Did your Internet Explorer title bar shown this “Hacked by Pokemon“?Don’t worry this is not a high risk virus.Just some visual basic program.The file that run this visual basic is BHA.VBS.DLL. I will show you how to remove this bug manually.
What will This Virus Do ?
-Infected every of your partition including removable drive.This is because the script was written to generate bha.vbs.dll and autorun.inf.
-Spread via removable drive such as pendrive or other storage device because of its capability to generate dll file using vbs script.
-Will generate new registry value in your windows registry that is:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL - winpath&”\Bha.dll.vbs
HKCR\vbsfile\DefaultIcon - shell32.dll
And also modify this registry value:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,”Hacked by pokemon”
-All your partition cannot open normally if your PC infected because the authority was given to the ‘autoplay’ option not ‘open’ option if normal condition.To ensure this,just right click one of your drives and see the first bolt option,is it open or autoplay.
How to Show Autorun.inf & bha.vbs.dll in Your Computer?
-Go to Tools>Folder Option
-Uncheck Hide protected operating system files (Recommended) and Use simple file sharing(Recommended)
-Click Apply and Close the window.
WARNING: When you open your drive partition, MAKE SURE you open by right clicking it and choose Open, IF NOT,the thread will RUNNING again.
How to Delete/Remove *vbs File ?
1) CTRL + ALT + DEL and find wscript.exe if exist to make sure its running or not. If exist, click End Process.
2)You may delete 2 files that i mention above manually in every partition.
3) or, Start -> Search. Search for *vbs files . Delete the file if it is found.
How To Clean The Registry ?
-After clean and delete the file, now you must clean the windows registry because this thread generate new registry value after they were activated.
-Run registry editor:START—>Run (type regedit)
-Open this location:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL
Delete registry named MS32DLL
-And open this location:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
-Choose Window title and edit the string.
-You may put any names or delete the string value (Window title)
-Then reboot your PC