Closed Solved

files turned into shortcuts - ulbloqmeed.vbs

hello
I think I have a glitch
I used my DiscOnKey on a public computer and when i returned home to my Dell laptop I noticed all my files and folders turned into shortcuts.
i tried using another DiscOnKey on my computer n it infected it too - i mean i now have the same problem on both DiscOnKeys.
i tried formating it with no use - this problem sticks. i scaned my computer n DiscOnKeys with AntiVirus - no infections found.

i changed folder options to show hidden files and also protected operating system files and found this file : ' ulbloqmeed.vbs ' (VBScript Script File) in flash drive and in C:\Users\Ran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup and in C:\Users\Ran\AppData\Local\Temp
i tried deleting it and got a messege: "the actiion can not be competed because the file is open in microsoft windows based script host".

can anyone please help me fix it?
I use windows 7 btw.
13 answers Last reply Best Answer
More about files turned shortcuts ulbloqmeed vbs
  1. Best answer
    Malwarebytes should get rid of that virus. Follow these steps-

    http://cocodrilabs.wordpress.com/2012/04/16/virus-my-files-turned-into-shortcuts-solved/
  2. davefowler said:
    Malwarebytes should get rid of that virus. Follow these steps-

    http://cocodrilabs.wordpress.com/2012/04/16/virus-my-files-turned-into-shortcuts-solved/


    no. it didnt work. i use AVG and I just updated it and i ran a full scan. also tried Malwarebytes - with no use - it didnt detect the file i mentioned (ulbloqmeed.vbs).
    can anyone come up with another solution?
  3. ComboFix should find and fix this. Carefully read the instructions at http://www.bleepingcomputer.com which is also the best download site. Make sure you wait until it has completely finished and produced its log before going into the Run box, then type in combofix /uninstall. It will seem to be installing again but that's just part of the process. Again, wait until confirmation appears then restart the system.
  4. ComboFix should find and fix this. Carefully read the instructions at http://www.bleepingcomputer.com which is also the best download site. Make sure you wait until it has completely finished and produced its log before going into the Run box, then type in combofix /uninstall. It will seem to be installing again but that's just part of the process. Again, wait until confirmation appears then restart the system.

    Saga Lout - tyvm your solution worked. and after i did what u said i used davefowler's solution just to be sure - meaning i deleted the .vbs file and used CMD to run this command: attrib -h -r -s /s /d F:\*.*
    important note: use windows search to find all the copies of ulbloqmeed.vbs and delete them. do that for all infected flash drives.
    thanx again to both of you
  5. Well done - nice when it works out like that and two tools are better than one. Double check the Registry for leftover references to that file - a search from the Edit>Find menu should track the first one down, delete it and Function 3 takes you on to the next, etc.
  6. Well done - nice when it works out like that and two tools are better than one. Double check the Registry for leftover references to that file - a search from the Edit>Find menu should track the first one down, delete it and Function 3 takes you on to the next, etc.

    hmm can u explain what u just said plz? where is this edit->find bottun exacly?
  7. The Edit menu is on the Registry when you open it using regedit in the Run box. Find that by going to c:\windows\system32, highlight regedit.exe and right click then select RunAs Administrator.
  8. The Edit menu is on the Registry when you open it using regedit in the Run box. Find that by going to c:\windows\system32, highlight regedit.exe and right click then select RunAs Administrator.

    i did as u asked n the search didnt come up with any result. i hope thats ok...
    thanx again!
    Zook
  9. Sounds good. All clear now.
  10. It happened also to me. Anti virus cannot detect it. What you are going to do is to delete it manually.

    Reminder:
    1st step:
    You should check the SHOW HIDDEN FILES. Then, unchecked HIDE EXTENSIONS FROM KNOWN FILES and HIDE PROTECTED OPERATING SYSTEM
    To do this
    Open My Computer
    View
    Folder Options
    Then do the first step


    So here it is

    First
    From task manager, you should end the process wscript.exe

    Second
    Go to C:\Documents and Settings\(your user name)\Local Settings\Temp
    you should see kpcgrhynko.vbs file delete it (I deleted this file using QuickWiper)
    (So if there is no such file as this, proceed to the next step)

    Next Go to C:\Documents and Settings\(your user name)\Start Menu\Programs\Startup
    you should see again this file kpcgrhynko.vbs. Delete it (I deleted this file using QuickWiper)
    (So if there is no such file as this, proceed to the next step)

    Third
    Open your flashdrive
    Delete kpcgrhynko.vbs again
    Then, delete all the shorcut files

    Fourth
    Here I assume your flahdrive is G
    Run CMD
    enter this command:
    attrib -h -r -s s /s /d G:\*.*


    So thats it......
    Sorry for my bad english.....

    I'm also using this noscript.exe application to enable or disable vbs(visual basic script) so that .vbs malware will not spread on my computer...

    I hoped it helps
  11. @uchiha77794 thank you very much it was very helpful and solved my problem


    but the command should be written like that attrib -h -r -s /s /d G:\*.*
    thank you again ;)
  12. Guys can you look at this link http://www.tomshardware.co.uk/answers/id-1912967/vbs-files-dangerous.html, it`s related to the above
  13. I've answered your post in there but it's unclear whether you're posting advice or still need some. I'll close this one now - it's getting a bit old.
Ask a new question

Read More

Windows 7 Computers Storage Flash Drive