Monday, August 11, 2008

VIRUS SOLUTION: Funny UST Scandal.avi.exe

Virus Details:

Name : Funny UST Scandal.avi.exe
SMSS.exe

Size: 224KB

Common Characteristics:
  • Task-Manager Blocked
  • CMD Blocked
  • Regedit Blocked
  • Autoruns Created
  • System is slower than ever
  • Folder "log" in drive
  • smss.exe and Funny UST Scandal.avi.exe in Drives

Virus Removal Steps:

Enable Task-Manager, Regedit access by the first post, else run these registry entries to get them back temporarily.
Download TuneUp Utilities and follow the standard three steps:

1. Kill Process (Use Tune-up task-manager if Task-Manager is disabled)
2. Remove from File System (You can use unlocker, if necessary)
3. Remove registry Entries (Use Tune-up Registry editor if regedit is disabled)

Technicalities:

The following .BAT code is again a repetition of what's said above, the three steps


You can either copy this code, save it as virusRemover.BAT or download it from here
Run this (Double-Click) this in safe-mode. The steps are:
  1. Restart computer
  2. Keep pressing F8
  3. Choose one of the three Safe Mode options
  4. Login to your Account
  5. Double-Click on this file
  6. Once it is done, restart back normally

______________________________________________________

title UST Scandal Removal
echo off
cls
echo Funny UST Scandal Removal
echo Killing Virus Processes...
pause
taskkill /IM "killer.exe" /t /f
taskkill /IM "Funny UST Scandal.exe" /t /f
taskkill /IM "Funny UST Scandal.avi.exe" /t /f
pause
echo Deleting Virus files from file-System...
pause
del "%windir%\autorun.inf" /f /a
del "%windir%\smss.exe" /f /a
del "%windir%\killer.exe" /f /a
del "%windir%\Funny UST Scandal.*" /f /a
del "C:\log" /f /a
del "D:\log" /f /a
del "E:\log" /f /a
del "F:\log" /f /a
del "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe" /f /a
del "D:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe" /f /a
del "C:\autorun.inf" /f /a
del "C:\smss.exe" /f /a
del "C:\Funny UST Scandal.*" /f /a
del "D:\autorun.inf" /f /a
del "D:\smss.exe" /f /a
del "D:\Funny UST Scandal.*" /f /a
del "E:\autorun.inf" /f /a
del "E:\smss.exe" /f /a
del "E:\Funny UST Scandal.*" /f /a
del "F:\autorun.inf" /f /a
del "F:\smss.exe" /f /a
del "F:\Funny UST Scandal.*" /f /a
echo Reverting Registry Entries...
echo Enabling Registry...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
echo Enabling TaskManager...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
echo Enabling Run...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRun /t REG_DWORD /d 0 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v DisallowRun /t REG_DWORD /d 0 /f
echo Enabling Control Panel...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoDispCPL /t REG_DWORD /d 0 /f
echo Enabling Folder Options...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f
echo Enabling Hidden Files...
pause
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v DefaultValue /t REG_DWORD /d 2 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 1 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v DefaultValue /t REG_DWORD /d 2 /f
echo Removing Autoruns...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /f
reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /f
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runonce /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runonce /f
echo Fixing Explorer Handles...
pause
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d Explorer.exe /f
echo Finishing...
echo UST Scandal Remover terminated successfully
pause
exit
______________________________________________________
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)