Simon & Jun life journey

Xiao.vbs Virus

Recently there is a lot of china spyware/trojan/virus spreading around the net causing a lot of the havoc on certain company in Malaysia as this virus cause the network and system slow. If the pc have infected with “xiao.vbs” virus the existing antivirus will not be able to enabled due to the virus have a running process hidden in memory that even process explorer or task manager not able to be seen.

Xiao.vbs as known as VBS/Autorun-DR by Sophos, VBS_AUTORUN.AYZ by Trend Micro. To remove this virus you need to use the following tools:-

1) Hijackthis
2) Unlocker
3) System Repair Engineer

First run the hijackthis and look for any lines that have the word “xiao.vbs”. Select the box and click “Fix” to remove the entry on the registry, then run “regedit” and search for “xiao.vbs”. Delete all the “xiao.vbs” found on the registry make sure to search through entirely.

After finish cleaning the registry, now you need to locate the “xiao.vbs” and “autorun.inf” file on the entire hard disk by using search tools and delete all the files. After you have delete the virus file, you will have another problem that the virus will disable all the antivirus protection. To remove the hidden processes in the memory, you need to use the System Repair Engineer to remove those hidden processes.

Click on the “Boot item” to scan the memory, it will displayed those infected file in Red color then you select those entry and click delete to remove the running process. You might need to run few times to clearly remove all the processes. After you have successfully removed the process you need to reboot the pc and the existing antivirus will be able to enabled back.

Thanks to Lun as he is the one who manage to find out the solutions for months.