Remove ProtectFile.vbs virus

Posted on July 20th, 2008 by Sam

Difficulty in removing/deleting ProtetFile.vbs

In my last post I mentioned how my CD drive used to get ejected automatically, every time I opened any of the drives in my laptop, and how I traced out that the file causing the problem was ProtectFile.vbs.But even after detecting that ProtectFile.vbs is causing the problem there was a difficulty deleting the file. The virus makes hidden, read-only multiple copies of itself in all the drives. So, firstly they are difficult to be detected. Secondly, we can’t delete or rename it without disabling its “read-only” property. Thirdly, when we try to delete any one of the multiple copies, it uses an autorun.inf (executed automatically by windows) file to recreate itself from its copies in other drives.

How to remove ProtectFile.vbs

There can be various ways of removing it. Maybe there are better ways of removing this virus, but to keep things simple I will just tell you how I removed it from my computer. ProtectFile.vbs is designed to be difficult to be deleted. So we will take an indirect approach. First we will modify/rename the files. Then we will delete them. I use moveonboot to deal with stubborn files like this. If you use any other software like this then its fine, else you may download moveonboot for free.Henceforth I am assuming that you are using moveonboot. In case you don’t want to use it, you may follow similar steps as below with your favorite remove-file-on-reboot program.

  1. Open MoveOnBoot
  2. Go to Rename Action -> Rename File
  3. A window should open asking you to select a file. Since these virus files are hidden files , you won’t be able to browse and reach them. So just enter “C:\protectfile.vbs” in select-file section.
  4. Enter “C:\protectfile.html” in the destination file section. Enter OK.
  5. Similarly repeat steps 2 to 4 for the file “C:\autorun.inf” and rename it to “C:\autorun.html”
  6. Don’t restart your computer. We have set moveonboot to rename the ProtectFile.vbs in just one of the drives.
  7. Repeat step 2 to 5 for each of the drives. For example if you have 4 drives in your computer(C, D, E, F), then you will have to rename “C:\protectfile.vbs”, “D:\protectfile.vbs”, “E:\protectfile.vbs” and “F:\protectfile.vbs” to “C:\protectfile.html”, “D:\protectfile.html”, “E:\protectfile.html” and “F:\protectfile.html” respectively. Similarly rename “autorun.inf” files in all the drives to corresponding “autorun.html” files.
  8. Restart your computer. Voila! We have disabled the visus.
  9. Now we will remove them completely.
  10. Open MoveOnBoot again.
  11. Go to Delete Actions -> Delete Files
  12. You won’t be able to browse and reach the files. So click browse and enter “C:\protectfile.html”, “D:\protectfile.html”, “E:\protectfile.html” ,”F:\protectfile.html”, “C:\autorun.html”, “D:\autorun.html”, “E:\autorun.html” and “F:\autorun.html”
  13. Restart your computer.
  14. We are done. Your computer is free from ProtectFile.vbs virus.

But hey.. if you got this virus from your USB drive, what are you going to do? The above process doesn’t remove the virus from your USB drive. If you use this USB drive in your computer/laptop, its going to infect your computer again. You don’t want to throw away your USB, do you? What should you do? Thats explained in the next post.

For reliable virus/spyware protection I recommend to use original antivirus. Don’t use keygen of cracks at least for antivirus, because those who develop these cracks develop them with the intention of spreading their own spywares and viruses. Here is a  Special Internet Offer for ZoneAlarm, and for Norton AntiVirus 2009 with 2-yr Protection.

  • Sponsored

web.thinkingpal.comLogin