Tuesday, April 14, 2009

How to remove TAGA LIPA ARE! Virus

Before we start removing this virus. First thing is to get familiar with the virus itself. The “virus” file is FS6519.dll.vbs. It’s a VB Script that does nothing except make a copy of itself in all your drives including removable drives such as USB Flash drives and change the title of Internet Explorer to “TAGA LIPA ARE!”.

Here are the directions on how to remove the TAGA LIPA ARE! virus.

First, configure your folders to show system, OS and hidden files and file extensions.

  1. Double-Click My Computer; on the menu bar click Tools -> Folder Options. Then Click the View Tab. Then Search and Select Show hidden files and folders and lastly, uncheck Hide protected operating system files (recommended). It will popup a message and just click “yes” and “Apply”. (see How to Open Show Hidden Files and Folders)
  2. WARNING! Please pay attention to this, DO NOT DELETE OTHER FILES aside from the ones listed below.
  3. Open Drive C:/ look for the name FS6519.dll.vbs and Remove/Delete FS6519.dll.vbs (I would suggest using the Shift + Del here.).
  4. After you delete the FS6519.dll.vbs virus on Drive C: go to Windows Folder and search the entire directory again and delete the mentioned virus that appears on the directory. Check also System32 folder and search the whole directory if you see it then remove it.
  5. If you have other partitions like Drive D: look the name of that virus and delete in from your drive.

After deleting on the windows folder lets go to registry.

  1. Click Start à click RUN then type regedit.
  2. Remove the registry entry:HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Run/FS6519.dll
  3. Then Remove all copies of the file FS6519.dll.vbs and autorun.ini from all your drives. Again, I suggest using Shift + Del here.
  4. To restore the name of IE to Internet Explorer, change the value of HKEY_CURRENT_USER/Software/Microsoft/InternetExplorer/Main/Window Title from “TAGA LIPA ARE!” to “Internet Explorer” by double clicking the registry entry. And that’s it; the “virus” is gone.

IMPORTANT: The article that I wrote is based on my personal experience dealing with this virus. The procedure that I’ve given is worked for me and other computers that I repaired that have been infected by this virus. I could not give a 100% guarantee if the process that I given will work for you especially if you have other viruses in your PCs. But still, Hope you can make it.