A+ A A-

How to Remove Worm:VBS/Banie.A and Worm:VBS/Banie.A!inf from your Computer

computer-worms

I spent last few days trying to heal computers affected by Worm:VBS/Banie.A. I noticed that, on the affected computers, the worm hides the original Microsoft Word files and create multiple Word files (files with extension .doc or docx) with the following extension: "filename.doc.vbe" or "filename.docx.vbe". Opening this document would run the script and affects the computer. Once the computer is infected with the worm, it automatically spreads through other computers connected to the same network causing more damages.

I have also noticed that, this worm iserts malicious Javascript inside the header of HTML files, causing more damages. For example, if your Browser's Home page is your Intranet page, the worm inserts malicious codes into the HTML file. Running the browser would then execute this code and infect the computer.

Worm Details:

Name: Worm:VBS/Banie.A
Alert Level: Severe
Name: Worm:VBS/Banie.A!inf
Alert Level: Severe

I tried using AVG Business Edition to scan and heal the infected computers, but was disappointed! AVG cannot detect this worm or heal the affected documents. However, Microsoft Security Essentials can detect and remove the affected files, but wasn't 100% successful. The following methods would help you remove the worm from infected computers fully:

Removing Worm:VBS/Banie.A and / or Worm:VBS/Banie.A!inf from an Infected Computer

Note: If any of the tools I suggested here and allow you to download violates any rights, please let me know, it can be removed upon request.

Download the following tools before you proceed further:

1: Process Explorer for Windows: This is a tool created by Microsoft to allow see information about which Processes, Handles and DLLs are open and running on your computer.

2. Autoruns for Windows: This tool, created by Microsoft, shows you all the programs that are configured to run when you start up your computer. It shows all the auto-starting locations such as Registry keys, etc.

3. CCleaner: One of the best system cleaning applications for Windows. It allows you to clear temparory files, caches, broken Registry keys, etc. from your computer. You can download it from here.

Scan the downloaded file with an Anti-Virus application and install it on your computer.

4. PCMAV Express: This tiny tool created by PCMedia, Indonesia, is really powerful and cleans up all infected files and remove the worm from your computer.

You can download all the tools from here.

IMPORTANT: Please scan all these downloaded files with an Anti-Virus program before executing it. Also, while my experience with these programs and tools were very satisfactory, I will not be responsible for any damages that may happen to your computer by using these tools.

I would recommend that you rename all these downloaded files before executing as the Worms and Viruses may learn these names and block such programs from executing.

Steps to Remove The Worm:

Step 1: Execute the Process Explorer tool on the infected Computer. Look through all the running process for processes with name, "CScript.exe", kill those processes. Close the application.

Process-Explorer

Step 2: Execute the Autoruns tool. Go through all the auto running application. Kill all the suspecious programs from autorun. This worm try to load programs with name, "Annie.sys" and / or "Annie.ani". Delete these entries from Autoruns to prevent these from loading when you start up your computer. Close the application.

Autoruns

Step 3: Recommended: Restart the computer and log on back in Safe Mode. Check this if you do not know how to enter into Safe Mode.

Step 4: If you've administrator login, login using the credentials. If you don't it's fine too. Go to the following locations and delete all Temp files.

On Windows 7: C:\Users\%username%\AppData\Local\Temp

On Windows XP: C:\Documents and Settings\%username%\Local Settings\Temp

Step 5: Run CCleaner and delete all Temp files and Cache (Windows Tab and Applications Tab). Then switch to Registry, scan and remove all broken Registry entries.

ccleaner

Step 6: Restart the computer in normal mode. Login back.

Step 7: Run the PCMAV Express tool and scan your computer. For best result, disconnect your computer from Internet before scanning. Leave the PC till the scanning is completed. The application would ask you to restart your computer once the scanning is completed.

PCMAV-Express

You are done. Enjoy!

Do you find this information useful? Why don't you tell your friends by sharing it on Facebook, Google+ or Twitter. You can also follow me on Twitter @sarayoo.info or Google+ or Like me on my Facebook or on my LinkedIn for  more updates, technology tips and tricks, iPhone, iPad, other iOS devices tips, iOS App Deals, Blogging tips, etc. Please leave your comments in the comment section or contact me if you have any other questions.

ask-the-geek-sarayoo

Read more...

Can't Open Attachments in MS Outlook? Try this

cannot open outlook attachment

For strange reasons, I suddenly couldn't open email attachements (PDFs, TIFF, etc.) from Outlook 2010. This article explains how you could solve that issue.

