Updated : It is confirmed that Yongyut Aunkaen is a virus. This virus will replicate itself in removable drives which in turn will effect other computers. You will also have problems double clicking on your computer drives.
The easiest way to see if you have the virus is if you will see this message in your internet explorer title bar :
If you click on view > Show hidden files and folders, you will find MS32DLL.dll.vbs and autorun.inf. This is the virus. You must delete this immediately in removable drives.
The steps to remediate this in your computer is as follows.
Method 1 : Download this script. Close all windows and run script.
Method 2 : Credits to Anand and to this forum.
1. Open windows task manager (Ctrl+Alt+Del) and select the “Processes” tab. Find “Wscript.exe” and click on “End process. Repeat if there is more than one process and then close the task manager.
2. Go to the C drive and select “Folder Options” -> “View” and choose “show hidden files and folders” and uncheck “hide protected operating system file.
3. In the C drive, search for “autorun.inf” and delete this file.
4. Delete MS32DLL.dll.vbs (this is the virus) also delete the virus from the path C:WINDOWS MS32DLL.dll.vbs
Be careful with the next step, any mistake may crash your computer
5. Start -> Run and type in “Regedit” and press enter. Select HKEY_LOCAL_MACHINE -> Software ->Microsoft ->Windows -> Current Version -> Run. Find MS32DLL and delete that entry.
6. Then select HKEY_CURRENT_USER -> Software -> Microsoft -> Internet Explorer -> Main. There you will find Window Title Yongyut Aunkaen and delete that entry. You can close the registry now.
7. Next click on Start -> Run and type in gpedit.msc and press Enter. Then you will open Group Policy.
8. Select User Configuration -> Administrative Templates -> System -> double click on Turn Off Autoplay and in the window there, select Enabled and select All drives. Now you can close the Group Policy.
9. Next click on Start -> Run and type msconfig and press Enter. You will open System Configuration Utility.
10. Click on Startup tab and find the file MS32DLL take it out and then exit the System Configuration Utility and select Exit Without Restart when prompted.
11. Empty Recycle bin and Restart your computer.
You should not have the message anymore.
I think internet explorer has been hacked by hacker…
Remove the ie and reinstall the ie is the better option….
Hi nice blog you’ve in here…it would be great fun to have you among our worldwide network of bloggers at UBSquare……it’s the fun way to promote your blog and meet lots of new bloggers π
see you there soon π
SengKiat
I’m thinking of reformatting the entire compy, once I’ve done a backup of the files I have – Funny thing is that there entire workstation at the place I work at is completely firewalled and it still has the same problem.
Its odd
Thanks for the idea though π
Your are welcome anyways. Yup thanks for visiting my site anyways. π
That could be some sort of spyware… I would suggest getting Lavasoft’s Adaware and Spybot to scan your system. If the computer’s behind a firewall, you might also want to take a look at the firewall’s logs to see if anything’s been trying to contact any strange websites…
SengKiat
No problem π
Alden
Thanks for the suggestion. π I’ve followed your advice and downloaded and installed adaware. So far I have 2 ad-ware it seems. I’ve quarantined it. Lets see what happens after that.
If worst is to come, I’ll just reformat the whole thing …
so is thee prob solved? i also got this prob..changing the title bar is only a temp thing.
Song
Unfortunately for me, when I restarted the computer, the same message still apears. So ad-aware does not seem to pick it up. I could try spybot later on in the evening.
Worst comes to worst, I’ll just reformat the computer. Its that time of the year already π
so did ur frz suggest anyway to remove that bug
Song
I think we’re stuck with it till Microsoft decides to do something about it.
omg, who’s ya tech ass?
it’s definitely NOT A BUG!
zomg, please ask him/her go find out what’s a BUG actually.
and probably suggest your comp to fire him/her
you got your IE title changed, bcoz of some spyware/worms/trojon running, or most probably you installed some jerky IE toolbar.
check your processes, kill it.
then look into msconfig + services.msc, check which suspicous startup exe, google it. delete it.
so 10ha10ha you cleared it before?
Hi all, installed the Windows Defender and it helps me to detect the vbscript that is running at every boot up and prompting me the changes that is being happened in the registry. It shows me the location in the registry that is being updated by the vb program periodically and it also indicates the path where the file is located.
Good luck.
shah, care to share where to get windows defender and how it works in more detail? thanks
nice site
You sure know your stuff!! I followed the steps and my title bar looks normal again…Thanks lots!
does this really work????
seriously π
It worked for me and all of the other computers at the place I work at.
what does the virus do? really, it might have stolen passwords or more already π