Okay, I don’t know the spefics of cool.vbs other then I know it’s a pain in the * to remove.
I do know this. Let’s say for giggles I infect your system with ZeroAccess? It’s a rootkit that hooks itself into system32 correct? Now, I’m going to start farting around in your system32. Let’s say for some reason I accidentaly delete the wrong file and I delete hal.dll (Which if I’m not mistaken is essential for boot-up). You now have a non-bootable system. You’ve lost ALL of their data, and you just pissed off a bunch of people.
Now let’s compare this to cool.vbs Shall we?
As I stated before, you’re plugging in an infected USB without protection, since resulting in yet another infection. As I’m sure, the malware has other ties then in the Roaming folder. Now, just because you’ve gotten that 1 file. Does not mean the malware is gone. Their are certain types of malware that WILL come back.
Congratulation my friend. You’ve successfully removed and then reinfected a system with the same malware you just “Tried” to remove. On top of this. If there wans’t reg keys, the malware would not run, What’s the solution. I can take a guess at where at least 1 key is…
Will someone please try to get that file and send it to malwr.com and test it? I’d like to prove thta’s it’s not simply in the roaming folder.