Sure fire way to kill Dipak Bhattrai Virus/Worm from your machine

Posted by admin on May 5th, 2008 filed in Virus-AntiVirus

This virus mostly affects internet explorer and believe me its very very annoying to see some freak of nature’s name on your internet explorer title window. So here is the fix,

The problem is due to a file called WScript.exe which is a program that runs in the background silently modifying the title of the IE window everytime you open it. It checks for the title of the program that is currently running and if its Internet Explorer then it adds the name “Dipak Bhattrai” to the the title before displaying it.

  1. Task Manager – Process – Kill Wscript.exe if it is running
  2. Double click My computer. Click on Tools Menu -> Folder options -> View
  3. If you are unable to view to do step 2. Then its due to another virus and here is the fix for that.
    • If you donot get the Show All Options ( maybe a because of this or another virus) follow the following step:
      Start -> Run -> Regedit (You must have admin rights to execute this command )
      HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Explorer -> Advanced -> Folder -> Hidden -> SHOWALL

      Here check the registry value named ‘CheckedValue’ (REG_DWORD) here right click on it and select ‘Modify’ then set value to 1 and click ‘ok’. Close Registry Editor and check the Folder Option to verify this solution. If it is not there create it.

  4. Now Navigate to C:\Windows\System32\. Look for the file named VirusGuard.vbs ( This is the Culprit )
  5. Delete the file VirusGuard.vbs (Not just sending it to the recycle bin. Shift + Delete)
  6. Use HighJackThis to locate the registry entries and fix it ( Remove Invalid entires to IE )
  7. Highjackthis can be downloaded here
  8. Reboot your system
  9. some process will try to run VirusGuard.vbs script and gives you a error message
  10. Start IE and just confirm it has removed the bloody name “Dipak bhattarai”
  11. You might see a hyphen on ur IE. Fix it back to normal (“Windows Internet Explorer”) by using TrueSword.exe

If you want to know the email address of the guy who wrote this script in the first place leave your email in the comment. I promise that I’ll reply back to you with his email address.

Thanks to Harsh and Rama for the fix.


7 Responses to “Sure fire way to kill Dipak Bhattrai Virus/Worm from your machine”

  1. Ranjan Says:
    June 10th, 2008 at 11:18 pm

    Dear Admin,
    Thanks a million for the fix.
    Recently i had AVG 8 Antivirus installed on my computer and it found out that virus and moved it to its virus vault..and since then i was getting one error message as i logged on to my computer….
    After i read your blog i used “Hijack This”..and found out which process was running this .exe
    By the way u hadn’t mentioned that which registry keys to be fixed after the “Hijack This” program scans the computer..i think i have found this out..let me know if i did ok..i fixed 2 entries which had 2 suspicious things in it..1 had “Dipak Bhattarai” and another was running an .exe named Wscript.exe…. i fixed these 2 and it immediately solved the problem…now no process is trying to run this program at startup as well…
    So far the things seem to be pretty ok…
    I thought i should share this with you.
    Kindly suggest if its OK
    Although the worm wasn’t giving me any problems as such…as i am using Mozilla Firefox for browsing…but still i felt bad that this freak’s name appeared on my IE…Everything OK now
    Thanks again
    Regards

  2. Ranjan Says:
    June 10th, 2008 at 11:24 pm

    Kindly let me know if i can start a new post here about another virus..Surabaya Virus

  3. admin Says:
    June 11th, 2008 at 5:44 am

    Hey Rajan,

    Thank you for the reply. I’m still in the process of setting up the techie-gyaaan and hence not accepting user registrations. Please feel free to shoot me an email at admin@gyaaan.com. I’ll put in the fix to Surabaya virus and ofcourse credit it to you.

    Sorry about this.

    -Admin

  4. amber Says:
    October 7th, 2008 at 10:59 am

    frist i removed deepak bhattaria by steps told by you. now i am not able to remove deepak bhattaria again as start>run> regedit is not opening. help me out

  5. admin Says:
    October 9th, 2008 at 11:16 pm

    can you try start -> run -> c:\windows\system32\regedt32.exe

    See if you are able to open regedit that way.

    - Admin

  6. Jack Says:
    January 26th, 2009 at 5:05 pm

    Thanks for your gyaan on removing this F***ing dipak bhattarai virus. It’s so annoying. Waz the email id of that idot?

  7. SAMEER Says:
    February 25th, 2009 at 12:14 pm

    Did the above mention procedure but it is not working……the bloody name still appears……..

Leave a Comment