Exterminate It! Antimalware

malpedia

Known threats:699,443 Last Update:July 17, 22:52

Testimonials

Matt,

Thanks so much for your help. For now, this seemed to have solved the problem and found all the infected files. I'll keep you updated, as I know this virus can be very hard to kill.

Thanks a million.

Jason

File: system.vbs

Location of system.vbs and Associated Malware

Check whether system.vbs is present in the following locations:

system.vbs file locations that are Windows version independent:

  • C:\Windows\System32\system.vbs
  • C:\Windows\System.vbs

Windows 2000, Windows XP, Windows Server 2003 specific system.vbs file locations:

  • C:\Documents And Settings\USER_NAME\Application Data\Microsoft\system.vbs
  • C:\Documents And Settings\USER_NAME\Application Data\nvidia\system.VBS
  • C:\Documents And Settings\USER_NAME\Application Data\Microsoft\Windows\temp\system.vbs
  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\system.vbs
  • C:\Documents And Settings\USER_NAME\Start Menu\Programs\Startup\system.vbs
  • C:\Documents And Settings\USER_NAME\Application Data\Microsoft\temp\system.vbs

Windows Vista, Windows Server 2008, Windows 7, Windows 8 specific system.vbs file locations:

  • C:\Users\USER_NAME\AppData\Roaming\Microsoft\system.vbs
  • C:\Users\USER_NAME\AppData\Roaming\nvidia\system.VBS
  • C:\Users\USER_NAME\AppData\Roaming\Microsoft\Windows\temp\system.vbs
  • C:\Users\USER_NAME\AppData\Local\Temp\system.vbs
  • C:\Users\USER_NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.vbs
  • C:\Users\USER_NAME\AppData\Roaming\Microsoft\temp\system.vbs

If you find system.vbs file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The system.vbs file is associated with malware only if found in the locations listed above.

Notes:

Different Variations of system.vbs File^

File SizeFile Md5Last Seen
14982100C1D2C68835DBDE002D268AF7439May 28, 2011
96678C1EC8FA1952D48F0C3616E8018514Aug 24, 2011
12147FC5559A414A06EDBF47507C48F1B49Dec 8, 2013
223AC08CB522F751943D3C4BAF9DFE0D3BCDec 22, 2015
224DC26FB0107DB8969D20E0F247D01198AMar 28, 2016
223DCD4742CFD2C1EA82EC58C31DAF99AB2Oct 10, 2016
2856C30741038D39BCC2DB07412DCB4479F6Oct 7, 2015
23520DBFA1E641E736938B24A78431140F86May 2, 2016
2832D36D58E9036F901FD657FDEB41BC1E99May 3, 2016
2836562105B9DA68D606FBE7D47D01D65887May 31, 2016
2635679CFB3EB6A43A265DA22E2C95AF524ANov 5, 2016
2348E4AA99F03B78D98E70C8A41BD20EB3BBApr 10, 2017
386658D5ED90F756CF980713FAB8A36A057222Apr 12, 2016
128751C2C4D107D207692908CC637E6D71744CJun 8, 2016
1195111A2475C1723045E7B43F2721DC444BB32Jun 16, 2016
85422B32BABAE4E42447A50D20D89A362988Jul 15, 2016
90783448F2AD0410AFB4043FA91A1AA6B1B3May 19, 2017
342029FDC61B71C5AB0B7E0A2B4A83BC54AECJan 5, 2017
171687BE6C615DA4C8850C583DDAB1C6643A4BJan 24, 2017
11760800B1035CA407C0CD7EB79F92D9E2964FBApr 3, 2017
20937AB1AD239A845462789D0A7D2861ABCB1Oct 2, 2016
62986847C142A14D6F3A703800E1CA33796DCJun 1, 2017
93601084DB7CD26876740CD53A7595BE11Nov 23, 2017

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove system.vbs^

  1. To enable deleting the system.vbs file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select system.vbs and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of system.vbs and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of system.vbs and Associated Malware.
  6. Notes:

    • The deletion of system.vbs will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of system.vbs will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a system.vbs malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type system.vbs. The name of the first found registry value referencing system.vbs is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to system.vbs, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of system.vbs and Associated Malware.