Recommended Tests

this annoying virus has infected my friend's pc. she has tried to combat it with avg free, nod32 and hijackthis to no avail. it has a "restore" component.

does anyone know how to effectively remove sowar.vbs?

 Here's a bit  I found last week , this virus is running rapid.



When first run VBS/Autorun-FM copies itself to:

Root\Cool USEP Scandal.vbs
Root\sowar.vbs
Windows\SysRes.vbs

and creates the following files:

Root\Autorun.inf
Windows\%ORIGFILENAME%

Whenever a removable drive is inserted, the following files are copied over:

Autorun.inf Cool USEP Scandal.vbs


The following registry entry is created to run SysRes.vbs on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System Restore wscript.exe "Windows\SysRes.vbs"

VBS/Autorun-FM changes settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

 EDIT: oops forgot to get the rest to you   


Go to Start > Run and type: cmd
press Ok.
At the command prompt, type in your primay drive location, usually C:
You may need to change the directory. If so type: cd \
Hit Enter.
Type: attrib -s -h -r -a autorun.inf
Hit Enter.
Type: dir
Hit Enter. This will allow you to see and confirm the Autorun files.
Type: del autorun.inf
Hit Enter.
Repeat the above commands for each drive on your computer including your flash/usb drive.
Now search for and remove sowar.vbs, SysRes.vbs, Cool USEP Scandal.vbs
At the command prompt, type in your primay drive location, usually C:
Hit Enter.
Type: attrib sowar.vbs.* -s -h -r -a
Hit Enter.
Type: dir /s sowar.vbs
Hit Enter.
If the file is present, type: del sowar.vbs
Hit Enter.
Repeat the above commands for each drive on your computer including your flash/usb drive.
Then repeat these instructions to search for and delete SysRes.vbs, Cool USEP Scandal.vbs on each drive if present.
Exit the command prompt and reboot normally.

 DISABLE AUTORUN !!!!!!!!!