tskmgr32.vbs - Dangerous
%sysdir%\tskmgr32.vbs
Manual removal instructions:
Antivirus Report of %sysdir%\tskmgr32.vbs :
%sysdir%\tskmgr32.vbs
VBS.Sorpe.A@mm - mass-mailing worm
1. Uninstalls any process that contains the strings "Script" and "Block" in its name.
2.Drops and executes %System%\Tskmgr32.vbs to terminate any process named Taskmgr.exe.
3.Drops and executes the following files:
* %System%\User32.reg
* %System%\SysReg.reg
4. Creates the following copies of itself:
* %System%\MsNews.vbs
* %Windir% \SysLogs\Syslog32.vbs
* %ProgramFiles%\WindowsUpdate\Wupdmgr.tmp\Wupdscn.vbs
5. Adds the value:
"Spore" = "%System%\MsNews.vbs"
to Windows startup registry keys.
6. Adds the value:
"DisallowRun" = "1"
to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Adds the values:
"1" = "regedit.exe"
"2" = "notepad.exe"
"3" = "wordpad.exe"
"4" = "write.exe"
"5" = "wuauclt.exe"
to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
to block execution of this files.
Remove it using Startup Optimizer.
| %sysdir%\tskmgr32.vbs | Malware |
| %sysdir%\tskmgr32.vbs | Dangerous |
| %sysdir%\tskmgr32.vbs | High Risk |
1. Uninstalls any process that contains the strings "Script" and "Block" in its name.
2.Drops and executes %System%\Tskmgr32.vbs to terminate any process named Taskmgr.exe.
3.Drops and executes the following files:
* %System%\User32.reg
* %System%\SysReg.reg
4. Creates the following copies of itself:
* %System%\MsNews.vbs
* %Windir% \SysLogs\Syslog32.vbs
* %ProgramFiles%\WindowsUpdate\Wupdmgr.tmp\Wupdscn.vbs
5. Adds the value:
"Spore" = "%System%\MsNews.vbs"
to Windows startup registry keys.
6. Adds the value:
"DisallowRun" = "1"
to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Adds the values:
"1" = "regedit.exe"
"2" = "notepad.exe"
"3" = "wordpad.exe"
"4" = "write.exe"
"5" = "wuauclt.exe"
to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
to block execution of this files.
Remove it using Startup Optimizer.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.