Yesterday one of my junior was trying to print a few stuffs he bought in his pen drive using my PC. He said he did scanned for viruses (am using AVG) but the scan showed no detection; however i got this protectfile.vbs virus on every drive of my PC. The most annoying thing it did was that, your CD or DVD drive will be ejected by itself. Whenever you try to open any of your drive by double clicking on it, a new window will be opened instead of the same window. This is quite an annoying thing (if you are using linux with default settings, you perhaps know about this!!).
The protectfile.vbs virus makes hidden, read-only multiple copies of itself in all the drives which are difficult to be detected. It can’t be deleted or renamed without disabling its “read-only” property. And lastly when we try to delete any one of the multiple copies, it uses an autorun.inf (executed automatically by windows) file to recreate itself from its copies in other drives.
So i tried googling for its remedy. I did found out a lot of ways to remove the virus but none was quite effective. I looked for the methods at thinkingpal, yahoo answers and the potpourri4u blog. By "effective", i meant, u don't want to download stuffs to remove that file but you do want to remove it... better it be that u be able to remove it with minimum efforts!! So, here's the best method i can provide you to remove the virus. All the steps are similar to wat's available, but the important thing is that, many bloggers failed to mention step 5 (coz they perhaps never tried, but just COPY-PASTED these steps) which is a MUST:
1) Press Ctrl+Alt+Del (Task Manager)
2) In the Processes tab , Kill the processes : explorer and wscript.exe (if available)
3) Go to File> new task
4) Go to command Prompt (Enter cmd in Run)
Go to the drive c:\
Type del /f/q/a protectfile.vbs
and del /f/q/a autorun.inf
Go to c:\windows\system32
and enter del /f/q/a secureguard.vbs
5) Now delete protectfile.vbs and autorun.inf by going manually to the root of each drive (use windows explorer tree form, do not double click on the drive icons)
If you don't see the file, go to folder options, select the view tab, uncheck the hide protected operating system files button then check the show hidden file button. Click apply and then OK.
6) Goto regedit (enter regedit in Run) and search for protectfile.vbs and delete all entries with this name.
7) Now search for the secureguard.vbs and modify it as in the path del only "c:\windows\system32\secureguard.vbs" and let the other part of the path be as it is.
8) Restart your system
A more simpler option maybe found at dirtycraft blog.
I hope that does it... and i'm sure, no pop ups will be shown at each restart of your PC!!
