Thursday, November 6, 2008

Funny USt Scandal Virus Removal


Tthis virus may put yourself in state of embarrassment when it sends some senseless message to your friends in your yahoo messenger buddies.

It creates following files:

* Killer.exe in c:\windows\
* lsass.exe in c:\documents and settings\all users\start menu\programs\startup
* xmss.exe in the root drive of all partitions and also in c:\windows
* autorun.inf in all the partitions.
* the main file Funny UST Scandal.avi.exe in all the partitions and
* Funny UST Scandal.exe in c:\Windows.

Not only this, it also creates the following entries:

HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce
You will find all these or some of these files if your system is infected by this virus.

Method 1: Remove the virus automatically by UST Virus removal Tool.

Download It Here
Method 2: Manual removal procedure.

1. Firstly you need to end process running by the virus, for this download process explorer.

killer.exe ,b.lsass.exe ,c.smss.exe

Note: close all those processes that have the same icon of Funny UST Scandal.avi.exe

2. Open Start >> Run and type “cmd” (without quotes) and press enter.
3. Above command will open up command prompt, type “cd\” (without quotes)
4. Type “attrib -h -s smss.exe” (without quotes)
5. Type “attrib -h -s autorun.inf” (without quotes)
6. Repeat step 4 and 5 for all the drives through command prompt (on the root folder)

7. Now open all your drives one by one by typing C: ,D: and so on in the address bar at the top, delete smss.exe,autorun.inf,Funny UST Scandal.avi.exe

8. Open command prompt again by following step 2.
9. Type “cd c:\windows” (without quotes)
10. Type “attrib -h -s smss.exe” (without quotes)and press enter. Type “delete smss.exe” and press enter also type “delete lsass.exe” and press enter.
11. Now Open Start >> Run and type regedit and press enter.
12. Locate these paths one by one in the registry.

* HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell
* HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce

At these paths, locate the keys which have values as (killer.exe) and (c:\windows\smss.exe). Delete these registry keys.

Done!

We hope you will be able to remove the virus by at least one of the method specified above, if not please let us know through comments.
Posted by">kkk at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)