rundll32.vbs - Dangerous
rundll32.vbs
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
This is an Internet worm that spreads as a VBS file attached to e-mail messages.
To send infected messages, the worm uses MS Outlook. The worm also is able to send its copies to IRC channels by infecting an mIRC client.
To spread to IRC channels, the worm creates a SCRIPT.INI mIRC system file in the mIRC directory (if it is installed).
This file contains a set of instructions that sends the worm file to everybody who enters an infected channel.
The payload routine is activated on June 20th. It disables the keyboard and mouse by modifying the following two system-registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Shut_Up = "rundll32 mouse,disable"
Shut_Up2 = "rundll32 keyboard,disable"
Use RegRun Startup Opimizer for removal.