This, along with other .vbs or .wsh viruses/worms/trojans, can easily be removed and prevented by doing any of the following methods:
CAUTION: None of these methods are fully 100% safe. Even using an updated anti-virus may cause irreversible damage to your Windows computer. BACK UP YOUR DATA FIRST! I am in no way responsible for any lost data, corrupted files, or any of the like. You have the sole responsibility to your computer. Proceed at your own risk!
A.) Use your anti-virus
Screen shot taken from http://www.avast.com/
This is the most easiest way to remove the worm. However, if your definitions are not updated, then they may not be detected and thus you cannot remove them. There are only a few free anti-virus software like AVG, Avast, and BitDefender. I suggest using a primary one, either AVG or Avast and as a back-up, BitDefender. AVG/Avast will most likely find the worm you have and BitDefender is a good back-up anti-virus since it lacks the real-time scanner (Real time scanner means that while your browsing a folder, and your anti-virus manages to see a virus, it warns you in "real time" without scanning the whole folder or drive manually. AVG and Avast have this real time scanner while BitDefender does not.)
B.) Disable .vbs scripts on your Windows machine manually
Most viruses are written in Microsoft's Visual Basic. It's a simple programming language with a graphical user interface (GUI) and allows the user to easily create programs that they need. However, viruses, worms, and trojans, are also created in this manner.
Although I do not recommend this process for the programmers, basic users can disable the running of .vbs files and other dangerous formats through disabling the Windows Scripting Host. Click here to view the link. Find your operating system, and follow the guide. Use the Windows 2000 guide if you are using XP/Vista. Again, this step is not recommended for programmers who use Visual Basic or do programming. Proceed at your own risk.
C.) Download and install Script Defender by Analog X
Image screen shot taken from http://www.analogx.com/contents/download/system/sdefend.htm
If you are afraid of doing letter B, then you can use this software to manage your file extensions instead. This simply allows you to monitor certain types of file extensions like .vbs and .wsh. When they try to execute themselves, Script Defender will not allow them to do so unless you allow it. It basically asks you first before the file executes. Think of it this way, the virus shows up and decides to steal all your personal information in your entire system. It can and it will, but Script Defender makes the virus ask you first before it does so. Pretty neat, eh? Download it here. Please read below before using.
D.) Plug the USB flash drive into a Linux computer.
Screen shot taken from http://www.avast.com/
This is the most easiest way to remove the worm. However, if your definitions are not updated, then they may not be detected and thus you cannot remove them. There are only a few free anti-virus software like AVG, Avast, and BitDefender. I suggest using a primary one, either AVG or Avast and as a back-up, BitDefender. AVG/Avast will most likely find the worm you have and BitDefender is a good back-up anti-virus since it lacks the real-time scanner (Real time scanner means that while your browsing a folder, and your anti-virus manages to see a virus, it warns you in "real time" without scanning the whole folder or drive manually. AVG and Avast have this real time scanner while BitDefender does not.)
B.) Disable .vbs scripts on your Windows machine manually
Most viruses are written in Microsoft's Visual Basic. It's a simple programming language with a graphical user interface (GUI) and allows the user to easily create programs that they need. However, viruses, worms, and trojans, are also created in this manner.
Although I do not recommend this process for the programmers, basic users can disable the running of .vbs files and other dangerous formats through disabling the Windows Scripting Host. Click here to view the link. Find your operating system, and follow the guide. Use the Windows 2000 guide if you are using XP/Vista. Again, this step is not recommended for programmers who use Visual Basic or do programming. Proceed at your own risk.
C.) Download and install Script Defender by Analog X
Image screen shot taken from http://www.analogx.com/contents/download/system/sdefend.htm
If you are afraid of doing letter B, then you can use this software to manage your file extensions instead. This simply allows you to monitor certain types of file extensions like .vbs and .wsh. When they try to execute themselves, Script Defender will not allow them to do so unless you allow it. It basically asks you first before the file executes. Think of it this way, the virus shows up and decides to steal all your personal information in your entire system. It can and it will, but Script Defender makes the virus ask you first before it does so. Pretty neat, eh? Download it here. Please read below before using.
After you have installed it, press "install intercepts" and it will intercept anything that was placed in the dialog box before it executes. However, do not add any file extensions you want to block which you might regret later. Use the default that it already has. I tried adding .txt to it, and it did work, but when I removed .txt and opened a .txt file, it gave me some sort of error saying that it couldn't open it. I could open it through notepad but not through double-clicking it. Again, proceed at your own risk and don't add anything you will regret later.
D.) Plug the USB flash drive into a Linux computer.
Screenshot taken from www.linux.org
Some of you might be wondering what LINUX is. It is an open source operating system which you can get for free. Most viruses are targeted only at Microsoft's operating systems like Windows 98, XP, ME, 2000, and Vista. Since this worm has an extension (.vbs), then it only targets Windows (which is capable of running visual basic scripts).
First, find someone who has Linux installed on their laptop or desktop and boot into that system. If you have your own Linux OS, that's great! It doesn't have to be a specific flavor of Linux. It can be Fedora, Ubuntu, or PCLinuxOS. As soon as you have booted into the system, plug in your drive and open it. Find the files which ends with .vbs or something like TTMS1218.dll.vbs. That is the problem.
After you have removed the files, safely unmount by right clicking the icon of your device and left clicking on remove or unmount. (NOTE: Some of the flavors might require you for administrative access or the use of the terminal to mount/unmount the drive.)By the way, while your USB is mounted on the Linux system, you might find other viruses, trojans, or worms. If you suspect that they are, please be careful in deleting them. They could be files you really need.
E.) Format your computer
This is the last resort to removing any other kind of viruses. This worm, TTMS, isn't that hard to remove especially if you use a Linux machine to remove it, but never do this method before backing up all your data first.
=======================================================================
TTMS has several definitions and the nearest one I found was "Trojan Transportable Mini-Switch" found here. This worm could have been written by someone outside the Philippines and was edited by a Filipino by simply changing the output error message into Cebuano.
When I plugged the infected device into PCLinuxOS, I managed to get the source code by opening the .vbs file in KWrite. Here's a screen shot:
Image taken on Dec. 20, 2007
=========================================================
I do not own AVAST, AVG, BitDefender, and Analog X & its software.
All images here were taken on Dec. 20, 2007.
No comments:
Post a Comment