Funny UST Scandal.avi.exe Virus

AutoIt v3 Script 3,2,8,1 / SMSS.exe / LSASS.exe / KILLER.exe / Funny UST Scandal.avi.exe


Name :Funny UST Scandal.avi.exe
Name :SMSS.exe

Icon :Video file (GOM Player)
Type of File :Application
Size :224KB/240KB
Modified :November 20, 2007
Attibutes :Hidden, System (varies)
File Version :
Description :
Copyright :
CompiledScript :AutoIt v3 Script : 3, 2, 8, 1


ModifyRegValue REGISTRYUSERS-1-5-21-436374069-1390067357-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerMountPoints2{4c4da22a-f800-11db-8de6-806d6172696f}BaseClass
CreateDir C:log
CreateFile C:WINDOWSautorun.inf
CreateFile C:WINDOWSsmss.exe
CreateFile C:WINDOWSkiller.exe
CreateFile C:WINDOWSFunny UST Scandal.exe
CreateFile C:Documents and SettingsAll UsersStart MenuProgramsStartuplsass.exe
ModifyRegValue REGISTRYUSERS-1-5-21-436374069-1390067357-839522115-1003_CLASSES.vbs
CreateRegValue REGISTRYUSERS-1-5-21-436374069-1390067357-839522115-1003_CLASSES.reg
CreateRegValue REGISTRYUSERS-1-5-21-436374069-1390067357-839522115-1003SoftwareMicrosoftWindowsCurrentVersionRunRunonce
ModifyRegValue REGISTRYMACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell
ModifyRegValue REGISTRYMACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALLCheckedValue
CreateFile X:autorun.inf
CreateFile X:smss.exe
CreateFile X:Funny UST Scandal.avi.exe

**X=all the drives



*during installation of virus, not during scanning, i dont have latest update 🙂


1. Enable Regedit, CMD, TaskManager.

2. Restart the comp in “Safe Mode with Command Prompt”

3. Type:
reg delete HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun /v Runonce
reg add HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v CheckedValue /t REG_DWORD /d 1
reg add “HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon” /v Shell /t REG_SZ /d Explorer.exe

4. Type:
del “%windir%autorun.inf” /f /a
del “%windir%smss.exe” /f /a
del “%windir%killer.exe” /f /a
del “%windir%Funny UST Scandal.exe” /f /a
del “C:log” /f /a
del “C:Documents and SettingsAll UsersStart MenuProgramsStartuplsass.exe” /f /a

del “D:autorun.inf” /f /a
del “D:smss.exe” /f /a
del “D:Funny UST Scandal.avi.exe” /f /a

*like this for all drives…

5. Type:
If not working type:
reg delete **********

6. Type:
If not working type:
reg delete **********



download these file.

run the file 1.bat in normal mode. (simply run)

run the file 2.bat in safe mode with command prompt.

DETAILS: given in 1.bat, when u run it.

thanks to my friend Murtuza Zhabuawala for creating such an easy to use batch file.

146 Responses to “Funny UST Scandal.avi.exe Virus”


    dear piyush
    help me out to get rid off the problem due virus infection:while opening drive in my computer errors comes”Operation has been cancelled due to restriction in effect of your computer,contact system administrator,,,
    please help

  2. Robert Says:

    Hey can you help me, im just wondering but is this for the virus that closes all exe files cuz wen ever i try to open sumtin is says error the aplication has failed to initialize properly and doesnt do anything but opens another box that says the same thing could you please help me i would apriciate it if you would

  3. Pranchal Says:

    Hey piyush!
    The blog contains some really imp stuff that ppl like us wud hv never thought of. Congrats 4 this splendid success in ur noble endeavor.
    My PC has this funny ust scandal virus nd i followed each n every step u hv mentioned to remove it. The ruddy problem is that my Windows Xp is not even showing the task manager.
    So, need ur help.
    I m sure u hv a solution to this one too.
    Kindly look into the matter and let me know wt can be done.
    Best wishes

  4. parth solanki Says:

    i am from sem-1 b i need to know how can i make a folder in “autorun”

    • piyushlabs Says:

      If you are talking about the “autorun.inf” folder.

      People generally make “Autorun.inf” folder, to prevent the “Autorun.inf” file from being written to the pendrive.
      Most of the viruses, are unable to delete the “Autorun.inf” folder to replace with their infecting “Autorun.inf” file.
      But who knows, u might get a tough virus that can even replace the folder as well.

      Hope thats what u have asked.

  5. alex apple Says:

    Avast! Free removed it from our systems network, but some systems were reimaged.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: