How to remove Madforelmo malware
“Madforelmo!”, you can view this at windows taskbar when you are infected with samok.vbs malware. This is a variant of sowar.vbs where your task manager and folder options where disabled plus no more run command and registry editing is disabled.
You will be annoyed when this malware changed your “Open” command in the right click menu to “b-b2g” and “Explore” command to “Owned” when you right click a drive or folder.
Registry Entries:
- The newly created Registry Values are:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore]
- (Default) = “Owned!”
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open]
- (Default) = “b-b2g”
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- autoMe = “wscript.exe “%Windir%\samok.vbs”"
You can find the technical specifications of the virus here
How to Remove the malware manually:
1. Google and download the tools to enable the taskmanager (Download Here) and regedit (Download here) and Download combofix 2. Restart the computer in Safe Mode (press F8 before the Windows Startup Screen and Select Safe Mode)
3. Select the Administrator Account
4. Copy the tools that enable taskmanager and regedit to Desktop and double click to run
5. Copy combofix to desktop and double-click it to run program (follow the combofix instruction)
6. After the combofix had remove malware in your PC, kindly click to Tools>Folder Options
*If Folder Options is not found, run regedit in the RUN command or at the command prompt, changed the values of this keys from 1 to 0
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
- NoFolderOptions = 0
- NoRun = 0
7. Click View Tab>Click Show Hidden Files and Folders
8. Browse to C:\Windows\
9. Find the file samok.vbs and Delete the file
10. Run Regedit to Cleanup the Registry (to run Regedit click RUN Type Regedit or in the command prompt type Regedit
Change these Keys to return to defaul AM and PM
- [HKEY_CURRENT_USER\Control Panel\International]
- s1159 = “b-b2g” changed to “am”
- s2359 = “madforelmo” changed to “pm”
Please search this registry entries:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore]
- (Default) = “Owned!” -> Removed the value
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open]
- (Default) = “b-b2g” -> Removed the value
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- autoMe = “wscript.exe “%Windir%\samok.vbs”" -> Removed the entry
Restart Your Computer.
Popularity: 100% [?]
is this the right solution?
yes.. please leave more comments if you have problems
hi. thanks for posting this site. i tried this solution, but madforelmo is still in my computer. im not a very techie person. i’m a writer and i cannot work because the virus seems to disrupt lots of components in my system. please help. i would be grateful for your help. thank you so much.
Hi Janice, Thanks for visiting the site. Did you restart your computer in safe mode before running all the instruction? You can start in safe mode by pressing F8 before you can see the windows screen. And run all the programs and follow the instructions.
Hello, kindly guide me how to remove (not in safe mode) madforelmo malware. I have already downloaded the task manager and regedit downloads mentioned.
Thanks for your kind and immediate reply.
Apolordzky
Just follow the same instruction. It’s better that you do it in safe mode.
if you are not able to run your computer in safe mode, i can guide you in running the fix programs even if you’re not in safe mode. make sure you download both task manager and regedit downloads mentioned above… no need for the combofix… i rely on manually removing the virus.
my laptop got infected about 3 days ago and it really became annoying starting last night… AVG was able to detect and quarantine the virus samok.vbs, unfortunately, damage has been done to my laptop… exactly as described in this page. thank you so much for this easy to follow instructions… i now got back control of my laptop.
hey, i made that one and that was way too old. there’s no one infected with that right now.. and its not a variant of sowar.
why is it that some of you said that youre infected with this? i never released my vbs/samok.B
majority of AVs can detect it so no worries to those infected
really? it was you? i’m sorry for calling it an infection… my laptop is “bewitched” with samok again… i think the installer is somehow inside my usb drive. can you teach me how to remove it? you must be an excellent computer person (guy/girl?)! Do you do programs for small business operations?
there are people who are still infected with this. i myself am infected at the moment with this virus. its really a nuisance. still testing this solution to remove this virus.
wth d u b-b2g…..
Thanks it helped me fix the problem and saved me from the anger of my parents.. I know slightly understand about the registry and i am planning to make a non-dangerous virus like this to my enemy’s computer.. thanks
hi tech support! i was very happy when i found out that there is a way on removing that annoying problem instead of reformatting my pc..i followed the instructions but when im on the part that i runned the combo fix i got an error ” microsoft windows recovery console is not installed ” i tried searching on the web to have it installed but i found out that i can have it installed but i need the windows xp cd which i dont have..is there anyway that i can just download the microsoft windows recovery console needed by the combo fix? im not a techie guy so i really hoping for your assistance.. any help will be greatly appreciated.. thanks in advance!
