Funny UST Scandal, smss Virus
What a lame virus......peace...!!!!! MABUHAY ANG LIPA(Lipa City Public College)F.E.SBefore I teach you how to remove this... first... this is the informationof that virus....
Software used to build the virus= AutoIt V3drop Files- killer.exe(4084 kb) in c:\windows\lsass.exe(3920kb) in c:\documents and settings\all users\start menu\programs\startupsmss.exe(4088kb) in all root drives and in c:\windowsautorun.inf(1kb) in all root drives with a script
[autorun]open=smss.exeshell\Open\Command=smss.exeshell\open\Default=1shell\Explore\Command=smss.exeshell\Autoplay\command=smss.exe
Funny UST Scandal.avi.exe(228kb) in all root drives
Registry Entries-HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon=shell(killer.exe)HKCU\Software\Microsoft\windows\Currentversion\Run=runonce(c:\windows\smss.exe)
HOw to remove this lame virus????
-first download taskiller in http://www.rsdsoft.com/task_killer/index.php4 and install it toyour computer because you cant use taskmanager to terminate the virus(the virus automatically close taskmanager).
-run taskiller and left click it on the system tray(the one with a skull icon)
-click processes
-to close the virus, select process and click yes to the question
(process to close)1.killer.exe2.lsass.exe3.smss.exe
note: close only file that have the same icon of Funny UST Scandal.avi.exe
CMD STEPS1-now, click "start" then "run"2-type "cmd" without quotes3-type "cd\" without quotes4-type "attrib -h -s smss.exe" without quotes5-type "attrib -h -s autorun.inf" without quotes6-type "start c:" without quotes(a new window will open)7-select smss.exe,autorun.inf,Funny UST Scandal.avi.exe and delete it
-if theres any drive or a partition type "d:" in command prompt without quotes"d" is the drive letter then repeat the CMD STEPS number 4-7 above.......
-now type this on the command prompt "cd windows" without quotes(na naman!)-type "attrib -h -s smss.exe" without quotes(uli)-type "start c:\windows" without quotes(hay naku!)-delete the file smss.exe-now, goto c:\documents and settings\all users\startmenu\programs\startup-delete lsass.exe
-click "start" then "run"-type "regedit" without quotes then delete the registry entries above....
Wednesday, April 30, 2008
Tuesday, March 11, 2008
How to remove Funny UST Scandal avi.Exe Virus
Tags: funny-ust-scandal-avi.exe, funny-virus
2
Mar
Trouble:
“How to remove funny ust scandel.exe without any virus removal tool? or can you
provide any Vbscript for removing this virus?“
As far as writing a vbscript for automatic removal of this virus, we would love to but these days we are not getting enough time to do it, but in future we will try to provide free virus removal tools made by the troublefixers themselves.
Let’s see what are the UST Scandal virus symptoms and activities and how can we remove this virus both manually and automatically.
Fix:
Well we can remove this virus by a simple removal tool and through manual procedure also, lets first discuss about automatic removal tool.
Funny UST Virus Activities:
First of all this virus is not funny at all, either it may put yourself in state of embarrassment when it sends some senseless message to your friends in your yahoo messenger buddies.
It creates following files:
Killer.exe in c:\windows\
lsass.exe in c:\documents and settings\all users\start menu\programs\startup
xmss.exe in the root drive of all partitions and also in c:\windows
autorun.inf in all the partitions.
the main file Funny UST Scandal.avi.exe in all the partitions and
Funny UST Scandal.exe in c:\Windows.
Not only this, it also creates the following entries:
HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce
You will find all these or some of these files if your system is infected by this virus.
Method 1: Remove the virus automatically by UST Virus removal Tool. Download it here
Method 2: Manual removal procedure.
1. Firstly you need to end process running by the virus, for this download process explorer.
killer.exe ,b.lsass.exe ,c.smss.exe
Note: close all those processes that have the same icon of Funny UST Sandal.avi.exe
2. Open Start >> Run and type “cmd” (without quotes) and press enter.
3. Above command will open up command prompt, type “cd\” (without quotes)
4. Type “attrib -h -s smss.exe” (without quotes)
5. Type “attrib -h -s autorun.inf” (without quotes)
6. Repeat step 4 and 5 for all the drives through command prompt (on the root folder)
7. Now open all your drives one by one by typing C: ,D: and so on in the address bar at the top, delete smss.exe,autorun.inf,Funny UST Scandal.avi.exe
8. Open command prompt again by following step 2.
9. Type “cd c:\windows” (without quotes)
10. Type “attrib -h -s smss.exe” (without quotes)and press enter. Type “delete smss.exe” and press enter also type “delete lsass.exe” and press enter.
