Funny UST Scandal Virus
- Thread starter me_ankitroy
- Start date
-
- Tags
- doesnot mad reinstalling virus windows
- Status
dOm1naTOr
Wise Old Owl
there are fixes for this file nd the hack just stops the service of this virus....nd u can manually delete them from within windows itself, but it will not be removed from windows system32 folder. So after that do a format nd clean install of XP wud do the job...
DO u want that fix?
DO u want that fix?
ajayritik
Technomancer
I ran the Kubuntu Live Cd but I dont know how I can access the files or how can I delete them. there are things like /etc /bin. The interface is not like Windows Explorer or command prompt. How do I locate the file? Do we have any application in kubuntu which resembles like command prompt. I think I have to figure it out which folder or directory I have to access. Is there anythhing called mount thing necessary here? Can I get Knopixx from Digit CD?
lywyre
Cyborg Agent
Some times, it takes time for our favourite AV company to find a cure for the damnest latest virus. In the mean time we will be suffering with our super secure Windows XP with Service Pack 2.
But most of the virus has some characteristics. First, they are files like any others and executables like many others. Two, they need to be run/triggered or they need any host to run like a parasite (like running under explorer.exe) or they may camouflage themselves as some other windows programs/services (svchost.exe, spoolsv.exe, smss.exe, csrss.exe). And most of them are have system attribute from being detected in the explorer. And yes, they disable/screw up folder options so that we don't see them any way. And lastly they all steal data and they all mass mail themselves to email ids they harvest from our systems.
Most of them can be removed by us manually. It would be time consuming, frustrating and irritating. But they can be removed. Most common places they reside are: %WINDIR%, %WINDIR%/system32, %TEMP%, My Documents, root of the drives. Some are triggered by opening the folder (Autorun.exe), custom script of the directory (desktop.ini) or by double clicking (like having the icon of an image file).
Most of us have forgot the lame, useless, complex (and what not) command line. Truth is, command line is more powerful, smart and effective than the gui. With combination of certain free tools, we can remove most virii/trojans using command line.
Tools required: ProcessExplorer and Autoruns from Sysinternals.com (now Microsoft) and cmd.
*technet.microsoft.com/hi-in/sysinternals/default(en-us).aspx
Run process explorer and endtask explorer.exe, and virii/trojans that run under it. Warning: donot end any task that run under 'Services', unless you know what your are doing. It is better to close any IE windows too. Need not worry about firefox/opera. Don't close ProcessExplorer yet. If your task manager is disabled you cannot start explorer again.
From the menu choose 'Run' and run 'Autoruns.exe' from where you have saved. This will list all the programs that run during startup. Note down the locations of malware and navigate to that location in the command window and delete the file. The file may be marked system, in that case, the attrib can be changed using the command '\>attrib -s -h -r filename.ext'. Delete all the autorun.inf files from the root directories. Now delete all the malware entries in Autoruns.exe. Now start the explorer again using "Run" in ProcessExplorer.
This can be effective against most malware that spread through portable storage devices and I use this method to remove Semo.exe, amvo.exe, d.com and some other malware that get into my system. Hope avast finds this soon.
But most of the virus has some characteristics. First, they are files like any others and executables like many others. Two, they need to be run/triggered or they need any host to run like a parasite (like running under explorer.exe) or they may camouflage themselves as some other windows programs/services (svchost.exe, spoolsv.exe, smss.exe, csrss.exe). And most of them are have system attribute from being detected in the explorer. And yes, they disable/screw up folder options so that we don't see them any way. And lastly they all steal data and they all mass mail themselves to email ids they harvest from our systems.
Most of them can be removed by us manually. It would be time consuming, frustrating and irritating. But they can be removed. Most common places they reside are: %WINDIR%, %WINDIR%/system32, %TEMP%, My Documents, root of the drives. Some are triggered by opening the folder (Autorun.exe), custom script of the directory (desktop.ini) or by double clicking (like having the icon of an image file).
Most of us have forgot the lame, useless, complex (and what not) command line. Truth is, command line is more powerful, smart and effective than the gui. With combination of certain free tools, we can remove most virii/trojans using command line.
Tools required: ProcessExplorer and Autoruns from Sysinternals.com (now Microsoft) and cmd.
*technet.microsoft.com/hi-in/sysinternals/default(en-us).aspx
Run process explorer and endtask explorer.exe, and virii/trojans that run under it. Warning: donot end any task that run under 'Services', unless you know what your are doing. It is better to close any IE windows too. Need not worry about firefox/opera. Don't close ProcessExplorer yet. If your task manager is disabled you cannot start explorer again.
