VBS.Stemclover
VBS.Stemclover can disable opening or running various software on the infected computer. It propagates by copying itself to removable media storage devices. VBS.Stemclover also search for files that has .XLS extension and duplicate them into .VBS file in order to mislead victims to execute the virus without their knowledge.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
First Aid to Stop VBS.Stemclover:
When VBS.Stemclover virus infects a computer, it will modify system settings and inject itself to legitimate Windows files. System Restore is the tool-to-go-to in bringing back clean files and restoring earlier configuration. If you have saved previous restore point, please restore Windows to an earlier date.
Manual Removal of VBS.Stemclover:
1. If an anti-virus program is present, update the definition file.
2. Reboot Windows in Safe Mode
- After turning on the power, press F8 on the keyboard.
- From the menu, select Safe Mode.
3. Run a full system scan and clean/delete all infected file(s).
4. Delete/Modify any values added to the registry if present.
- To edit the registry, click on Start. Search or Run regedit.exe.
Note: For a complete guide on Safe Mode and Registry Editor, please see tutorial links on the sidebar.
5. Exit registry editor and restart Windows.
Additional Tools and Programs:
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool and start scanning with Norton Power Eraser.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Dropped several malicious files on the hard drive.
- Modify and add unwanted entries on the registry.
Malicious Files Added by VBS.Stemclover:
%System%\iexplore.vbs
%Temp%\Bogor.vbs
C:\Documents and Settings\All Users\Desktop\Harry Potter.lnk
C:\Documents and Settings\All Users\ Start Menu\Programs\Startup\Bogor Kota Hujan.lnk
%Windir%\Tunggul.vbs
%DriveLetter%\Tunggul.vbs
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”WinSistem” = “wscript.exe %Windir%\Tunggul.vbs”