VBS/dlRB - System reboot Virus source code

When this file is ran it will create a registry entry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\. This script will then write a script file to C:\%systemroot%\system32\ called dlRB.vbs. This file (dlRB.vbs) will reboot the computer when ran and yup you guessed it...because of the registry entry this 'reboot' file runs each time the target tries to log into Windows. After the script is done it will force a system reboot.

Classification: This Virus is NON destructive.

Method of uninfection: Boot to alternative OS, most likely you will use a DOS boot disk (make sure to add the program NTFSDOS.exe so you can mount your NTFS drives then just delete the c:\%systemroot%\system32\dlRB.vbs file. Reboot as normal. Once logged into Windows remove the registry entry. If the machine happens to have a Telnet or SSH server running you can still log in using one of those services and manually delete the file.

Click here to go back.