11. Now Open Start >> Run and type regedit and press enter.
12. Locate these paths one by one in the registry.
HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell
HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce
At these paths, locate the keys which have values as (killer.exe) and (c:\windows\smss.exe). Delete these registry keys.
Done!
We hope you will be able to remove the virus by at least one of the method specified above, if not please let us know through comments.
Tags: funny-ust-scandal-avi.exe, funny-virus
2
Mar
Trouble:
“How to remove funny ust scandel.exe without any virus removal tool? or can you
provide any Vbscript for removing this virus?“
As far as writing a vbscript for automatic removal of this virus, we would love to but these days we are not getting enough time to do it, but in future we will try to provide free virus removal tools made by the troublefixers themselves.
Let’s see what are the UST Scandal virus symptoms and activities and how can we remove this virus both manually and automatically.
Fix:
Well we can remove this virus by a simple removal tool and through manual procedure also, lets first discuss about automatic removal tool.
Funny UST Virus Activities:
First of all this virus is not funny at all, either it may put yourself in state of embarrassment when it sends some senseless message to your friends in your yahoo messenger buddies.
It creates following files:
Killer.exe in c:\windows\
lsass.exe in c:\documents and settings\all users\start menu\programs\startup
xmss.exe in the root drive of all partitions and also in c:\windows
autorun.inf in all the partitions.
the main file Funny UST Scandal.avi.exe in all the partitions and
Funny UST Scandal.exe in c:\Windows.
Not only this, it also creates the following entries:
HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce
You will find all these or some of these files if your system is infected by this virus.
Method 1: Remove the virus automatically by UST Virus removal Tool. Download it here
Method 2: Manual removal procedure.
1. Firstly you need to end process running by the virus, for this download process explorer.
killer.exe ,b.lsass.exe ,c.smss.exe
Note: close all those processes that have the same icon of Funny UST Sandal.avi.exe
2. Open Start >> Run and type “cmd” (without quotes) and press enter.
3. Above command will open up command prompt, type “cd\” (without quotes)
4. Type “attrib -h -s smss.exe” (without quotes)
5. Type “attrib -h -s autorun.inf” (without quotes)
6. Repeat step 4 and 5 for all the drives through command prompt (on the root folder)
7. Now open all your drives one by one by typing C: ,D: and so on in the address bar at the top, delete smss.exe,autorun.inf,Funny UST Scandal.avi.exe
8. Open command prompt again by following step 2.
9. Type “cd c:\windows” (without quotes)
10. Type “attrib -h -s smss.exe” (without quotes)and press enter. Type “delete smss.exe” and press enter also type “delete lsass.exe” and press enter.
11. Now Open Start >> Run and type regedit and press enter.
12. Locate these paths one by one in the registry.
HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell
HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce
At these paths, locate the keys which have values as (killer.exe) and (c:\windows\smss.exe). Delete these registry keys.
Done!
We hope you will be able to remove the virus by at least one of the method specified above, if not please let us know through comments.
Friday, March 7, 2008
About me
hi frens this is madhu sudan sigdel from kathmandu nepal
i was born in alainche, raipur-2, tanahun.
i studied primary level from kankai secondary boarding school, Damauli, Tanahun.
i finished my higher secondary level and SLC from bagmati H S boarding school, Naxal, Kathmandu.
i got admitted and passes +2 from NSS(NIST), Lainchaur, kathmandu.
Now i am studying BE computer in Pulchowk Campus, Pulchowk, Lalitpur in I semester I year.
i was born in alainche, raipur-2, tanahun.
i studied primary level from kankai secondary boarding school, Damauli, Tanahun.
i finished my higher secondary level and SLC from bagmati H S boarding school, Naxal, Kathmandu.
i got admitted and passes +2 from NSS(NIST), Lainchaur, kathmandu.
Now i am studying BE computer in Pulchowk Campus, Pulchowk, Lalitpur in I semester I year.
Subscribe to:
Comments (Atom)