system
19
It’s done! The script didn’t quite work because my Windows version is set to spanish, and your folder directories specified were in english. I tried to write the correct folder names but somehow the scrip wouldn’t run. So with the help of a friend and TeamViewer, the registry key and both files were deleted under Safe Mode. I restarted and now the threat is gone!
P.S.: I did the same in my cousin’s PC and it also worked! Just entered via Safe Mode, went to regedit, deleted the registry key that COOL.vbs created and also went to AppData\Roaming and the other directory and deleted both instances of COOL.vbs. That b!tch is gone for good!
Thanks a lot for your kind help!