# Removing Taga Lipa Are & Hacked By Godzilla Manually by Leerz #

Revised 05/17/07
[*] Quick Steps [ OverView ]
-> Plug all infected medias
-> Close all Wscript.exe instances from the Task manager
-> Set Files and Folders Settings to
> "Show Hidden Files and Folders"
> (uncheck/untick) "Hide File Extensions for Known File Types"
-> Delete
>"FS6519.dll.vbs" or
>"MS32DLL.dll.vbs" or
>"maskrider2001.vbs"
> "XXXXWORMNAMEDLL.VBS"
^ Common mask name Format
>"autorun.inf"
> from [each] drive root and "root\Windows\" folders
-> Delete
> "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Run\FS6519"
> "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Run\ms32dll"
> "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Run\maskrider"
> "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Run\XXXXWORMNAME"
^ Taken From XXXXWORMNAMEDLL.VBS / It's
Common Mask name Format
> from the Registry
-> Delete or change to blank\nothing
> "HKEY_CURRENT_USER\Software\Microsoft\Internet Explore
r\Main\Window Title"
> from the Registry
-> Restart and Done!
[*] Steps [ Details ]
-> Plug "ALL" infected medias such as your :
- USB/Flashdrive/disk
- mp3, mp4, Cellphones
- anything that is recognized as 'Removable Media'
- Mass Storage Devices and
- anything that can be accessed and Written localy
-> Open Task Manager 'ctrl + alt + del'
- Make sure you're in the Process list[WinNT Processes]
-> End & close all instances of "Wscript.exe" from the Process l
ist
-> Open Folder Options, click on the 'Views' tab
> Enable 'Show hidden files and folders' and
> Uncheck ' Hide protected operating system files'
-Control Panel >> Folder Options or
-Windows Explorer >> Tools >> Folder options
-> Delete "FS6519.dll.vbs" or "MS32DLL.dll.vbs" or "maskrider200
1.vbs" and autorun.inf
> from [each] drive root and "root\Windows\" folders
> check all Drives, C:\, D:\, E:\

-> Delete the "FS6519" with the value "C:\WINDOWS\FS6519.dll.vbs

" from
> "HKLM\software\Microsoft\Windows\CurrentVersion\Run\"
OR
-> Delete the "ms32dll" with the value "C:\WINDOWS\ms32dll.dll.v
bs" from
> "HKLM\software\Microsoft\Windows\CurrentVersion\Run\"
OR
-> Delete the "maskrider" with the value "C:\WINDOWS\maskrider20
01.vbs" from
> "HKLM\software\Microsoft\Windows\CurrentVersion\Run\"
-> Delete the "Window Title" subkey
> with the value
"TAGA LIPA ARE!"
"HACKED BY GODZILLA!"
"Taga Esti - Mabuhay Marunduque!!! "
from
> "HKEY_CURRENT_USER\Software\Microsoft\Internet Explore
r\Main\"
> or leave it blank
-> Restart and Done!

#ascii art ;)
[set font to terminal 9]

l
r
z

l
r
z

[para sa demonyita!]
[Viva las Filipinas!]