VBS.Invadesys.B is a worm that will propagates by creating a duplicate of itself to all drives found on the infected computer. VBS.Invadesys.B can modify and create its own entry on registry so that a copy of this worm will run when Windows is started.

Alias: -

Damage Level: Low

Systems Affected: Windows

Manual Removal of VBS.Invadesys.B

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Reboot computer in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]

Navigate to and delete the following registry entries:
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrent VersionWindows”Ver” = “[WINDOWS VERSION]”
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrent VersionWindows”Date” = “[DATE OF INFECTION]”

Navigate to and restore the following registry entries to their previous values, if required:
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrent VersionWindows”Load” = “%SystemDrive%systemsvchost.exe %System%[smss.exe:.vbs OR .vbs]”
HKEY_LOCAL_MACHINESOFTWAREClassestxtfileshellopen command”Default” = “%SystemDrive%System32WScript.exe %Windir%[explorer.exe:.vbs OR .vbs] %1 %* ”
HKEY_LOCAL_MACHINESOFTWAREClassesinifileshellopen command”Default” = “%SystemDrive%System32WScript.exe %Windir%[explorer.exe:.vbs OR .vbs] %1 %* ”
HKEY_LOCAL_MACHINESOFTWAREClassesinffileshellopen command”Default” = “%SystemDrive%System32WScript.exe %Windir%[explorer.exe:.vbs OR .vbs] %1 %* ”
HKEY_LOCAL_MACHINESOFTWAREClassesbatfileshellopen command”Default” = “%SystemDrive%System32WScript.exe %Windir%[explorer.exe:.vbs OR .vbs] %1 %* ”
HKEY_LOCAL_MACHINESOFTWAREClassescmdfileshellopen command”Default” = “%SystemDrive%System32WScript.exe %Windir%[explorer.exe:.vbs OR .vbs] %1 %* ”
HKEY_LOCAL_MACHINESOFTWAREClasseshlpfileshellopen command”Default” = “%SystemDrive%System32WScript.exe %Windir%[explorer.exe:.vbs OR .vbs] %1 %* ”
HKEY_LOCAL_MACHINESOFTWAREClassesregfileshellopen command”Default” = “%SystemDrive%System32WScript.exe %Windir%[explorer.exe:.vbs OR .vbs] %1 %* ”
HKEY_LOCAL_MACHINESOFTWAREClasseschmfileshellopen command”Default” = “%SystemDrive%System32WScript.exe %Windir%[explorer.exe:.vbs OR .vbs] %1 %* ”
HKEY_LOCAL_MACHINESOFTWAREClassesApplicationsiexplore.exe shellopencommand”Default” = “%SystemDrive%System32WScript.exe %Windir%[explorer.exe:.vbs OR .vbs] %1 %* ”
HKEY_CLASSES_ROOTCLSID{871C5380-42A0-1069-A2EA-08002B30309D}shellOpenHomePageCommand”Default” = “%SystemDrive%System32WScript.exe %Windir%[explorer.exe:.vbs OR .vbs] %1 %* ”
HKEY_CLASSES_ROOTCLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}shellopencommand = “%SystemDrive%System32WScript.exe %Windir%[explorer.exe:.vbs OR .vbs] OMC ”
HKEY_CLASSES_ROOTCLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}shellexplorecommand = “%SystemDrive%System32WScript.exe %Windir%[explorer.exe:.vbs OR .vbs] EMC ”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrent VersionExplorerAdvancedFolderHiddenNOHIDDEN”CheckedValue” = “3″
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrent VersionExplorerAdvancedFolderHiddenSHOWALL”CheckedValue” = “2″
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent VersionPoliciesExplorer”NoDriveTypeAutoRun” = “0″

6. Exit registry editor and restart the computer.
7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.