-removal-ms32dlldllvbs.html

    Category: , , ,

    Welcome to SparksSpace . This blog launched on Dec 2007 with a focus on Technology.You can find latest Computer Software, Tutorials, Tricks,Tips & Software promotions here!

    1 comment:

    1. Hi spark,

      I have created a fix tool for thi virus.

      http://albin.1983.googlepages.com/Fix.Godzilla.exe

      http://tec-updates.blogspot.com/2008/05/godzilla-virus-removal-ms32dlldllvbs.html

      ReplyDelete