While running AVG anti-virus w/firewall i am getting a virus notice: FS6519.dll.vbs in C:\Windows\ . The anti-virus program can not heal . Any suggestions om what to do next ?


Thanks for Input
How to Identify:

1. C: Drive will go on with autoplay on Right-Click
2. Your IE title bar will bear the following msg "TAGA LIPA ARE!"

It will have the entries on the following:

1. Autorun's ini FILES
2. IE
3. Windows Registry
4. MSConfig

All the peripherals which have autorun facility will be infected by this.

Go on with the following proceedure:

Goto My Computer =>Tools => Folder Options=> View Tab

Select: Show hidden Files and Folders

Uncheck: HIDE Extensions for known file type and Hide Protected operating system

Click Yes Then OK.

You will see an autorun.inf and FS6519.dll.vbs in all your harddrives. Delete ALL of them.

If it says that something is using the program. Press Ctrl+Alt+Del and go to processes, end ALL wscript.exe

Open MSConfig and under startup, uncheck the trojan’s startup entry, [FS6519].

Click Start > Run and then type regedit

delete [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\FS6519] key, and modify [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,”TAGA LIPA ARE!”] key to REMOVE the nuisance in IExplorer.

OR go to Edit -> Find and type FS6519.dll.vbs.

Edit the found registry by selecting the name, ryt click and modify, remove the last two strings which is wscript.exe and FS6519.dll.vbs and click OK.

If finished, press F3 and it will search again for another, just do the same thing until nothing is found in your registry.

If you are done with the FS6519.dll.vbs, its time for the TAGA LIPA ARE! be edited in your IE, type the string on the search again then it will show up the IE title … modify then type anything you like or better delete it.

Have a Nice FREE Virus Trojan Day!!!


Let's try a less confusing approach...

1. Update AVG and scan with it in Safe Mode. Let it fix what it wants.
2. Restart and scan with Kaspersky Online and post back with the results.
3. Post a HijackThis log.

We'll take it from there.