i - Remove / Delete Boot.vbs Autorun Virus

Trouble:

Boot.vbs is a virus which is from the family of W32/Autorun.worm.h worm which attempts deploy itself to the root directory of all the drives by creating the autorun.inf files. Autorun.inf files in the root directory of each drive will execute the virus when ever user opens that drive.



Boot.vbs virus comes from W32/Lsetspy-C worm which also creates the following files on your computer as dxdlg.exe, wscript.exe and kinza.exe. Its located in windows at the following locations:


  • C:\Windows\System32\dxdlg.exe
  • C:\Windows\System32\boot.vbs



Here is the removal procedure to remove boot.vbs virus completely in 5 minutes.



Fix:

In order to remove boot.vbs virus you will need to end the primary process of the boot.vbs virus named dxdlg.exe, wscript.exe



Normally for removing this worm you will need to boot in safe mode but with we will tell you the procedure to remove this boot.vbs virus without booting in the safemode



1. Download Process Explorer from this link.



2. Run process explorer and Locate the following process, right click and select Kill Process or press Del key and Enter to end the process named dxdlg.exe and wscript.exe





3. Press Window + R and type msconfig and press Enter, click the startup tab



4. Uncheck the entries containing the names dxdlg.exe, wscript.exe and click OK



5. Now, Search for the following files on your computer and delete them from any where found in your computer.

dxdlg.exe
wscript.exe
boot.vbs
kinza.exe





Note: Also delete all the autorun.inf files in the root directory of the drive using autorun eater tool here. Now you need to remove the registry changes done by the virus in the registry



6. Open Start Menu >> Run, type regedit and press Enter.

Navigate to the following path:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon



7. In the right pane, double click the edit the value of Userinit and set the value as “C:\windows\system32\userinit.exe” there should be nothing else written with this value mentioned.



8. Close registry and restart your computer, boot.vbs virus will be gone.