Wednesday, April 30, 2008

remove smss.exe virus

Funny UST Scandal, smss Virus
What a lame virus......peace...!!!!! MABUHAY ANG LIPA(Lipa City Public College)F.E.SBefore I teach you how to remove this... first... this is the informationof that virus....
Software used to build the virus= AutoIt V3drop Files- killer.exe(4084 kb) in c:\windows\lsass.exe(3920kb) in c:\documents and settings\all users\start menu\programs\startupsmss.exe(4088kb) in all root drives and in c:\windowsautorun.inf(1kb) in all root drives with a script
[autorun]open=smss.exeshell\Open\Command=smss.exeshell\open\Default=1shell\Explore\Command=smss.exeshell\Autoplay\command=smss.exe
Funny UST Scandal.avi.exe(228kb) in all root drives
Registry Entries-HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon=shell(killer.exe)HKCU\Software\Microsoft\windows\Currentversion\Run=runonce(c:\windows\smss.exe)
HOw to remove this lame virus????
-first download taskiller in http://www.rsdsoft.com/task_killer/index.php4 and install it toyour computer because you cant use taskmanager to terminate the virus(the virus automatically close taskmanager).
-run taskiller and left click it on the system tray(the one with a skull icon)
-click processes
-to close the virus, select process and click yes to the question
(process to close)1.killer.exe2.lsass.exe3.smss.exe
note: close only file that have the same icon of Funny UST Scandal.avi.exe
CMD STEPS1-now, click "start" then "run"2-type "cmd" without quotes3-type "cd\" without quotes4-type "attrib -h -s smss.exe" without quotes5-type "attrib -h -s autorun.inf" without quotes6-type "start c:" without quotes(a new window will open)7-select smss.exe,autorun.inf,Funny UST Scandal.avi.exe and delete it
-if theres any drive or a partition type "d:" in command prompt without quotes"d" is the drive letter then repeat the CMD STEPS number 4-7 above.......
-now type this on the command prompt "cd windows" without quotes(na naman!)-type "attrib -h -s smss.exe" without quotes(uli)-type "start c:\windows" without quotes(hay naku!)-delete the file smss.exe-now, goto c:\documents and settings\all users\startmenu\programs\startup-delete lsass.exe
-click "start" then "run"-type "regedit" without quotes then delete the registry entries above....
Posted by at No comments:
Subscribe to: Comments (Atom)