> VilmaTech Blog > HEUR:Worm.Script.Generic, Technical Analysis and Effective Solution

HEUR:Worm.Script.Generic, Technical Analysis and Effective Solution

HEUR:Worm.Script.Generic Tech Analysis

HEUR:Worm.Script.Generic is a computer virus, thus it possesses the common characteristics shared among all kind of virus. Yet, HEUR:Worm.Script.Generic is specifically classified as a network worm with the capability of dialing up and spreading itself by network shares as well a address message contained in a file to finally destroy important data. As a network worm, HEUR:Worm.Script.Generic is programmed with Java, ActiveX, VBScript and other relevant technologies so as to make sure that the heur worm manages to lurk within HTML, making its infiltration possible when the hosted page is visited. There’s a kind reminder that it is because of those programming technologies that many more variants can be generated easily, ensuring the searching by anti-virus programs run in circles without the ability to remove HEUR:Worm.Script.Generic successfully. It is believed that how HEUR:Worm.Script.Generic spreads and its consequences are the most basic concerns of victims as well as wide range of PC users. It is recommended to read the following paragraphs for detailed information and get effective solution at the end. Should you still be harassed by HEUR:Worm.Script.Generic, you are welcome to live chat with VilmaTech specialized professor for on-demand help.

live chat


Dissemination routine

The most common ways for HEUR:Worm.Script.Generic’s rapid propagation are exploiting vulnerability in Microsoft IIS server and that in DBS (Data Base System). Since individuals would not install IIS server or a huge DBS, HEUR:Worm.Script.Generic would not attack personal computers directly; instead, it spreads with other ways around. Through out history, worms take advantage of both program vulnerability and man-made vulnerability. Program vulnerability can be spotted when remote buffer overflows, browsers and Outlook automatically execute and firewall being attacked. Man-made vulnerability refers to carelessness when PC users surfing on the Internet.

VilmaTech Online Support has found out that sending away malicious emails is the major way for HEUR:Worm.Script.Generic to attack PC users. Sometimes, it doesn’t take your click on enclosure or attachment to wage destructive attack. To enterprises, what HEUR:Worm.Script.Generic aims are server and large applications.

HEUR:Worm.Script.Generic ranges nowadays, whose reason is attributed to the technology of injecting virulent code into JavaScript. Being uncomplicated, such technology has been imparted on some hacker web sites where offer the way to destroy procedure code, leading to a wide spreading malicious sites. In other word, it is easy to be attacked by HEUR:Worm.Script.Generic should carelessness is ever undertaken.

HEUR:Worm.Script.Generic Consequences

  1. Automatic update is disabled.
  2. HEUR:Worm.Script.Generic manages to work maliciously even when it is being quarantined by reputable security utility.
  3. DNS setting will be manipulating because of VBScript technology, leading to browser hijacking (e.g. redirecting problem.
  4. Root.exe will be generated by HEUR:Worm.Script.Generic in scripts folder under “web” category, which is utilized to execute commands remotely, resulting in unsolicited access from remote hacker.
  5. Financial loss can be anticipated due to the fact that JavaScript technology can be taken advantage to steal log-in credentials and identity information.
  6. The affected computer runs ridiculously and browser freezes a lot to crash.

There’s no doubt that HEUR:Worm.Script.Generic is a great threat to computer and information security. Effective solution is appealed in desperate need. Below is the most effective method so far to remove HEUR:Worm.Script.Generic. Follow the steps to help yourself. In the event that there are any unexpected issues emerging in the middle of the removal, it is advisable to get specialized technical help according to your concrete situation from VilmaTech Online Support.

live chat


Effective Way to Remove HEUR:Worm.Script.Generic

A – remove HEUR:Worm.Script.Generic in Safe Mode where some vicious operation can be blocked.

Windows 7/Vista/XP

  • Restart system from Start Menu.
    restart computer to remove HEUR:Worm.Script.Generic
  • As the computer is booting, keep tapping “F8 key”.
  • Use your arrow keys to highlight ‘Safe Mode’ when “Windows Advanced Options Menu” screen appears.
    enter safe mode to remove HEUR:Worm.Script.Generic
  • Press Enter key.

Windows 8

  • Restart system from Start Screen.
    restart win8 to remove HEUR:Worm.Script.Generic
  • As the computer is booting, hold the Shift key and keep tapping on F8 key.
    use shift+f8 to restart windows 8
  • Choose ‘See advanced repair options’ when a new screen pops up.
  • Select ‘Troubleshoot’ option then before ‘Advanced Options’.
    go to win8 advanced option to continue remove HEUR:Worm.Script.Generic
  • Next choose ‘Windows Startup Settings’ and hit ‘Restart’ on the lower right hand corner of the desktop.

