Funny UST Scandal.avi.exe Virus

AutoIt v3 Script 3,2,8,1 / SMSS.exe / LSASS.exe / KILLER.exe / Funny UST Scandal.avi.exe
============================================================

VIRUS FILES
———–

Name :Funny UST Scandal.avi.exe
Name :SMSS.exe

Icon :Video file (GOM Player)
Type of File :Application
Size :224KB/240KB
Modified :November 20, 2007
Attibutes :Hidden, System (varies)
File Version :3.2.8.1
Description :
Copyright :
CompiledScript :AutoIt v3 Script : 3, 2, 8, 1

BEHIND THE SCREEN
—————–

ModifyRegValue REGISTRYUSERS-1-5-21-436374069-1390067357-839522115-1003SoftwareMicrosoftWindowsCurrentVersionExplorerMountPoints2{4c4da22a-f800-11db-8de6-806d6172696f}BaseClass
CreateDir C:log
CreateFile C:WINDOWSautorun.inf
CreateFile C:WINDOWSsmss.exe
CreateFile C:WINDOWSkiller.exe
CreateFile C:WINDOWSFunny UST Scandal.exe
CreateFile C:Documents and SettingsAll UsersStart MenuProgramsStartuplsass.exe
ModifyRegValue REGISTRYUSERS-1-5-21-436374069-1390067357-839522115-1003_CLASSES.vbs
CreateRegValue REGISTRYUSERS-1-5-21-436374069-1390067357-839522115-1003_CLASSES.reg
CreateRegValue REGISTRYUSERS-1-5-21-436374069-1390067357-839522115-1003SoftwareMicrosoftWindowsCurrentVersionRunRunonce
ModifyRegValue REGISTRYMACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell
ModifyRegValue REGISTRYMACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALLCheckedValue
CreateFile X:autorun.inf
CreateFile X:smss.exe
CreateFile X:Funny UST Scandal.avi.exe

**X=all the drives

IDENTIFIED BY ANTIVIRUS (KAV)
———————–

“Worm.P2P.generic”
“Trojan.generic”

*during installation of virus, not during scanning, i dont have latest update 🙂

SOLUTION
——–

1. Enable Regedit, CMD, TaskManager.

2. Restart the comp in “Safe Mode with Command Prompt”

3. Type:
reg delete HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun /v Runonce
reg add HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v CheckedValue /t REG_DWORD /d 1
reg add “HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon” /v Shell /t REG_SZ /d Explorer.exe

4. Type:
del “%windir%autorun.inf” /f /a
del “%windir%smss.exe” /f /a
del “%windir%killer.exe” /f /a
del “%windir%Funny UST Scandal.exe” /f /a
del “C:log” /f /a
del “C:Documents and SettingsAll UsersStart MenuProgramsStartuplsass.exe” /f /a

del “D:autorun.inf” /f /a
del “D:smss.exe” /f /a
del “D:Funny UST Scandal.avi.exe” /f /a

*like this for all drives…

5. Type:
TASKMGR
If not working type:
reg delete **********

6. Type:
EXPLORER
If not working type:
reg delete **********

DOWNLOAD

————-

download these file.

run the file 1.bat in normal mode. (simply run)

run the file 2.bat in safe mode with command prompt.

DETAILS: given in 1.bat, when u run it.

thanks to my friend Murtuza Zhabuawala for creating such an easy to use batch file.

http://piyushlabs.googlepages.com/1.bat

http://piyushlabs.googlepages.com/2.bat

146 Responses to “Funny UST Scandal.avi.exe Virus”

  1. NEERAJ KUMAR Says:

    dear piyush
    help me out to get rid off the problem due virus infection:while opening drive in my computer errors comes”Operation has been cancelled due to restriction in effect of your computer,contact system administrator,,,
    please help

  2. Robert Says:

    Hey can you help me, im just wondering but is this for the virus that closes all exe files cuz wen ever i try to open sumtin is says error the aplication has failed to initialize properly and doesnt do anything but opens another box that says the same thing could you please help me i would apriciate it if you would

  3. Pranchal Says:

    Hey piyush!
    The blog contains some really imp stuff that ppl like us wud hv never thought of. Congrats 4 this splendid success in ur noble endeavor.
    My PC has this funny ust scandal virus nd i followed each n every step u hv mentioned to remove it. The ruddy problem is that my Windows Xp is not even showing the task manager.
    So, need ur help.
    I m sure u hv a solution to this one too.
    Kindly look into the matter and let me know wt can be done.
    Best wishes
    Pranchal

  4. parth solanki Says:

    i am from sem-1 b i need to know how can i make a folder in “autorun”

    • piyushlabs Says:

      If you are talking about the “autorun.inf” folder.

      People generally make “Autorun.inf” folder, to prevent the “Autorun.inf” file from being written to the pendrive.
      Most of the viruses, are unable to delete the “Autorun.inf” folder to replace with their infecting “Autorun.inf” file.
      But who knows, u might get a tough virus that can even replace the folder as well.

      Hope thats what u have asked.

  5. alex apple Says:

    Avast! Free removed it from our systems network, but some systems were reimaged.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: