Funny UST Scandal.avi.exe Virus
AutoIt v3 Script 3,2,8,1 / SMSS.exe / LSASS.exe / KILLER.exe / Funny UST Scandal.avi.exe
============================================================
VIRUS FILES
———–
Name :Funny UST Scandal.avi.exe
Name :SMSS.exe
Icon :Video file (GOM Player)
Type of File :Application
Size :224KB/240KB
Modified :November 20, 2007
Attibutes :Hidden, System (varies)
File Version :3.2.8.1
Description :
Copyright :
CompiledScript :AutoIt v3 Script : 3, 2, 8, 1
BEHIND THE SCREEN
—————–
ModifyRegValue REGISTRYUSERS-1-5-21-436374069-1390067357-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerMountPoints2{4c4da22a-f800-11db-8de6-806d6172696f}BaseClass
CreateDir C:log
CreateFile C:WINDOWSautorun.inf
CreateFile C:WINDOWSsmss.exe
CreateFile C:WINDOWSkiller.exe
CreateFile C:WINDOWSFunny UST Scandal.exe
CreateFile C:Documents and SettingsAll UsersStart MenuProgramsStartuplsass.exe
ModifyRegValue REGISTRYUSERS-1-5-21-436374069-1390067357-839522115-1003_CLASSES.vbs
CreateRegValue REGISTRYUSERS-1-5-21-436374069-1390067357-839522115-1003_CLASSES.reg
CreateRegValue REGISTRYUSERS-1-5-21-436374069-1390067357-839522115-1003SoftwareMicrosoftWindowsCurrentVersionRunRunonce
ModifyRegValue REGISTRYMACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell
ModifyRegValue REGISTRYMACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALLCheckedValue
CreateFile X:autorun.inf
CreateFile X:smss.exe
CreateFile X:Funny UST Scandal.avi.exe
**X=all the drives
IDENTIFIED BY ANTIVIRUS (KAV)
———————–
“Worm.P2P.generic”
“Trojan.generic”
*during installation of virus, not during scanning, i dont have latest update 
SOLUTION
——–
1. Enable Regedit, CMD, TaskManager.
2. Restart the comp in “Safe Mode with Command Prompt”
3. Type:
reg delete HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun /v Runonce
reg add HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v CheckedValue /t REG_DWORD /d 1
reg add “HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon” /v Shell /t REG_SZ /d Explorer.exe
4. Type:
del “%windir%autorun.inf” /f /a
del “%windir%smss.exe” /f /a
del “%windir%killer.exe” /f /a
del “%windir%Funny UST Scandal.exe” /f /a
del “C:log” /f /a
del “C:Documents and SettingsAll UsersStart MenuProgramsStartuplsass.exe” /f /a
del “D:autorun.inf” /f /a
del “D:smss.exe” /f /a
del “D:Funny UST Scandal.avi.exe” /f /a
*like this for all drives…
5. Type:
TASKMGR
If not working type:
reg delete **********
6. Type:
EXPLORER
If not working type:
reg delete **********
DOWNLOAD
————-
download these file.
run the file 1.bat in normal mode. (simply run)
run the file 2.bat in safe mode with command prompt.
DETAILS: given in 1.bat, when u run it.
thanks to my friend Murtuza Zhabuawala for creating such an easy to use batch file.
29 September, 2008 at 1:40 pm |
dear piyush
help me out to get rid off the problem due virus infection:while opening drive in my computer errors comes”Operation has been cancelled due to restriction in effect of your computer,contact system administrator,,,
please help
14 October, 2008 at 3:20 am |
Hey can you help me, im just wondering but is this for the virus that closes all exe files cuz wen ever i try to open sumtin is says error the aplication has failed to initialize properly and doesnt do anything but opens another box that says the same thing could you please help me i would apriciate it if you would
21 October, 2008 at 7:00 pm |
Hey piyush!
The blog contains some really imp stuff that ppl like us wud hv never thought of. Congrats 4 this splendid success in ur noble endeavor.
My PC has this funny ust scandal virus nd i followed each n every step u hv mentioned to remove it. The ruddy problem is that my Windows Xp is not even showing the task manager.
So, need ur help.
I m sure u hv a solution to this one too.
Kindly look into the matter and let me know wt can be done.
Best wishes
Pranchal
6 August, 2010 at 4:43 pm |
i am from sem-1 b i need to know how can i make a folder in “autorun”
7 August, 2010 at 2:19 am
If you are talking about the “autorun.inf” folder.
People generally make “Autorun.inf” folder, to prevent the “Autorun.inf” file from being written to the pendrive.
Most of the viruses, are unable to delete the “Autorun.inf” folder to replace with their infecting “Autorun.inf” file.
But who knows, u might get a tough virus that can even replace the folder as well.
Hope thats what u have asked.
27 April, 2011 at 4:41 am |
Avast! Free removed it from our systems network, but some systems were reimaged.