Hey Ricky,
This .vbs malware works like this.
credits goes to dr_BoraSpreading in the order:- For each removable drive:
- Copies the malicious vbs file (whose opening is provided in the next step)
- For each removable drive:
- For each file USB:\file.ext preform the S+H and creates USB:\file.lnk (which starts cmd.exe, which starts on malware)
- For each folder USB:\folder do the S+H and creates USB:\folder.lnk (which starts cmd.exe, which starts on malware)
PS: (
) malware connects to hxxp://xkiller.no-ip.info where he received varius command for example: execute file, send data, upgrade it, go to sleep ...
MCShield covers .lnk files and the malicious VBS, as well as recovery of original files is covered in the two MCS's Anti-Replicator routines (one for lnk file and the vbs and the recovery of legitimate files this, one for folders).
which antivirus is the best for identifying the cool.vbs virus on a system and neutralize the infection?
Without proper testing
(I don't have time for it) can't tell but avast 2014 owns new "DeepScreen" technic for malware detections. This should be enough for avast to prevend spreading on host mashine.
Someone else from avast team perhaps would be more appropriate to answer this.