Thursday, March 26

hijack by godzilla

This post is about a virus i learned about when a friend called me to repair his PC. This were the problems i found on the PC.

  • When using IE , the title bar reads this "Hijack by Godzilla" .
  • For all the Drives, you cannot Double click and open to view the contents of the drive. you need to right click and open to view the contents .
  • When i checked for "My comuter - > Tools - > Folder options" , Everything seemed to work properly, but when i checked "Show hidden files and folders" and restarted the PC, the changes made earlier reverted back.
  • The windows task manger seemed to work fine.(there were many processes ,but i did not take a proper look at them)
The first thing i did was to download avast antivirus . I scanned the PC and found autorun.inf threats in each drive which i then deleted. This solved the problem of drive view which i mentioned in the 2nd point. The folder options and hijack by Godzilla problems still remained.

This is a virus and it is mostly spread via portable drives.

A little google research told me , that there is a script and some files that run everytime when you start your PC and make a entry in the registry.

So the next step was to find wscript.exe in windows task manager and stop these processes. When i opened task manager i did not find this script running.

The next step was to check : show hidden files and folders in tools - > folder options in My computer. also uncheck the Hide extention… and Hide protected operating system file.

Look for autorun.inf and MS32DLL.dll.vbs in all the drives and shift + Delete them permanently.
well in my case , avast already deleted autorun.inf . And i could not locate the MS32DLL.dll.vbs

The "hijack by Godzilla" window title entry is made in windows registry. This can be found here in registry. Go to start - > run - > regedit , click OK. Registry Edit dialogue will display. and

Select HKEY_LOCAL_MACHINE --> Software --> Microsoft --> Windows --> Current Version --> Run to delete MS32DLL (press Delete key on keyboard)

Select HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer --> Main to delete Window Title “Hacked by Godzilla” (press Delete key on keyboard)

This should have solved the problem but, once i restarted , the problem was still there.

The next step i did was to download hijack this . HijackThis lists the contents of key areas of the Registry and hard drive--areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites.

Since , MS32DLL.exe was the process which was a suspicious program which i think triggerd the virus , i used hijack this to remove this process and later when i restarted it solved the problem.






Be the first one to Comment!!!

Post a Comment