Whenever you open an attachments in an email directly from your Microsoft Outlook, it keeps a copy of the attachment in a Secure temporary folder on your computer. This  is done for various reasons, one of the reasons is to let your anti-virus to scan the attachment before it's opened. Over time, this folder accumulates too many files that prevents your Outlook from writing new files into this folder. This is usually why you are not able to open attachments from Outlook anymore.

Read more...

Can't Open Attachments in MS Outlook? Try this

cannot open outlook attachment

For strange reasons, I suddenly couldn't open email attachements (PDFs, TIFF, etc.) from Outlook 2010. This article explains how you could solve that issue.

Whenever you open an attachments in an email directly from your Microsoft Outlook, it keeps a copy of the attachment in a Secure temporary folder on your computer. This  is done for various reasons, one of the reasons is to let your anti-virus to scan the attachment before it's opened. Over time, this folder accumulates too many files that prevents your Outlook from writing new files into this folder. This is usually why you are not able to open attachments from Outlook anymore.

Read more...

Can't Open Attachments in MS Outlook? Try this

cannot open outlook attachment

For strange reasons, I suddenly couldn't open email attachements (PDFs, TIFF, etc.) from Outlook 2010. This article explains how you could solve that issue.

Whenever you open an attachments in an email directly from your Microsoft Outlook, it keeps a copy of the attachment in a Secure temporary folder on your computer. This  is done for various reasons, one of the reasons is to let your anti-virus to scan the attachment before it's opened. Over time, this folder accumulates too many files that prevents your Outlook from writing new files into this folder. This is usually why you are not able to open attachments from Outlook anymore.

Read more...

How to Disable InPrivate Browsing in Internet Explorer

disable inprivate browsing in internet explorer

InPrivate Browsing in Internet Explorer (similar to Incognito Window in Google Chrome) allows you to leave no trace of your web browsing activity on the computer. While this is really useful in the user's perspective, as a System Administrator, this can be a pain in the ass when you are required to trace someone's Internet activity on a computer in your office.

Read more...

How to Print a List of Emails in Microsoft Outlook Inbox or Folders

printer-icon

Sometimes you may want to print a list of all the emails received in your Microsoft Outlook folder. You can do that by following the simple steps below:

Printing a List of Emails in your Outlook Inbox or Other Folders

Step 1: You may first want to adjust all the headers you require in the Print out. There are many ways to do that, one of the easier ways is to:

Read more...

Downloading Language Specific Dictionaries on iOS 7

ios 7

You may have noticed that Dictionary in iOS 7 has been completely changed. Unlike in the previous versions of iOS, now when you tap on a word and tap "Define", sometimes you may not see any result for the word at all. This is because, in iOS 7, you have an option to download language specific dictionaries. The supported languages are: English, Spanish, Simplified Chinese, Simplified Chinese-English, Korean, Korean-English, Japanese, Japanese-English, Italian, German, French and Dutch.

Read more...

Create AutoTexts and AutoCorrects in Microsoft Word and Save Time

creating autotext in word document

AutoTexts and AutoCorrects in Microsoft Word help you store predefined words and paragraphs and re-use it whenever you want without requiring you to re-type the whole sentences again. For example, you can create an AutoText or AutoCorrect to quickly insert boilerplate paragraphs for business letters, contracts, reports, etc. AutoTexts and AutoCorrects can contain anything a normal Word document can contain - text formatting, pictures, cliparts, etc.

AutoText:

Reusable content that can be accessed again and again by clicking the AutoText button.

AutoCorrect:

Reusable content that is automatically inserted as you type a predefined word / phrase.

Note: All the screenshots shown below are taken in Microsoft Word 2010. The process is almost similar in Word 2007.

Read more...

TeraCopy - Copy Files Faster and Easily Manage File Transfer Activities on Windows

teracopy copy files faster on windows

Copying large files on your Windows computer can be really difficult sometimes. Imagine you start copying large amounts of data through your network or from an external hard disk and wants to do some other hard disk intensive task while the files are being copied. Usually your PC will just freeze. That's where TeraCopy comes handy. TeraCopy, a free utility for Windows developed by CodeSector allows you to manage file transfer activities. You can now pause a file transfer to perform some other tasks and resume the file transfer later on and also can transfer files much faster than the usual Windows file transfer methods.

Read more...
Subscribe to this RSS feed

Subscribe

Subscribe and get latest news and updates from sarayoo.info via email!


Receive HTML?

Show Your Appreciation

Like my Blog? Would you like to buy me a Coffee?

Amount: 

  1. TWEETS
  2. ARCHIVE
  3. TAGS

Popular Posts