How to remove Sijun Virus

How to remove Sijun Virus (Automatic)

Sujin Scanner and remover tool

I have write a VB Script to remove this virus it will remove the virus file and clear the infection
Please download AntiSujin Tool here
This tool detect and remove sujin virus infection and reset registry entries to default.
NOTE: This tool is developed my me and this is not a virus / torgan.
For best result also please follow the below Step 8-10 Manually.

Please run without hesitation else you can follow manual steps as follow

How to remove Sijun Virus (Manually)

To clean this VBScript Virus from your computer(Manually)
1) Open >task manager> look for process "WScript.exe"> click on it and then click end process. If it says warning and bla bla bla ignore it and click yes. Now make sure there is no more "WScript.exe" running in task manager if yes repeat the process above i.e. hitting the end process button.
2) To Open command prompt type "cmd" without quotes at >start >run
3) Type "cd.." without quotes and press enter
4) Repeat 3) this would bring us to the drive c: or d: or whatever yours is
5) Now type cd windows\system32 and hit enter
6) Type "attrib -s -h -r Virusremoval.vbs" without quotes and hit enter
7) Now Type "del Virusremoval.vbs" without quotes and hit enter
8) Now if you have pen drive or floppy inserted don't double click to open it. Instead double click the "My computer" icon when it opens press F4 button from your keyboard now find your pen drive or what ever you have to open and click it.
9) Click tools option of the My computer menu and then click Folder option theiràlook for view tab and clickàclick show hidden files and folders radio button, also uncheck the boxes which says" Hide extensions for known file type" and " Hide protected operating system files (recommended)" ignore that warning which says bla bla bla and press yes while doing it.
10) Find and delete file named " autorun.inf " and " Virusremoval.vbs " if it exists.

11) If it is not working for you plz check no 1) again if there is wscript.exe running in the task manager you have to repeat everything again. So please be sure that wscript.exe is not running.

12 ) Go to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
On the right side look for Shell which should have value of just explorer.exe.
delete anything after explorer.exe.

Under same key Winlogon also look for Userinit which should have value of
c:\WINDOWS\system32\userinit.exe,
Delete all the crap after the comma.

13.) Go to HKCU\Software\Microsoft\Internet Explorer\Main
On the right side locate Window Title and delete its value i.e. Sujin.com.np

Under the same key locate Start Page and delete its value i.e. http://sujin.com.np/

Thats all folks
Please give your feedback as comments.

Please read more about this Sijun virus here:

Introduction of Sujin virus. ( changed home page of IE)

Just check the title and homepage of your browser (IE only I guess). If any one or both have ‘sujin.com.np’ on them then congrats… you have successfully been infected by what is called the “Sujin Virus”. Most people may get frightened how this got into their computer and what does it do. Well, need to get frightened. This is not a harmful virus at all. The only thing that it does now is scare people out and that’s it. It was just some script programmed by some guy from Nepal (who thinks he’s a genius) in Visual Basic that changed some registry settings and copied itself to all drives in root directory. I can’t really understand what he really wanted to do.

Anyways let see what it does with your system

1. Modifies registry settings (this does things such as disabling access to taskbar, setting the start page of IE to ‘sujin.com.np’ and modifies the UserInit settings to execute Virusremoval.vbs)
2. Stores a copy of itself to all drives in root directory.
3. Removes all .vbs files in Windows directory and Root directory and all .inf files in root directories of drives.
4. Removes ravmon.exe, sxs.exe, winfile.exe and run.wsh(now we have ask him why he wanted them removed)
5. Stores VirusRemoval.vbs in root and adding the autorun.inf to make sure that it auto executes if it’s installed in a removable disk (i.e. flash drives).

So, basically this script is not that harmful if we come to know it. We have to be careful not to double click the flash drive especially as they are the main carriers of this virus. You can right click though to check if there is any autorun file in you flash drives. While right clicking the flash drive if the default option is ‘Autoplay’ then be alarmed that your flash drives contains an “autorun.inf” file that may be set to execute any other harmful files in your flash drive. So, once you know that there is an autorun file try to delete it form command prompt. There may be other harmful hidden files too, to see and delete which you may have to use a combination of switches.

Read more here to remove this virus.

How to make your PC Spyware free. अपना पीसी स्पाई-वेयर मुक्त कैसे रखे.

Download spyware doctor setup VER 5
Homepage - http://www.pctools.com/spyware-doctor/

Install via sdsetup.exe, uncheck "Automatically install updates", Run smart update after install all updates should be checked (Except languages you dont need).

Once update is completed, Close the app (Stop the scan from running, you can do that later)....Reboot

Stop SD from running by killing process in system tray

Downlaod Patch File here
Open Patch।exe, enter your name in the editbox, browse to C:\Program Files\Spyware Doctor and patch the file.


Run app fully licensed

NOTE: Don't download the update "SD Info NRM" 433।57kb. It will carry the software back to trial. So ppl avoid that update only update the database definitions!!!!