The virus also known as snake.exe.vbs is in form a vbs script which copies itself in the system32 folder and adds itself to the startup items so that it starts as soon as windows boots. The most common feature of this virus is that it sets the homepage of your internet explorer to http://sandeep-verma.blogspot.com
The virus creates the following files in system32 folder
snake.exe.vbs
To remove the virus you need to first of all kill the following process
wscript.exe
Next delete the virus i.e. the following files from the removable media if the virus came from there.
snake.exe.vbs
autorun.inf
Next go to C:\WINDOWS\system32 folder and find the following file and delete it
snake.exe.vbs
(It may be hidden. You may need RRT a free tool to show hidden files)
Now you need to do some editing with the registry.
(Be careful before you edit registry. Improper edition could lead to system crash)
Go to the following key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\
{0d0717e0-2102-11dd-b5a9-00c026a310b1}\Shell\AutoRun\command
On the right hand side there will be value of default with data of wscript.exe snake.exe.vbs
Click on default and delete the value data and click ok.
Repeat the above procedure for the following key also
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\
{0d0717e0-2102-11dd-b5a9-00c026a310b1}\Shell\open\Command
Now go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
And find the value userinit with data value C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\snake.exe.vbs
Change it to C:\WINDOWS\system32\userinit.exe
Now to correct the internet explorer settings go to
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Find the Value Start Page. It will be having data as http://sandeep-verma.blogspot.com/
Change the data value to about:blank
Next below it you will find a value named Window Title with data as Sandeep Verma
Click the Name and delete the data.
Congrats! Now you are free from Sandeep Verma Virus
16 comments:
Hello.
I have moderated the comment section. You can post your comments but they will appear only after they have been approved by me. I will login daily more than once to approve them.
Well go ahead and ask about any virus/trojans related problems you are having and I will be happy to answer you. Do check the contact me section.
Mudit
Hi friend,
This article is very helpful for me. i have get rid off with this virus but i can not set default home page in IE, it always come blank page.
@ Manoj
Thanks for the nice comments
For changing the home page from blank to any other
1.Open internet explorer
2.go to tools->internet options
3.Type in the home page you require under home page
hello,
thanks a lot for your help.
keep hacking...........for good purpose!!!!!!!
Please find out who this sandeep verema crap is and kill him. in fact all such hackers need death penality.
i tried but failed to get rid off sandeep verma because
1- i am unable to find wscript.exe in task manage processes.
2- unable to download the RRL software to locate the hidden file
3- and also unable to download many other antivirus softwares.
please help.
enncee
i am not able to find wscript.exe in task manager / processes. i cannot download the RRT tool. infact i am not able to download any software.
my windows / system 32 folder is also not able to show the snake.exe.vbs file. what should i do.
utax
I Have traced this sandeep verma.He is a final year engineering student of CSE at DCRUSt university Distt Sonepat ,Haryana
what are the ways in which action can be taken against him
I have notified google blogger to take down his blog, just wait for few days.... F**K you Sandeep!
thanx buddy. it works...
hello friend
i am not very good with computers so i am a bit scared of making changes to the registry.is there any antivirus that can remove this stupid sandeep verma/snake.exe thing. pls help. i've had it on my notebook for almost a year now and am sick of it.
also fuck you sandeep verma whoever the fuck you are.
thank you.
hi there
i was not able to remove this sandeep verma shit from my system.. @ the time when this started i did a complete system scan using eset antivirus & also did a scan usin cc cleaner.. now when eve i start my system i ge a msg stating "snake.exe.vbs is missing".. i tried following the above mentioned steps was not a bale to fix it coz
1. wscript.exe was not listed in the programs list. still i went ahead & tried the second step.
2. was not able to find anything releated to snake.exe in C:\WINDOWS\system32
3. was not able to find wscript.exe snake.exe.vbs in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\
{0d0717e0-2102-11dd-b5a9-00c026a310b1}\Shell\AutoRun\command
4. the only success on my was that i was able to delete that shit frm HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\
{0d0717e0-2102-11dd-b5a9-00c026a310b1}\Shell\open\Command
5. nt able to find userinit in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
and @ the moment i am getting the msg "snake.exe.vbs is missing" @ start-up & still getting that sandeep verma written on the top of IE..
Thanks for the information,
I was able to follow all your steps and remove the virus from my computer,
@ people who cannot see the snake.exe.vbs file you need to install the RRT software and you would be able to see that file,
Thanks
-MB
sandeep verma u r great...i know u dear..keep it up...best of luck..
great job!!it works
thanks for help in removing this irritating sandeep verma virus
Good one to get rid of this shit
-RishiDugar
Post a Comment