Author Topic: Solution to remove COOL.vbs virus from your PC  (Read 14570 times)

0 Members and 1 Guest are viewing this topic.

fahim9n

  • Guest
Solution to remove COOL.vbs virus from your PC
« on: December 11, 2013, 08:36:52 PM »

1. At first, end the process named 'wscript.exe' from the task manager.
2. Go to my computer. Then, Organize (upper left side on win 7) -> Folder and search options -> View -> untick the Hide protected operating system files -> click OK.
3. Go to C drive. search for .vbs files. wait until the search this completed.
4. You will find two 'COOL.vbs' files. There will be total file path of these files. Keep the searching result window.
5. Go to Start-> cmd.exe . Command prompt will appear.
6. Write the following line-
        DEL /F /S /Q /A "the filepath of COOL.vbs\COOl.vbs"
    Example: DEL /F /S /Q /A "C:\Users\fahim\AppData\Roaming\COOl.vbs"
7. The both 'COOL.vbs' will be deleted.
8. Restart your PC.
9. Insert your infected USB device and format it. Then your devices will be pathetic COOl.vbs virusfree. :)

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37611
  • Not a avast user
Re: Solution to remove COOL.vbs virus from your PC
« Reply #1 on: December 11, 2013, 08:41:34 PM »
we already have removal experts here that does that for anyone that need help ....and it is free
http://forum.avast.com/index.php?topic=53253.0

and those who use MCShield USB protector will not have this problem.   www.mcshield.net




fahim9n

  • Guest
Re: Solution to remove COOL.vbs virus from your PC
« Reply #2 on: December 11, 2013, 08:46:01 PM »
Yes, I saw that. But that is too lengthy process. But I found by myself a lot of easier solution for this. That's why I have posted it.

Thanks
fahim

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Solution to remove COOL.vbs virus from your PC
« Reply #3 on: December 11, 2013, 08:49:49 PM »
And what of the other stuff that may be present ?

fahim9n

  • Guest
Re: Solution to remove COOL.vbs virus from your PC
« Reply #4 on: December 11, 2013, 08:51:18 PM »
Sorry, I didn't get your question.

Thanks
fahim

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Solution to remove COOL.vbs virus from your PC
« Reply #5 on: December 11, 2013, 08:52:52 PM »
Cool VBS does not come alone.  And the suggestion of using MSconfig to start in safe mode is dangerous, you may end up with a non-booting system if the malware has disable safe mode


argus

  • Guest
Re: Solution to remove COOL.vbs virus from your PC
« Reply #6 on: December 11, 2013, 08:54:04 PM »
Each system is a story for itself.

fahim9n

  • Guest
Re: Solution to remove COOL.vbs virus from your PC
« Reply #7 on: December 11, 2013, 09:03:37 PM »
Cool VBS does not come alone.  And the suggestion of using MSconfig to start in safe mode is dangerous, you may end up with a non-booting system if the malware has disable safe mode

This solution doesn't need to get your pc in safe mode. I think, you know very well about /F , /S , /Q and /A .

And I have stated only to remove the COOL.vbs virus. It works!
I have kicked out the virus from 10 PCs through this procedure.

Thanks
fahim

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Solution to remove COOL.vbs virus from your PC
« Reply #8 on: December 11, 2013, 09:10:13 PM »
Fahim,

Do you have ANY training whatsoever? I don't. Just because I know how to manually remove Ransomware does not mean I should be kicking around helping people. That is beyond words dangerous. I do things in a controlled envirroment. YOu're doing things on a PC w/o knowledge of it and no training. Their is a big difference.

