return To index
/*
"sujin.com.np" Removal with Ultimate Flash Drive Protection Tool v1.0 README
ATool.js will remove "sujin.com.np" worm from your pc and
will modify the your computer's registry to safeguard your
pc from other pesky flash drive worms.
This tool is free and please distribute.
Regards,
Paul
http://paul.somee.com
*/
/*
"sujin.com.np" Removal with Ultimate Flash Drive Protection Tool v1.0
by Paul (http://paul.somee.com)
*/
// Declare Objects
var wsh = new ActiveXObject("WScript.Shell");
var fso = new ActiveXObject("Scripting.FileSystemObject");
// Terminate other "Wscript.exe" processes by calling WMI Functions
// (To be able to delete active VBScripts)
wsh.Popup("\"sujin.com.np\" Removal With Ultimate Flash Drive Protection Tool v1.0");
wsh.Popup("Step 1 : Disabling Other Wscript Processes");
var wmi = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\" + "." + "\\root\\cimv2");
var colProcess = wmi.ExecQuery("Select * From Win32_Process Where Name = \'wscript.exe\'");
var enumx = new Enumerator(colProcess);
var kawnt = 0;
for (;!enumx.atEnd();enumx.moveNext())
{
kawnt++;
}
enumx.moveFirst();
for (var i = 0; i < (kawnt - 1); i++)
{
var x = enumx.item();
x.Terminate();
enumx.moveNext();
}
// Repair Registry
wsh.Popup("Step 2 : Repairing Registry");
var regstr = new Array();
regstr[0] = "HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title";
regstr[1] = "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFolderOptions";
regstr[2] = "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableTaskMgr";
regstr[3] = "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableRegistryTools";
var g = 0;
for (g = 0; g < regstr.length; g++)
{
try { wsh.RegDelete(regstr[g]);}
catch (e) { continue;}
}
var SystemDir = fso.GetSpecialFolder(1);
regstr[0] = "HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page";
regstr[1] = "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell";
regstr[2] = "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit";
regstr[3] = "http://www.google.com";
regstr[4] = "Explorer.exe";
regstr[5] = SystemDir + "\\userinit.exe,"
for (g = 0; g < 3; g++)
{
try { wsh.RegWrite(regstr[g],regstr[g+3],"REG_SZ");}
catch (e) { continue;}
}
// Search For the VBscript in Removable Drives
wsh.Popup("Step 3 : Removing It From Desktop And Attached Removable Disks");
if (fso.FileExists(SystemDir + "\\virusremoval.vbs"))
{
f = fso.GetFile(SystemDir + "\\virusremoval.vbs");
f.attributes =+32;
fso.DeleteFile(SystemDir + "\\virusremoval.vbs");
//wsh.Popup("VirusRemoval.vbs found in " + SystemDir + " and was deleted...");
}
else
{
//wsh.Popup("No VirusRemoval.vbs found in " + SystemDir + "...");
}
var mapdrive = new Enumerator (fso.Drives);
var f = null;
var g = null;
do
{
f = null;
g = null;
x = mapdrive.item();
if (x.DriveType == 2 && x.IsReady)
{
//wsh.Popup("Checking Drive " + x.DriveLetter + ":\\ - Fixed Disk");
if (fso.FileExists(x.DriveLetter + ":\\virusremoval.vbs"))
{
f = fso.GetFile(x.DriveLetter + ":\\virusremoval.vbs");
f.attributes =+32;
fso.DeleteFile(x.DriveLetter + ":\\virusremoval.vbs");
//wsh.Popup("VirusRemoval.vbs found and deleted...");
}
else
{
//wsh.Popup("No VirusRemoval.vbs found...");
}
}
if (x.DriveType == 1 && x.IsReady)
{
wsh.Popup("Checking Drive " + x.DriveLetter + ":\\ - Removable Disk");
if (fso.FileExists(x.DriveLetter + ":\\autorun.inf"))
{
f = fso.GetFile(x.DriveLetter + ":\\autorun.inf");
f.attributes =+32;
fso.DeleteFile(x.DriveLetter + ":\\autorun.inf");
//wsh.Popup("Autorun.inf found and deleted...");
}
else
{
//wsh.Popup("No Autorun.inf found...");
}
if (fso.FileExists(x.DriveLetter + ":\\virusremoval.vbs"))
{
f = fso.GetFile(x.DriveLetter + ":\\virusremoval.vbs");
f.attributes =+32;
fso.DeleteFile(x.DriveLetter + ":\\virusremoval.vbs");
//wsh.Popup("VirusRemoval.vbs found and deleted...");
}
else
{
//wsh.Popup("No VirusRemoval.vbs found...");
}
}
mapdrive.moveNext();
} while (!mapdrive.atEnd());
wsh.Popup("BONUS: Additional Protection For Your PC Against Pesky Flash Drive Malwares\r\nWill Set Additional Registry On Your Desktop...");
wsh.RegWrite("HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\IniFileMapping\\Autorun.inf\\","@SYS:DoesNotExist","REG_SZ");
wsh.Popup("Done. You can smile now. - Paul (http://paul.somee.com)");