How to remove Photo03.scr virus

This virus has spread on our network very rapidly. Even our network security system was not able to stop Photo03.scr virus from reaching all stations and servers. Our servers identify the virus as Win32:Malware-gen, but all other computers wan not able to identify it.

After checking logs on the server, we found out that Photo03.scr originated from one spam email opened by a single workstation. Since we are on a network environment, Photo03.scr virus spreads so fast. We also noticed that it created files in random names such as the following:

C:\Users\[username]\AppData\Local\Temp\khwdcestbl.vbs
C:\Users\[username]\AppData\Local\Temp\sgmphmirfi..vbs
C:\Users\[username]\AppData\Local\Temp\theeiutwwu.vbs
C:\Users\[username]\AppData\Local\Temp\ucjwehecuv.vbs
C:\Users\[username]\AppData\Local\Temp\vxamsrzajp.vbs
C:\Users\[username]\AppData\Local\Temp\wmswigrjrx.vbs
C:\Users\[username]\AppData\Local\Temp\wxiiwhkzlo..vbs

A bunch of .LNK files are also placed on the desktop and root of every drives, including removable ones. As of now, we have disconnected all the computers on the server to avoid any further damage. All our vital files are on this server so we have to secure it.

I need quick solution to this issue, so if you can give me recommendation to remove Photo03.scr virus as soon as possible, I will be very thankful.

2 Responses

  1. Dan Petrovic says:

    Photo03.scr is a dangerous Trojan horse infection which needs to be removed as soon as possible. Follow below mentioned steps in order to remove this virus manually:

    • Boot your system into “Safe mode with Networking”
    • Stop files, processes and registry codes of Photo03.scr virus.
    • Install some strong antivirus software such as Immunet Antivirus, Norton Antivirus, Malwarebytes, Spyhunter, Comodo etc (anyone of them) in your system.
    • Now perform complete system scan and quarantine detected threats.

  2. Hellen says:

    Thanks Dan. This Photo.scr virus attacked my computer. Although, I see a different filen ame. I have this Photo08.scr on my computer. I think the virus is using random file name in the said pattern.

    Scanning the computer while in Safe Mode is a different thing. When I scan the PC in normal boot-up of Windows, my antivirus program did not detect the virus. Running a scan in Safe Mode deletes almost dozens of infection.