Rem-VBSworm is a utility that removes VBS and Windows Script Host malware from your computer, USB drives, and the network. This program was created by Panda Security employee and malware researcher Bart Blaze after he had seen this type of malware becoming more active. Using Rem-VBworm, you are able to scan your computer for common VBS infections and remove them. The program also has the ability to scan infected USB drives and clean them so they no longer infect other computers when you insert the drive into them.
Using Rem-VBSworm is really easily. Simply run the program where you will be greeted with a screen prompting you to select what action you would like to perform. When running the program you have the option to launch the following tasks
- Scan your computer for infections and clean them.
- Clean a USB drive of infections and unhide hidden files.
- Download and run Panda USB Vaccine.
- Enable or Disable the Windows Scripting Host
- Read instructions on how to use Rem-VBSworm
On a normal machine, when using Rem-VBSworm, you should use it in the following steps:
- Plug in your infected USB (if any) and choose option and A and let it finish.
- Then choose option B to clean the USB drive.
- Finally select option C to download and run the Panda USB Vaccine tool to vaccinate your USB drive so that it cannot get infected in the future.
- After these steps, perform a full scan with your installed antivirus product or perform an online scan.
Here are some tips and tricks from the author when using the tool:
- Using option A, the tool will attempt to clean the infection. It will also fix any registry changes made by the malware. (for example it will re-enable Task Manager should it be disabled) !
- When you use option B, be sure to type only the letter of your USB drive! So if you have a USB drive named G:\, you should only type G. This option will eradicate any related malware on the USB drive, as well as unhide your files (make them visible again).
- With option C you can download Panda USB Vaccine to prevent any other autorun malware entering your computer.
- With option D you have the possibility to disable or re-enable the Windows Script Host (WSH), to prevent any malware abusing it.
- I advise to end the script with Q as to ensure proper logfile closing. A logfile will open automatically, but is also created by default on the C:\ drive. (C:\Rem-VBS.log).
- When the tool is running, do not use the machine for anything else. (it takes about 30 seconds to run)
- If VBS malware is found, it will be automatically removed and a copy will be placed at C:\Rem-VBSqt.
- Accidentally used an option and want to exit the script? Use CTRL + C to stop it.
Rem-VBSworm can be used to remove the following VBS computer infections:
- Autorun worms
- Any other VBS (VBScript) or VBE malware
- Any other malware that abuses the WSH (Windows Script Host)