Hello everyone. Recently my computer was infected by a virus "VBS\Unknown." It started as a message in Outlook Express. The Sender is from one of my contacts saved in the address book, but he told me he never send me a message. The title Gwd: Hi or some random topic. It looks like some wrong spelling of fwd but it's actually a virus. Inside the message you will see " See attachment for more details." If you open the attachment, it has a text and say " You have already received it". My computer started to have problems with the softwares installed in the OS. Office Applications no longer work and you can't access the Add/remove options in the control panel and also the "run" is gone at the when you click start.

I also noticed that when you open My Computer and select one of the partitions like C:\ and D:\. It doesn't open normally and also when you right click on it adds Autoplay. You have to right click and select the option Open. After scanning with AVG 7.5 with the latest update, it detected that a virus found VBS/Unknown. It can't be healed so I tried putting in virus vault. After a few minutes, it creates another copy. . I tried manually deleting the virus. The name is "FS6519.dll.vbs". The virus is hidden so you need set the options to display hidden files. The file is located in C:\ and C:\Windows\. If you have other partitions, it also located at D:\ or E:\ or even flashdisks drive. If anyone can help me remove this virus, I would really appreciate it

//Mod edit: Moved from Windows XP home forum to the more appropriate.//

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/topic34773.html
--------------------------------------------------------------------------------

Getting into Windows Safe Mode
http://www.computerhope.com/issues/chsafe.htm
(pre-Vista OS's)

This appears to be a variant of one of the many flash drives infections which are around these days

You could try Flash_Disinfector.exe
prior to buddy's instructions

This is lethal in these days. What do you have as far as firewall is concerned?

You might want to read through the below articles

Simple and easy ways to keep your computer safe
The Ten Most Dangerous Things Users Do Online
Seven ways to keep your search history private
How did I get infected?, With steps so it does not happen again!
Secure Your Home Computer - A guide for online users

I tried installing Super Antispyware but there were some errors regarding some PSAPI.DLL being unable to locate the file. So I restarted and tried it in Safe Mode. Still the same problem.

Also my IE is no longer working so I can't try the online scanning. I tried installing the IE again but it is still not working.

I tried the Flash Disinfector, the wierd part is after I press ok and my USB Flash disk was already connected, the icons in the desktop disappeared.

I found some interesting information about the virus but I think it is written in Spanish.VBS/Unknown Information

Thanks for the help guys. . Although the errors are still there, hopefully this new information will make a step closer to solving this problem.

Were you able to do the online scan with Bit Defender? Have you tried to rollback to IE6? Do you have another browser installed? What was the exact message concerning PSAPI.DLL?

--------------------------------------------------------------------------------


Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/topic34773.html
--------------------------------------------------------------------------------

Yes, posting a HijackThis log at this point is the best way to go and the sooner the better. These infections are new and changing rapidly so automatic removers like antivirus have a hard time keeping up. HJT will help find what needs to be removed manually.

Try those pre-cleaning steps in the Prep guide that buddy215 has linked you to, but if you can't use Internet Explorer you won't be able to run Bit Defender or the other online scanners with the exception of Housecall--choose the Java kernal for that one if you are using another browser. If you have any problems doing any of the pre-cleaning steps, just skip them and post what happened in the logs forum. Please don't post your log in this topic.

And in hindsight, never open attachments you aren't expecting, even if it appears to be from someone you know. Someone else that has both you and your friend in their address book is infected and the malware just put a random name from that address book in the from field of the email it sent out--very common.