how to remove "TAGA LIPA ARE WORM"

Posted by ram Wednesday, August 6, 2008 at 11:05 PM

Any experience on encountering this type of worm? After you click your hard drive it always performs autoplay configuration. Well, I personally studied this worm myself. This was made by a BatangueƱo, and a simple worm that can't be seen by ANY OF THE TOP PRODUCTS of Security Softwares including my own Security Software in my pc like NOD32, AVG Anti Spyware, Trojan Hunter, Comodo Firewall, Zone Alarm Firewall, Symantec Security, Symantec Antivirus with a NORMAL SCANNING. A simple worm that can't be detected because it was hidden, I personally admire the one who created that one and I tried it myself on my own pc. To remove it you must unhide the system files. But simple scanning wont do anything to it.

HERE IS THE TIPS on how to remove this stuff.

TAGA LIPA ARE WORM or FS6519.dll.vbs

Symptoms: C: drive has an [autoplay] function when right-clicked. Internet Explorer has “TAGA LIPA ARE!” in it’s title bar.

Mode of Transfer: USB, Fixed/Portable HDD

Target: Internet Explorer, Registry, MSConfig, Autorun.inf

Effects: Every Mass Storage Device linked to the infected PC will be inserted with an autorun file which will trigger the Windows Scripting Service to run its main file “FS6519.dll.vbs”, which is marked as a system file and is in the root directory of the Drive.

Open My Computer -> Tools Menu -> Folder Options -> View Tab:

Select: Show hidden Files and Folders

Uncheck: Hide Extensions for known file type and Hide Protected operating system

Click Yes Then OK.

You will see an autorun.inf and FS6519.dll.vbs in all your harddrives. Delete ALL of them.

If it says that something is using the program. Press Ctrl+Alt+Del and go to processes, end ALL wscript.exe

Open MSConfig and under startup, uncheck the trojan’s startup entry, [FS6519].

Click Start > Run and then type regedit

delete [HKLM\Software\Microsoft\Windows\CurrentVersion\Run\FS6519]
key, and modify [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,”TAGA LIPA ARE!”] key to remove the nuisance in IExplorer.

OR go to Edit -> Find and type FS6519.dll.vbs.

Edit the found registry by selecting the name, ryt click and modify, remove the last two strings which is wscript.exe and FS6519.dll.vbs and click OK.

If finished, press F3 and it will search again for another, just do the same thing until nothing is found in your registry.

If you are done with the FS6519.dll.vbs, its time for the TAGA LIPA ARE! or sometimes "RMD ROCKS" be edited in your IE, type the string on the search again then it will show up the IE title … modify then type anything you like or better delete it.

Have a Nice FREE Virus Trojan Day!!!

If you have further questions, comments, feedbacks. Just post it in here guys.

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)