Well we can remove this virus by a simple removal tool and through manual procedure also, lets first discuss about automatic removal tool.
Funny UST Virus Activities:
First of all this virus is not funny at all, either it may put yourself in state of embarrassment when it sends some senseless message to your friends in your yahoo messenger buddies.
It creates following files:
* Killer.exe in c:\windows\
* lsass.exe in c:\documents and settings\all users\start menu\programs\startup
* xmss.exe in the root drive of all partitions and also in c:\windows
* autorun.inf in all the partitions.
* the main file Funny UST Scandal.avi.exe in all the partitions and
* Funny UST Scandal.exe in c:\Windows.
Not only this, it also creates the following entries:
HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce
You will find all these or some of these files if your system is infected by this virus.
Method 1: Remove the virus automatically by UST Virus removal Tool. Download it here
Method 2: Manual removal procedure.
1. Firstly you need to end process running by the virus, for this download process explorer.
killer.exe ,b.lsass.exe ,c.smss.exe
Note: close all those processes that have the same icon of Funny UST Sandal.avi.exe
2. Open Start >> Run and type “cmd” (without quotes) and press enter.
3. Above command will open up command prompt, type “cd\” (without quotes)
4. Type “attrib -h -s smss.exe” (without quotes)
5. Type “attrib -h -s autorun.inf” (without quotes)
6. Repeat step 4 and 5 for all the drives through command prompt (on the root folder)
7. Now open all your drives one by one by typing C: ,D: and so on in the address bar at the top, delete smss.exe,autorun.inf,Funny UST Scandal.avi.exe
8. Open command prompt again by following step 2.
9. Type “cd c:\windows” (without quotes)
10. Type “attrib -h -s smss.exe” (without quotes)and press enter. Type “delete smss.exe” and press enter also type “delete lsass.exe” and press enter.
11. Now Open Start >> Run and type regedit and press enter.
12. Locate these paths one by one in the registry.
* HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell
* HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce
At these paths, locate the keys which have values as (killer.exe) and (c:\windows\smss.exe). Delete these registry keys.
Done!
We hope you will be able to remove the virus by at least one of the method specified above, if not please let us know through comments.
No comments:
Post a Comment