Pages - Menu

Katrox's Blog | Computer Articles | Knowledge Articles

Loading...

Monday, May 26, 2008

Funny UST Scandal.avi.exe Virus

============================================================
VIRUS FILES
———–
Name :Funny UST Scandal.avi.exe
Name :SMSS.exe
Icon :Video file (GOM Player)
Type of File :Application
Size :224KB/240KB
Modified :November 20, 2007
Attibutes :Hidden, System (varies)
File Version :3.2.8.1
Description :
Copyright :
CompiledScript :AutoIt v3 Script : 3, 2, 8, 1

BEHIND THE SCREEN
—————–
ModifyRegValue \REGISTRY\USER\S-1-5-21-436374069-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c4da22a-f800-11db-8de6-806d6172696f}\BaseClass
CreateDir C:\log\
CreateFile C:\WINDOWS\autorun.inf
CreateFile C:\WINDOWS\smss.exe
CreateFile C:\WINDOWS\killer.exe
CreateFile C:\WINDOWS\Funny UST Scandal.exe
CreateFile C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe
ModifyRegValue \REGISTRY\USER\S-1-5-21-436374069-1390067357-839522115-1003_CLASSES\.vbs
CreateRegValue \REGISTRY\USER\S-1-5-21-436374069-1390067357-839522115-1003_CLASSES\.reg
CreateRegValue \REGISTRY\USER\S-1-5-21-436374069-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\Runonce
ModifyRegValue \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
ModifyRegValue \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
CreateFile X:\autorun.inf
CreateFile X:\smss.exe
CreateFile X:\Funny UST Scandal.avi.exe
**X=all the drives
IDENTIFIED BY ANTIVIRUS (KAV)
———————–
“Worm.P2P.generic”
“Trojan.generic”
*during installation of virus, not during scanning, i dont have latest update :)
SOLUTION
——–
1. Enable Regedit, CMD, TaskManager.
2. Restart the comp in “Safe Mode with Command Prompt”
3. Type:
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Runonce
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 1
reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v Shell /t REG_SZ /d Explorer.exe
4. Type:
del “%windir%\autorun.inf” /f /a
del “%windir%\smss.exe” /f /a
del “%windir%\killer.exe” /f /a
del “%windir%\Funny UST Scandal.exe” /f /a
del “C:\log” /f /a
del “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe” /f /a
del “D:\autorun.inf” /f /a
del “D:\smss.exe” /f /a
del “D:\Funny UST Scandal.avi.exe” /f /a
*like this for all drives…
5. Type:
TASKMGR
If not working type:
reg delete **********
6. Type:
EXPLORER
If not working type:
reg delete **********
=================
taken from : http://piyushlabs.wordpress.com/smss/

Posted by at
Labels: , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)