For the safety of you, I strongly recommend you stop before you cause harm to the PC, and potentially have a lawsuit on your hands
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Solution to remove COOL.vbs virus from your PC
« Reply #9 on: December 11, 2013, 09:11:46 PM »

1. At first, end the process named 'wscript.exe' from the task manager.
2. Go to my computer. Then, Organize (upper left side on win 7) -> Folder and search options -> View -> untick the Hide protected operating system files -> click OK.
3. Go to C drive. search for .vbs files. wait until the search this completed.
4. You will find two 'COOL.vbs' files. There will be total file path of these files. Keep the searching result window.
5. Go to Start-> cmd.exe . Command prompt will appear.
6. Write the following line-
        DEL /F /S /Q /A "the filepath of COOL.vbs\COOl.vbs"
    Example: DEL /F /S /Q /A "C:\Users\fahim\AppData\Roaming\COOl.vbs"
7. The both 'COOL.vbs' will be deleted.
8. Restart your PC.
9. Insert your infected USB device and format it. Then your devices will be pathetic COOl.vbs virusfree. :)

Also, that plan is flawed. YOu're plugging in an infected USB into a "Clean" system w/o any sort of protection. That will result in the system being re-infected and therefore another infection YOU have to clean.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

fahim9n

  • Guest
Re: Solution to remove COOL.vbs virus from your PC
« Reply #10 on: December 11, 2013, 09:16:30 PM »
Fahim,

Do you have ANY training whatsoever? I don't. Just because I know how to manually remove Ransomware does not mean I should be kicking around helping people. That is beyond words dangerous. I do things in a controlled envirroment. YOu're doing things on a PC w/o knowledge of it and no training. Their is a big difference.

For the safety of you, I strongly recommend you stop before you cause harm to the PC, and potentially have a lawsuit on your hands

Alan,

What is dangerous in there deleting the COOL.vbs from my PC in that way. Please enlighten me.

Thanks
fahim

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11249
  • No support PM's thanks
Re: Solution to remove COOL.vbs virus from your PC
« Reply #11 on: December 11, 2013, 09:20:49 PM »
fahim9n you have already been given several reasons why your methods are dangerous, as asked please refrain from posting malware advice as these areas are for qualified specialists.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Solution to remove COOL.vbs virus from your PC
« Reply #12 on: December 11, 2013, 09:23:50 PM »
Okay, I don't know the spefics of cool.vbs other then I know it's a pain in the * to remove.

I do know this. Let's say for giggles I infect your system with ZeroAccess? It's a rootkit that hooks itself into system32 correct? Now, I'm going to start farting around in your system32. Let's say for some reason I accidentaly delete the wrong file and I delete hal.dll (Which if I'm not mistaken is essential for boot-up). You now have a non-bootable system. You've lost ALL of their data, and you just pissed off a bunch of people.

Now let's compare this to cool.vbs Shall we?

As I stated before, you're plugging in an infected USB without protection, since resulting in yet another infection. As I'm sure, the malware has other ties then in the Roaming folder. Now, just because you've gotten that 1 file. Does not mean the malware is gone. Their are certain types of malware that WILL come back.

Congratulation my friend. You've successfully removed and then reinfected a system with the same malware you just "Tried" to remove. On top of this. If there wans't reg keys, the malware would not run, What's the solution. I can take a guess at where at least 1 key is....


Will someone please try to get that file and send it to malwr.com and test it? I'd like to prove thta's it's not simply in the roaming folder.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Solution to remove COOL.vbs virus from your PC
« Reply #13 on: December 11, 2013, 09:27:41 PM »
Cool VBS does not come alone.  And the suggestion of using MSconfig to start in safe mode is dangerous, you may end up with a non-booting system if the malware has disable safe mode

And I have stated only to remove the COOL.vbs virus. It works!
I have kicked out the virus from 10 PCs through this procedure.

Thanks
fahim

And who acually let you do that? I'd like to give them some advice to let, "Non-Qualified" people fix a computer.

I don't mean to be an ass with that comment, but really; common sense is, you don't fix peoples computer w/o the insight of a remover like Essex, and no training. I don't even dare to help people fix Ransomware issues. Now, I'd say if you were to join a school like GeekU. I'd be all for it if you could prove the system is actually clean
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

fahim9n

  • Guest
Re: Solution to remove COOL.vbs virus from your PC
« Reply #14 on: December 11, 2013, 09:48:01 PM »
Alan,

I have searched the whole system for COOL.vbs . Sorry, I could not find out.
The two places where I found them is in AppData\Roaming and in AppData\Roaming\Microsoft\Windows\Start Menu .
I don't have any training about malware protection.
I was just trying to save my ass as well my friends' from that virus. That's all.



Thanks
fahim