Just check the title and homepage of your browser (IE only I guess). If any one or both have ‘sujin.com.np’ on them then congrats… you have successfully been infected by what is called the “Sujin Virus”. Most people may get frightened how this got into their computer and what does it do. Well, need to get frightened. This is not a harmful virus at all. The only thing that it does now is scare people out and that’s it. It was just some script programmed by some guy from
We can sneak the code in the VBS file (just open it in a Notepad). I am not a VB programmer myself so I took a little help from Boyutal’s blog which says that it’s a harmless VBScript file installed in your computer which:
o Modifies registry settings (this does things such as disabling access to taskbar, setting the start page of IE to ‘sujin.com.np’ and modifies the UserInit settings to execute Virusremoval.vbs)
o Stores a copy of itself to all drives in root directory.
o Removes all .vbs files in Windows directory and Root directory and all .inf files in root directories of drives.
o Removes ravmon.exe, sxs.exe, winfile.exe and run.wsh(now we have ask him why he wanted them removed)
o Stores VirusRemoval.vbs in root and adding the autorun.inf to make sure that it auto executes if it’s installed in a removable disk (i.e. flash drives).
So, basically this script is not that harmful if we come to know it. We have to be careful not to double click the flash drive especially as they are the main carriers of this virus. You can right click though to check if there is any autorun file in you flash drives. While right clicking the flash drive if the default option is ‘Autoplay’ then be alarmed that your flash drives contains an “autorun.inf” file that may be set to execute any other harmful files in your flash drive. So, once you know that there is an autorun file try to delete it form command prompt. There may be other harmful hidden files too, to see and delete which you may have to use a combination of switches.
