Cool.vbs Virus - Please help me remove it from my desktop and prevent it

[magna86]

...the main issue was that the whenever I insert a flash drive into the computer it keep changing the files to shortcuts.

This malware spreads thru USB devices and in addition it presented & install/load itself to the host computer.

All USB devaces has been cleaned by MCShield tool. And I recommended to you to keep MCShield.
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but will immediately clean Memory card or external HDD.

However there are 4 removable disk drives icons in "My Computer" even when there is no flash drives connected.

Can't tell from here...  Right click > Eject ..?

Since the virus is gone now what do I do with the programs I downloaded to do the fix, can I go ahead and uninstall them?

Pros always cleans up after himself. 




It is necessary to uninstall ComboFix :

• Click Start (or ) then Run.
  
  
  On Windows7 or Vista you may use Start Search field if Run is not available.
  
  
• In the line of text type in (Copy) the following:

Code: [Select]

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

• then click OK (or press Enter ).

Wait for the uninstall process is complete.

---------------------------

> Re-run AdwCleaner and click on [Uninstall] button.

---------------------------
> Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

[Ricky Vybz]

Thanks very much magna86, don't know how else to thank you for all that you have done for me. I have other computers that are infected also so I will be looking for you help again. I will definitely recommend Avast forum to all my friends. You helpers are the best, thanks alot. I give you another star my friend.

Ricky

[magna86]

Thank you Ricky for your kind words. 

I have other computers that are infected also so I will be looking for you help again.

Feel free to open new topic for each computer, and some of the Malware Analysts members shall assist you. 

[Ricky Vybz]

Magna86, which antivirus is the best for identifying the cool.vbs virus on a system and neutralize the infection?

Ricky

[magna86]

Hey Ricky,

This .vbs malware works like this.
credits goes to dr_Bora

Spreading in the order:
- For each removable drive:
- Copies the malicious vbs file (whose opening is provided in the next step)
- For each removable drive:
- For each file USB:\file.ext preform the S+H and creates USB:\file.lnk (which starts cmd.exe, which starts on malware)
- For each folder USB:\folder do the S+H and creates USB:\folder.lnk (which starts cmd.exe, which starts on malware)

PS: ( ) malware connects to hxxp://xkiller.no-ip.info where he received varius command for example: execute file, send data, upgrade it, go to sleep ...


MCShield covers .lnk files and the malicious VBS, as well as recovery of original files is covered in the two MCS's Anti-Replicator routines (one for lnk file and the vbs and the recovery of legitimate files this, one for folders).

which antivirus is the best for identifying the cool.vbs virus on a system and neutralize the infection?

Without proper testing (I don't have time for it) can't tell but avast 2014 owns new "DeepScreen" technic for malware detections. This should be enough for avast to prevend spreading on host mashine.

Someone else from avast team perhaps would be more appropriate to answer this.

[theapu]

theres a easy way....enter with SAFE MOOD (run<msconfig<boot< mark  safe boot)  ..... open ccleaner<tools<start up then delete fofo or cool or something like this....then run with normal mood.

[magna86]

@theapu
Please do not foolishly advise someone to do something that you yourself do not understand enough ...