W32.Sohanad.Vbs is a script created to restore the damaged or modified registry values made by the Worm W32.Sohanad . This code may be freely distributed/modified. Please use at your own risk.
Author:
Unknown
License:
Freeware
Operating System:
Windows 2000/XP
How to created W32.Sohanad.VBS:
1. Open NotePad.
2. Copy the text inside the ===== below. (Do not include top and bottom =====)
3. Paste it to NotePad and SaveAs W32Sohanad.vbs
4. Reboot your computer in SafeMode and remain that no other programs are running.
5. Double click on W32Sohanad.vbs to run it.
==========
‘This script is to restore the damaged/modified registry by the W32Sohanad Worm. This code may be freely distributed/modified.
‘Prevents errors from values that don’t exist
On Error Resume Next
Set WshShell = WScript.CreateObject(”WScript.Shell”)
‘Delete the keys that has disabled the Windows Registry Tools and Task Manager.
WshShell.RegDelete “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”
WshShell.RegDelete “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”
WshShell.RegDelete “HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”
WshShell.RegDelete “HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”
‘Delete the registry keys that changes your Yahoo Messenger status
WshShell.RegDelete “HKCU\Software\Yahoo\pager\View\YMSGR_buzz\content url”
WshShell.RegDelete “HKCU\Software\Yahoo\pager\View\YMSGR_Launchcast\content url”
‘Delete the entries which make the worm start up while booting.
WshShell.RegDelete “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Task Manager”
WshShell.RegDelete “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Svchost”
‘Delete Disable Homepage Buttons in IE
WshShell.RegDelete “HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Homepage”
‘Reset Homepage
WshShell.RegWrite “HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page”, “about:blank”, “REG_SZ”
‘Reset IE Title Bar
WshShell.RegWrite “HKCU\Software\Microsoft\Internet Explorer\Main\Window Title”, “Microsoft Internet Explorer”
X = MsgBox(”Registry successfuly restored from the damage made by W32Sohanad Worm”, vbOKOnly, “Success!!!”)
==========
One Response for "W32.Sohanad.Vbs (thecoolpics.net) Removal"
tried the procedure but getting script error pl help
Any Response?
Can't Find a Solution?
Start a Discussion Here!