Remove Worm: VBS/Jenxcus (Virus Removal Guide)

Worm: VBS/Jenxcus is a very nasty worm because upon infects your computer gives access to cybercriminals, drops malicious files on your hard drive and deletes every folder (or file) that you access and leaves back their shortcut.  Worm: VBS/Jenxcus spreads itself via removable drives or over the network and after infection compromise the computer security by making system modifications in infected computer’s registry and system files. For all these reasons it is difficult to remove VBS/Jenxcus  worm by using common removal methods (e.g. by using your antivirus of antimalware program).

VBS/Jenxcus worm belongs to the Jenxcus family of polymorphic viruses that can infect critical files on your computer, give access to hackers to control your pc and steals your personal information. Some variants of Jenxcus family also makes your files hidden during infection and drop’s  malicious files as shortcuts (with the extension *.lnk) in every folder you access. (e.g. chipset.lnk, document.lnk, etc.)  it self as a when you are try to access them and put Typically the virus comes from an infected removable drive, after visiting a compromised webpage or when accessing a malicious email.

VBS/Jenxcus Variants:

Worm: VBS/Jenxcus
Worm: VBS/Jenxcus.!lnk
Worm: VBS/Jenxcus.K
Worm: VBS/Jenxcus.C
VBS.Worm.12

VBS/Jenxcus Removal procedure:

– Remove VBS/Jenxcus virus infection (all its variants) by following the detailed instructions given below.

– After disinfection, disable the Autorun feature and then scan all removable drives with your antivirus program (Pen drive, memory card, portable hard disk, USB storage device, etc.).

– If your files becomes hidden during VBS/Jenxcus infection,then you have to unhide them. To do that:

1. Press Windows + R, and type “cmd“. Press “OK”.
2. Go to the folders or Files that you want to unhide.
{e.g. If you want to unhide all folders & files on your removable disk drive that has the drive letter "X", type: X: at command prompt & press Enter. }
3. Now type this command: attrib -s -h -r /S /D
4. Then press Enter and wait for the command to execute.
5. Open the folders or Files and you should see the files that were unhidden.

– To recover your missed (deleted) files AFTER ‘VBS/Jenxcus.!lnk’ VIRUS REMOVAL use this guide: How to easily restore your deleted or modified files using Shadow Copies

How to remove VBS/Jenxcus from your computer.

Step 1. Download Dr.Web® Antivirus LiveCD.

1. From another clean computer, download Dr.Web® LiveCD . *

* Read the License Agreement and then press “Agree” to start the download.

2. When the download operation is completed, right-click on “drweb-livecd-xxxx.iso” file and select “Burn disc image”. *

* You can also use the “ ImgBurn” free application to burn disc images to an optical disc.
For detailed instructions on how to do that see this article: How to create or burn ISO images and write your files into a CD / DVD / HD DVD / Blu-ray disc’s.

Step 2. Remove ‘Worm: VBS/Jenxcus’ by using ‘Dr.Web® LiveCD’.

To disinfect your computer from Jenxcus virus, boot the infected computer with Dr.Web® LiveCD. To do that:

1. First, make sure that your DVD/CDROM Drive is selected as first boot device in BIOS (CMOS) Setup. To do that:

1. Power On your computer and press "DEL" or "F1" or "F2" or "F10" to enter BIOS (CMOS) setup utility.
   (The way to enter into BIOS Settings depends on the computer manufacturer).
2. Inside BIOS menu, find the "Boot Order" setting.
   (This setting is commonly found inside "Advanced BIOS Features" menu).
3. At “Boot Order” setting, set the CD-ROM drive as first boot device.
4. Save and exit from BIOS settings.

2. Put Dr.Web® LiveCD on the infected computer's CD/DVD drive in order to boot from it.

3. At the Welcome screen, choose your language (with the arrow keys) and press “Enter”.

4. When Dr.Web for Linux starts, press the “Switch to” button next to Scanner .

5. Under Scan Modes, press “Full Scan”

6. At the next window, press the “Begin the scan" button to start scanning your system for viruses.

7.  Wait until “Dr. Web” antivirus finishes scanning your system for viruses.

8.  When the scan is completed, select all infected executable (*.exe) files and click at “Cure” option. *

* To select multiple files, hold down the “CTRL” key on your keyboard while selecting the infected files.

