Solution for Sub7@chatx.net virus
Ever wondered why your harddrive or usb flashdisk opens up in a new window whenever you open it? Also, when you try to right click on the icon, you will notice the name "Sub7@chatx.net". Then you are infected with a virus. The virus mainly is a trojan that corrupts the autorun.inf of every disk drive.
Here are the steps to remove this sub7@chatx.net virus:
1.)Run Task Manager (Ctrl-Alt-Del or right click on Taskbar)
2.)Stop wscript.exe process if available by highlighting the process name and clicking End Process.
3.)Then terminate explorer.exe process.
4.)In Task Manager, click on File -> New Task (Run…).
5.)Type “cmd” (without quotes) into the Open text box and click OK.
6.)Type the following command one by one followed by hitting Enter key:
del c:\autorun.* /f /s /q /a
del d:\autorun.* /f /s /q /a
del e:\autorun.* /f /s /q /a
c, d, e each represents drive letters on Windows system. If there are more drives or partitions available, continue to command by altering to other drive letter. Note that you must also clean the autorun files from USB flash drive or portable hard disk as the external drive may also be infected.
7.)In Task Manager, click on File -> New Task (Run…).
8.)Type “regedit” (without quotes) into the Open text box and click OK.
9.)Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
10.)Check if the value name and value data for the key is correct (the value data of userint.exe include the path which may be different than C drive, which is also valid, note also the comma which is also needed):
“Userinit”=”C:\WINDOWS\system32\userinit.exe,”
If the value is incorrent, modify it to the valid value data.
Take note: Read and follow every step carefully as it can create conflicts within your Operating System. The Sub7 virus is really not harmful and was just created to annoy and promote the popularity of the creator.
waaa. i’ve heard of this virus. naa diay ni name? haha. We call it autorun virus. HAHAHAHA
)
Comment by steph — February 1, 2008 @ 12:07 pm
hi, i have the same problem regarding in autoron virus or sub7@chatx.net i remove this
virus using your command but it become worse after restarting my pc it always logging
off immediately after starting up about 5secs it will log off. please help how to back it to
normal i dont want to format the hardisk because there are so many very important files
there. can you help me?!!
sorry to my bad english
Comment by dawson — February 17, 2008 @ 2:28 am
tnx for posting this topic…I’ve successfully remove this virus in my notebook.
Comment by wowo — February 26, 2008 @ 1:53 am
very easy!
1).Download this file from my website and double click on it. Here is the link
http://autorunvirus.googlepages.com/Removesub7chatx.netVirus.vbs
OR
Copy below code.
Paste in notepad or Wordpad.
Save As yourname.VBS
Double click on it to run that script.
Dim ObjFileSys, VirusFileNames, Dimension
CONST FolderSystem32 = 1
VirusFileNames = Array(”autorun.inf”,”mma.bat”,”mma.rar”,”mma.reg”,”mma.vbs”)
Set ObjFileSys = CreateObject(”Scripting.FileSystemObject”)
Call DeleteRegistry()
Call CleanSystem32()
Call CleanAllDrives
Set ObjFileSys = Nothing
MsgBox “Done”
WScript.Quit
Sub CleanSystem32()
Dim SysFolder
Set SysFolder = ObjFileSys.GetSpecialFolder(FolderSystem32)
For Dimension = LBound(VirusFileNames) To UBound(VirusFileNames)
if ObjFileSys.FileExists(SysFolder.Path & VirusFileNames(Dimension)) Then DeleteThisFile SysFolder.Path & VirusFileNames(Dimension)
Next
Set SysFolder = Nothing
End Sub
Sub CleanAllDrives()
Dim Drive, Drives
Set Drives = ObjFileSys.Drives
For Each Drive in Drives
For Dimension = LBound(VirusFileNames) To UBound(VirusFileNames)
if ObjFileSys.FileExists(Drive.Path & VirusFileNames(Dimension)) Then DeleteThisFile Drive.Path & VirusFileNames(Dimension)
Next
Next
Set Drives = Nothing
End Sub
Function DeleteThisFile(FileName)
Dim File
Set File = ObjFileSys.GetFile(FileName)
File.attributes =0
File.Delete True
Set File = Nothing
End Function
Sub DeleteRegistry()
Dim WSHShell, SysFolder
Set SysFolder = ObjFileSys.GetSpecialFolder(FolderSystem32)
Set WSHShell = WScript.CreateObject(”WScript.Shell”)
WshShell.RegWrite “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit”, SysFolder.Path & “userinit.exe”
WScript.DisconnectObject WSHShell
Set WSHShell = Nothing
End Sub
2). Restart your system and right-click on your drives to verify that this virus has been removed.
3). If the Sub7@Chatx.net still remains after restart, try repeating the whole process again.
Comment by Vipul Patel — March 7, 2008 @ 6:43 am
im glad that Sub7@chatx.net virus is now controlled thanks to those who made the cure ..
Comment by Administrator — May 1, 2008 @ 12:38 am
wow, tga addu ka rin po pala? meh kakilala kc ako na ganito ang problem… galing ah. hehe, CS student po ako… incoming 2nd yr.
Comment by j-ni — May 24, 2008 @ 9:54 am
hi, I found the Sub7@chatx.net ONLY in my USB, does it mean the other drive ia clean?
i wanna follow ur steps to clear it, yet, i cant find the wscript.exe. so,
should i just skip the first 3 steps? Thx for your help in advance.
Comment by Flo — June 2, 2008 @ 3:06 am