Here's a step-by-step guide to remove one of the most annoying virus ever - Long Live Sowar (sowar.vbs) Virus.
What sowar.vbs does. When first run VBS/Autorun-FM copies itself to:
Root\Cool USEP Scandal.vbsand creates the following files:
Root\sowar.vbs
Windows\SysRes.vbs
Root\Autorun.infWhenever a removable drive is inserted, the following files are copied over:
Windows\%ORIGFILENAME%
Autorun.inf Cool USEP Scandal.vbsThe following registry entry is created to run SysRes.vbs on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System Restore wscript.exe "Windows\SysRes.vbs"VBS/Autorun-FM changes settings for Microsoft Internet Explorer by modifying values under:
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
How to Remove sowar.vbs (Long Live Sowar) Virus
1. Go to Start, Run and type: cmd press Ok.
2. At the command prompt, type in your primary drive location, usually C:
3. You may need to change the directory. If so type: cd \ hit Enter.
4. Type: attrib -s -h -r -a autorun.inf hit Enter.
5. Type: dir and hit Enter. This will allow you to see and confirm the Autorun files.
6. Type: del autorun.inf hit Enter. Repeat the above commands for each drive on your computer including your flash/usb drive.
7. Now search for and remove sowar.vbs, SysRes.vbs, Cool USEP Scandal.vbs
- At the command prompt, type in your primay drive location, usually C: hit Enter.
- Type: attrib sowar.vbs.* -s -h -r -a hit Enter.
- Type: dir /s sowar.vbs Hit Enter.
- Repeat the above commands for each drive on your computer including your flash/usb drive.
- Then repeat these instructions to search for and delete SysRes.vbs, Cool USEP Scandal.vbs on each drive if present.
10. Disable autorun.