From the menu choose 'Run' and run 'Autoruns.exe' from where you have saved. This will list all the programs that run during startup. Note down the locations of malware and navigate to that location in the command window and delete the file. The file may be marked system, in that case, the attrib can be changed using the command '\>attrib -s -h -r filename.ext'. Delete all the autorun.inf files from the root directories. Now delete all the malware entries in Autoruns.exe. Now start the explorer again using "Run" in ProcessExplorer.
This can be effective against most malware that spread through portable storage devices and I use this method to remove Semo.exe, amvo.exe, d.com and some other malware that get into my system. Hope avast finds this soon.
Last edited:
rollcage
AMD user for 9 yrs!!
Hey ,, its a spyware not virus, thats why not removed by the AntiVirus ..techinical diff haha. wtf.
I use ESET System Security.. that has everything built it, with NOD32 AV
This virus that you got comes from Pen-drives generally.
Anyways to remove follow this-
try what posted here and
*www.thinkdigit.com/forum/showpost.php?p=739618&postcount=3
If you running XP ..
1. boot in safe mode,
2. Login with Adminstrator
3. Show all hiddden files,
4. you will see three files in the root of every Drive,
Delete those three files.
5. Restart hope you are done.
Give It a try!
I use ESET System Security.. that has everything built it, with NOD32 AV
This virus that you got comes from Pen-drives generally.
Anyways to remove follow this-
try what posted here and
*www.thinkdigit.com/forum/showpost.php?p=739618&postcount=3
If you running XP ..
1. boot in safe mode,
2. Login with Adminstrator
3. Show all hiddden files,
4. you will see three files in the root of every Drive,
Delete those three files.
5. Restart hope you are done.
Give It a try!
ajayritik
Technomancer
Well finally I was able to delete these files as suggested by you and some others members of the forum. But I'm still unable to connect to the internet. I was able to resolve the problem but I think the problem maybe partially solved. I followed the instructions given by Abhishek in the following thread.
*www.thinkdigit.com/forum/showthread.php?t=78794
But in the above thread I'm unable to perform step e for removal of virus using Replacer program. And one more thing I heard that this thing comes back again unless we format the C: because it may reside in other folders etc.
How do I make sure that this thing is not there on my PC. I remember doing almost all the steps given in the internet except the ones which suggest me to use a knoppix CD.
*www.thinkdigit.com/forum/showthread.php?t=78794
But in the above thread I'm unable to perform step e for removal of virus using Replacer program. And one more thing I heard that this thing comes back again unless we format the C: because it may reside in other folders etc.
How do I make sure that this thing is not there on my PC. I remember doing almost all the steps given in the internet except the ones which suggest me to use a knoppix CD.
nepalidevil
Right off the assembly line
hey no need to use live cds. just write a batch file
tskill killer
tskill smss (if there is smss in startup)
and afer that u can use mediator trick
deleting the files
see the virus also copies itself on root drive so be careful
use winrar or nero to delete the virus
and it copies it self on startup so delete it also
and after that use the registry cleaner to clean the registry.
see the virus just copies itself on rootdir. system dir. and startup dir.
you just have to delete all the files. the virus have all same icons.
and they are superhidden also.
tskill killer
tskill smss (if there is smss in startup)
and afer that u can use mediator trick
deleting the files
see the virus also copies itself on root drive so be careful
use winrar or nero to delete the virus
and it copies it self on startup so delete it also
and after that use the registry cleaner to clean the registry.
see the virus just copies itself on rootdir. system dir. and startup dir.
you just have to delete all the files. the virus have all same icons.
and they are superhidden also.
Last edited:
rollcage
AMD user for 9 yrs!!
ok sorry for that ya,
Actually ... I did got this virus in january, when I borrowed my classmate's pen drive for practice papers.
I had at that time I think Avira, (I keep on formatting n experimenting), then i found that it did recognised it but didnt delete it.
wtf .. I said ..
I noticed that there is a file in every Partition root,
(you can see that after enabling the hiddenfiles n system files)
it came againafter deleting them ..
so I booted in safemode.. and deleted those files.. done
but when I restarted there was still files coming up
then after searching for google.
found out that killer.exe n few others are copied by it in windows installtion, and that file runs so that it recopies that files back to where you manually deleted it.
so...
then Got to eset nod32 AV 3.0.621, it helped removed it completely,
some of it removed by it .. some i tried my self removing from safe mode.
just searching those file names again n again..before its completely gone when NOD32 got it.
now you have to try that ..but still strange that you havent been able to remove it.
thats actually very simple .. search for those files from windows root.
tell whats the status ... plz for godsake ...
- Status