VBScript - Internet Explorer Hacked By xxx

Today, while searching for some interesting topics, i found a guy, having a problem with a
৺vbscript, causing his Internet Explorer having the title attribute ৺hacked by [Computername]

I read through the source code, and was able to fix it. Here's a summary of all necessary steps, to get rid of this script.

The Script infects all removable disks such as harddisks, SD-Cards and flash drives,
only with the target to spread itself to other computers.

If you'd like to have a german explanation, read here, where i initially solved it: http://www.computerforum.de/thread.php?threadid=112802

Disabling ৺VBScript
The Script is build to reproduce itself - So the first step necessary is to disable vb script.
Open your start menu, hit on run type in regedit and locate the following key:



There, look for the entry enabled and put its value to 0 (zero)
Simple double click the Entry to modify its value.

Restart your computer to ensure running instances of the script are closed.

Delte Files
Now, you are able to delete the files, created by the script. (A script, that is actually
not running cant recopy itself to other locations)

locate the files







on every removable device you have attached at any time and delete them.

Removing Registry Entrys
The script is creating some registry entrys on your computer.
first, open regedit again, and locate the following key:



there, have a look for a entry, that has the name of YOUR computer
its value should be pointing to

• First remove this regentry
• Then locate the file in your windows folder and delete it, too

The outcome
The Scripts outcome is - as mentioned above - the modification of IEs title.
To get rid of this string, stay in registry, and locate the following key:



There, find the entry Window Title and delete it without replacement.

Nearly Done
After you have achieved all these actions, you can Set the enabled value back to 1 again.
The Script should be gone now.