9, When you “cure” all files, close Dr.Web scanner window and “Shut Down” your computer.

10. Continue to the next step.

Step 3: Start your computer in “Safe Mode with Networking”.

1. Power on your computer and remove “Dr. Web’s LiveCD” disk from your CD/DVD drive.

2. Then, as your computer is booting up, press the "F8" key before the appearance of the Windows logo.

3. When the "Windows Advanced Boot Options Menu" appears on your screen, use your keyboard arrows keys to highlight the “Safe Mode with Networking” option and then press "ENTER".

Windows 8 & 8.1 users:

1. Leave your computer to boot in Windows normally.
2. When Windows are loaded, press “Windows”   + “R” keys to load the Run dialog box.
3. Type “msconfig” and press Enter.
4. Click the Boot tab and check “Safe Boot” & “Network”.
5. Click “OK” and restart your computer.

Note: In order to boot Windows in “Normal Mode” again, you have to uncheck the “Safe Boot” setting by using the same procedure.

Step 4. Stop and delete malicious running processes with RogueKiller.

RogueKiller is an anti-malware program designed to detect, stop & remove generic malwares and some advanced threats such as rootkits, rogues, worms, etc.

1. Download and save "RogueKiller" utility on your computer'* (e.g. your Desktop)

Notice*: Download version x86 or X64 according to your operating system's version. To find your operating system's version, "Right Click" on your computer icon, choose "Properties" and look at "System Type" section.

2. Double Click to run RogueKiller.

3. Wait until the pre-scan is completed and then read and “Accept” the license terms.

4. Press the “Scan” button to scan your computer for malicious threats and malicious startup entries.

5. Finally, when the full scan is completed, navigate to "Registry" tab,  select all malicious items found & press the "Delete" button to remove them.

6. Close “RogueKiller” and continue to the next step.

Step 5: Remove all adware infections with “AdwCleaner”.

1. Download and save “AdwCleaner” utility to your desktop.

2. Close all open programs and Double Click to open ”AdwCleaner” from your desktop.

3. After accepting the “License Agreement”, press the “Scan” button.

4. When the scan is completed, press “Clean” to remove all the unwanted malicious entries.

4. Press “OK” at “AdwCleaner – Information” and press “OK” again to restart your computer.

5. When your computer restarts, close "AdwCleaner" information (readme) window and continue to the next step.

Step 6. Remove VBS/Jenxcus infection with Malwarebytes Anti-Malware Free.

Download and install one of the most reliable FREE anti malware programs today to clean your computer from remaining malicious threats. If you want to stay constantly protected from malware threats, existing and future ones, we recommend that you install Malwarebytes Anti-Malware Premium:

Malwarebytes™ Protection
Removes Spyware, Adware & Malware.
Start Your Free Download Now!

Quick download & Installation instructions:

• After you click the above link, press at the “Start My Free 14-Trial” option to start your download.

• To install the FREE version of this amazing product, uncheck the “Enable free Trial of Malwarebytes Anti-Malware Premium” option at the last installation screen.

Scan & Clean your computer with Malwarebytes Anti-Malware.

1. Run "Malwarebytes Anti-Malware" and allow the program to update to its latest version and malicious database if needed.

2. When the update process is completed, press the “Scan Now” button to start scanning your system for malware and unwanted programs.

3. Now wait until Malwarebytes Anti-Malware finishes scanning your computer for malware.

4. When the scan has completed, first press the “Quarantine All” button to remove all threats found.

5. Wait until Malwarebytes Anti-Malware removes all infections from your system and then restart your computer (if required from the program) to completely remove all active threats.

6. After the system restarts, run Malwarebytes' Anti-Malware again to verify that no other threats remain in your system.

Step 7. Perform a full scan with your antivirus program.

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free:

• Author
• Recent Posts

Konstantinos Tsoukalas

Konstantinos is the founder and administrator of Wintips.org. Since 1995 he works and provides IT support as a computer and network expert to individuals and large companies. He is specialized in solving problems related to Windows or other Microsoft products (Windows Server, Office, Microsoft 365, etc.).

Latest posts by Konstantinos Tsoukalas (see all)

• How to Disable Device Encryption in Windows 11. - April 17, 2024
• How to View Permissions on Shared Folders on Windows 10/11. - April 15, 2024
• FIX 0x80070643 error in KB5034441 update (Solved) - April 10, 2024