B – unveil all hidden items to remove the ones generated by HEUR:Worm.Script.Generic.

Windows 7/XP/Vista

  • Go to ‘Control Panel’ from Start Menu for “user accounts and family safety”.
  • Access ‘Folder Options’ and go to its View tab.
    show hidden files to remove items generated by HEUR:Worm.Script.Generic
  • Tick ‘Show hidden files and folders’ and non-tick ‘Hide protected operating system files (Recommended)’.
  • Click ‘OK’ button to show hidden files and folders.

Windows 8

  • Access Windows Explorer window from Start screen.
  • Navigate to its View tab and check the box next to ‘File name extensions’ and ‘Hidden items’ options.
  • Click ‘OK’ button to show hidden files and folders.
    show hidden files to remove items generated by HEUR:Worm.Script.Generic on win8

Files and Folders to delete:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XAH0SPUQ\js[1].js
%WINDIR%\SYSTEM32\[random numbers and letters].dll
%TEMP%\[messy code]temp_0\[random letters]setup.exe

C – sweep away browser cache.

Internet Explorer

  • Hit on the tools icon in gear form and hover the mouse over Safety option to select “Delete browsing history” option in the drop-down list.
  • On the pop-up window, tick the box next to Cookies and confirm by pressing on “Delete” button.
    clear IE cache to remove HEUR:Worm.Script.Generic


  • Unfold ‘Customize and control’ menu for Tools option.
  • Select “Clear Browsing Data” option.
  • Tick the box next to “Delete cookies …” and confirm the change by pressing on “Clear browsing data”.
    clear chrome cache to remove HEUR:Worm.Script.Generic


  • Spread Tools menu for “Cookie Manager”.
  • Choose Manage Stored Cookies and remove the vicious cookies or all of them.
    clear chrome cache to remove HEUR:Worm.Script.Generic


  • Open up Opera and make it as the current browser.
  • Press and hold Alt+P key at once to initiate a new tab to modify.
  • Browse to Privacy and Safety on the left pane to locate “Cookie” which is on the right pane.
  • Click on “all cookies and website data” button there to remove all cookies as recommended.


HEUR:Worm.Script.Generic’s Evil Deeds

  1. HEUR:Worm.Script.Generic discharges its copies on portable device with the names that are detected to be used on the infected computer; usually the type of files covers avi, bmp, doc, gif, txt, exe and so on.
  2. The computer worm conceals the files of the above listed types, which confuses the infected computer and makes the machine to run those counterfeit files.
  3. HEUR:Worm.Script.Generic implants autorun.inf in any connected external device to guarantee automatic running.
  4. HEUR:Worm.Script.Generic connects designated web sites to download additional malicious items.
  5. HEUR:Worm.Script.Generic connects designated server to communicate with remote hacker, which would finally result in unauthorized access and direct control.
  6. HEUR:Worm.Script.Generic utilizes shortcut vulnerability to automatically run virulent items whose extension can be .lnk and.dll.


HEUR:Worm.Script.Generic Requires Manual Removal

Removing the items generated by HEUR:Worm.Script.Generic from the infected system is necessary since it places its vicious codes and download additional virulent items onto the system. However, this will not stop HEUR:Worm.Script.Generic from returning simply because some modifications have been made on browser settings and this cannot be automatically rectified by even the smartest security utility.

What’s more, all security utilities are programmed to detect and remove a virus according to recorded vicious attribute code. Other incidental items will then be able to escape automatic removal. Thus manual removal plays an important pat in completely removing HEUR:Worm.Script.Generic.

HEUR:Worm.Script.Generic Needs Complete Removal

Complete removal is required when removing HEUR:Worm.Script.Generic. Any remnants can contribute a vulnerable machine to be susceptible to aggressive infections. Besides, some innocuous files associated with the heur worm have been found to be written with data and information, which would be likely to give rise to incompatibility and conflict in the future.

It should be advised that the above steps are made to remove HEUR:Worm.Script.Generic exclusively rather than other incidental items/ infections or issues such as browser crash, error message, sluggish PC performance, etc.. If you would like to retrieve a perfectly running machine but you have no idea on how to achieve, please do feel free to contact security adviser from VilmaTech Online Support and get one-to-one help just in time.

live chat

Comments are closed.

Latest Posts