Monday, June 9, 2008

Funny UST Scandal.avi.exe Virus

Funny UST Scandal.avi.exe Virus
AutoIt v3 Script 3,2,8,1 / SMSS.exe / LSASS.exe / KILLER.exe / Funny UST Scandal.avi.exe
============================================================

VIRUS FILES
———–
Name :Funny UST Scandal.avi.exe
Name :SMSS.exe

Icon :Video file (GOM Player)
Type of File :Application
Size :224KB/240KB
Modified :November 20, 2007
Attibutes :Hidden, System (varies)
File Version :3.2.8.1
Description :
Copyright :
CompiledScript :AutoIt v3 Script : 3, 2, 8, 1

BEHIND THE SCREEN
—————–
ModifyRegValue \REGISTRY\USER\S-1-5-21-436374069-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c4da22a-f800-11db-8de6-806d6172696f}\BaseClass
CreateDir C:\log\
CreateFile C:\WINDOWS\autorun.inf
CreateFile C:\WINDOWS\smss.exe
CreateFile C:\WINDOWS\killer.exe
CreateFile C:\WINDOWS\Funny UST Scandal.exe
CreateFile C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe
ModifyRegValue \REGISTRY\USER\S-1-5-21-436374069-1390067357-839522115-1003_CLASSES\.vbs
CreateRegValue \REGISTRY\USER\S-1-5-21-436374069-1390067357-839522115-1003_CLASSES\.reg
CreateRegValue \REGISTRY\USER\S-1-5-21-436374069-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\Runonce
ModifyRegValue \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
ModifyRegValue \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
CreateFile X:\autorun.inf
CreateFile X:\smss.exe
CreateFile X:\Funny UST Scandal.avi.exe

**X=all the drives

IDENTIFIED BY ANTIVIRUS (KAV)
———————–
“Worm.P2P.generic”
“Trojan.generic”

*during installation of virus, not during scanning, i dont have latest update

SOLUTION
——–
1. Enable Regedit, CMD, TaskManager.

2. Restart the comp in “Safe Mode with Command Prompt”

3. Type:
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Runonce
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 1
reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v Shell /t REG_SZ /d Explorer.exe

4. Type:
del “%windir%\autorun.inf” /f /a
del “%windir%\smss.exe” /f /a
del “%windir%\killer.exe” /f /a
del “%windir%\Funny UST Scandal.exe” /f /a
del “C:\log” /f /a
del “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe” /f /a

del “D:\autorun.inf” /f /a
del “D:\smss.exe” /f /a
del “D:\Funny UST Scandal.avi.exe” /f /a

*like this for all drives…

5. Type:
TASKMGR
If not working type:
reg delete **********

6. Type:
EXPLORER
If not working type:
reg delete **********

DOWNLOAD

————-

download these file.

run the file 1.bat in normal mode. (simply run)

run the file 2.bat in safe mode with command prompt.

DETAILS: given in 1.bat, when u run it.

thanks to my friend Murtuza Zhabuawala for creating such an easy to use batch file.

First File
Second File
Posted by at 1 comment:
Labels: ,

Thursday, May 22, 2008

Remove viruses manually

" orkut is banded fool, your administrater did not write this program guess how write it"


I’ve found a way to ......... it......

Go to Start-->All programs-->Accessories-->System Tools--->System Restore

Click on the "System Restore" option

now select "Restore my computer to an earlier time"
and press Next>
and now select a back date,and press Next> ------>Ok

Enjoy"------

or the other way is


start PC in SAFE MODE
press ctrl+alt+del --> click on process -->then end process with username svchost.exe
then start-->run-->type c:\heap41a
del all that contains........
& then go to start-->run-->type regedit-->edit -->find heap41a then delete it.
Posted by at No comments:
Subscribe to: Posts (Atom)