coolbuster2007 1 Report post · CID: 11107140835 · Posted July 28, 2008 this annoying virus has infected my friend's pc. she has tried to combat it with avg free, nod32 and hijackthis to no avail. it has a "restore" component. does anyone know how to effectively remove sowar.vbs? Share this post Link to post Share on other sites
dlewis23 2 Report post · CID: 680090232530 · Posted July 28, 2008 re install windows... Its the most effective way to get rid of a virus. Share this post Link to post Share on other sites
mudmanc4 705 Report post · CID: 90133230346 · Posted July 28, 2008 Here's a bit I found last week , this virus is running rapid. When first run VBS/Autorun-FM copies itself to: RootCool USEP Scandal.vbs Rootsowar.vbs WindowsSysRes.vbs and creates the following files: RootAutorun.inf Windows%ORIGFILENAME% Whenever a removable drive is inserted, the following files are copied over: Autorun.inf Cool USEP Scandal.vbs The following registry entry is created to run SysRes.vbs on startup: HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun System Restore wscript.exe "WindowsSysRes.vbs" VBS/Autorun-FM changes settings for Microsoft Internet Explorer by modifying values under: HKCUSoftwareMicrosoftInternet ExplorerMainStart Page EDIT: oops forgot to get the rest to you Go to Start > Run and type: cmd press Ok. At the command prompt, type in your primay drive location, usually C: You may need to change the directory. If so type: cd Hit Enter. Type: attrib -s -h -r -a autorun.inf Hit Enter. Type: dir Hit Enter. This will allow you to see and confirm the Autorun files. Type: del autorun.inf Hit Enter. Repeat the above commands for each drive on your computer including your flash/usb drive. Now search for and remove sowar.vbs, SysRes.vbs, Cool USEP Scandal.vbs At the command prompt, type in your primay drive location, usually C: Hit Enter. Type: attrib sowar.vbs.* -s -h -r -a Hit Enter. Type: dir /s sowar.vbs Hit Enter. If the file is present, type: del sowar.vbs Hit Enter. Repeat the above commands for each drive on your computer including your flash/usb drive. Then repeat these instructions to search for and delete SysRes.vbs, Cool USEP Scandal.vbs on each drive if present. Exit the command prompt and reboot normally. DISABLE AUTORUN !!!!!!!!! Share this post Link to post Share on other sites
coolbuster2007 1 Report post · CID: 11107140835 · Posted July 29, 2008 thank you. am gonna apply that when I visit her tonight Share this post Link to post Share on other sites