Combofix will actually download the recovery console for you. just click yes to let it download the recovery console in microsoft site, simple and no hassle.
Just the best solution that I need. You save my files since I nearly format my PC. Thanks a lot.
your welcome. please register to the forum section of the site. If you have questions on IT related issues. cheers!
hi, i tried the steps but i only last until step 8. In step 9 there is no samok.vbs in my c:\windows, i think the creator or there are new other variants or maybe they create a new name for the scripts. hope it will be discovered asap cause elmo is really disturbing to see. thanks
did you click folder options in Tools menu at the file explorer window?
hi! i was able to remove samok.vbs from the autoMe “winscript.exe” but i didn’t find a “no folder” and “no run” from [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
as well as samok.vbs from C:\WINDOWS even when I already changed view settings to “show hidden files and folders.” I was able to change b-b2g and madforelmo back to am and pm, though. should all these be enough,dens? thank you! i am so glad to have found techpinoysupport.
hi rachelle, thank you for your comments here. Please check if b-b2g and madforelmo didn’t show up again when you restart your PC.
they’re gone all right. thank you so much! i’m definitely bookmarking this site.
thanks a lot for this!
)) more power! 
i followed the steps and in the part where it says that i need to download the windows recovery console, i clicked yes and it said that i need to have an active internet connection. and i do have an active internet connection that time.. please help.. tnx
you can continue to scan your pc without downloading windows recovery console, just click “No” then.. regedit and taskmanager link is the same, you can find in both sites the file to enable regedit and taskmanager, just click on the link of the site
seerrr… ask ko lang kung maka2apekto ba yung virus na2 sa mga ibang gadget like psp or cp..?
.uhmm… the link to the regedit and task manager restorer are that i need to download is the same. does the software cure both regedit and task manager?
thanks a lot. ^_^
Tenk yu po! Dahil dito, isa na namang mouse trap ang nalusutan ko.
Kudos!
PINOY!!!!!!
TAGALOG PO…..^o^
KELANGAN PABANG EMEMORIZE YAN…
salamat! salamat! napadali ang aking trabaho..
Con las indicaciones que estan en estos sitios pude exitosamente elimanr estas porquerias… espero le sirvan
last week ko napansin ang virus na to sa computer ko. and nagtry ako maghanap ng way pra matanggal sya,
wala po akong masyadong alam about computers and virus since lang nagamaintain ng computer namin.
bakit poh nung nagclick ako sa “taskmanager(download here) and sa regedit(download here)” naka blocked poh sya but when i clicked sa combofix nakadownload po ako, kya nagpatuloy pa rin ako sa steps kahit la ako nakapagdownload sa dalawa. pinagpatuloy ko sya kasi napansin ko gumana na yung taskmanager and run nung nagdownload ako ng combofix. pero nung after ng steps bakit poh hindi natanggal ang virus.
sana poh! madinig ko ang respond nyo! kasi hindi ko na tlaga alam ang gagawin ko sa virus nato!
thanks in advance.
Good day. I’m one of your fan that using this website. Can I ask a question? what if the “b-b2g” cannot cure at the early stage, what happened to the computer?
Thanks.
works perferctly!! just make sure you do the changes properly.
kailangan p b mag install window recovery console? pag gumamit ng combofix help po mga sir.
pwede na rin hindi..
baket iisa na napupuntahan na link yung “taskmanager(download here) at sa regedit(download here)”?? iisa ba talaga yun?
reply po pls. salamat
@julie anne yes mam, same lang yan.
its right.. tnx for helping me… ive deleted tne madforelmo malware.. ^_^, just fllow the instructions
tsip sinundan ko instructions, walang ako connection sa net, pero di pa rin nabago, andun p rin madforelmo, then nawala pa ung run button ko sa start menu,,,,,hehehe panu kaya to
Natanggal na po yung malware, pero hindi napapalitan yung b-b2g/madforelmo sa default AM/PM. Wala na po yung malware..
wow! This is the 100% Genuine solution! actually I already removed the this damn malware after scan different ani-spyware n AVG but when right click it was still on there than I found your solution while google than I succed to removed from registry edit.
Thank you Team. you are the best.
Kailangan ko pa po bang disable yung Malware-Bytes Anti-Malware bago ko gamitin yung Combofix? Nakaka-kaba talaga magtanggal ng malware eh. Parang lalala pa ang problem. I want Samok to be dead!
yes.. try to disable it..