Here's a step-by-step guide to remove one of the most annoying virus ever - Long Live Sowar (sowar.vbs) Virus.
What sowar.vbs does. When first run VBS/Autorun-FM copies itself to:
Root\Cool USEP Scandal.vbs
Root\sowar.vbs
Windows\SysRes.vbs
and creates the following files:
Root\Autorun.inf
Windows\%ORIGFILENAME%
Whenever a removable drive is inserted, the following files are copied over:
Autorun.inf Cool USEP Scandal.vbs
The following registry entry is created to run SysRes.vbs on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System Restore wscript.exe "Windows\SysRes.vbs"
VBS/Autorun-FM changes settings for Microsoft Internet Explorer by modifying values under:
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
How to Remove sowar.vbs (Long Live Sowar) Virus
1. Go to Start, Run and type: cmd press Ok.
2. At the command prompt, type in your primary drive location, usually C:
3. You may need to change the directory. If so type: cd \ hit Enter.
4. Type: attrib -s -h -r -a autorun.inf hit Enter.
5. Type: dir and hit Enter. This will allow you to see and confirm the Autorun files.
6. Type: del autorun.inf hit Enter. Repeat the above commands for each drive on your computer including your flash/usb drive.
7. Now search for and remove sowar.vbs, SysRes.vbs, Cool USEP Scandal.vbs
* At the command prompt, type in your primay drive location, usually C: hit Enter.
* Type: attrib sowar.vbs.* -s -h -r -a hit Enter.
* Type: dir /s sowar.vbs Hit Enter.
8. If the file is present, type: del sowar.vbs hit Enter.
* Repeat the above commands for each drive on your computer including your flash/usb drive.
* Then repeat these instructions to search for and delete SysRes.vbs, Cool USEP Scandal.vbs on each drive if present.
9. Exit the command prompt and reboot normally.
10. Disable autorun.
Note:
please don't forget that there are spaces in between
attrib[space]-s[space]-h[space]-r[space]-a[space]autorun.inf
the file should be found now. also, turn off system restore.
No comments:
Post a Comment