Remove Funny UST Scandal.avi.exe

Details:
1) This will block your Task Manager, Registry Editor and Command Prompt.
2) It hacks in your Yahoo Messenger and sends stupid and senseless messages to them and even a copy of itself.3) It will log your all key strokes and send them to an unknown email address through IM.
4) It slows down your system badly and reinstalling the OS will do no good.
5) It will disable the search and viewing of hidden files.

It’s built using AutoIt V3 virus programming software.--(source= some blog)


Windows XP:
This virus was made mainly to infect XP and Windows NT systems. In XP and NT systems, it makes the following files:
a) Killer.exe (4084 kb) in c:\windows\
b) lsass.exe (3920kb) in c:\documents and settings\all users\start menu\programs\startup
c) xmss.exe (4088kb) in all partitioned drives and in c:\windows
d) autorun.inf (1kb) in all partitioned drives with a script.
e) Funny UST Scandal.avi.exe in all partitions and Funny UST Scandal.exe in c:\Windows.


This Virus makes the following registry entries:
a) HKLM\Software\Microsoft\WindowNT\CurrentVersion\Wi nlogon
shell(killer.exe or xmss.exe)
b) HKCU\Software\Microsoft\windows\Currentversion\Run
Runonce(c:\windows\xmss.exe)

If the virus has completely installed itself, then you can find all these files in your system.

To remove this virus:
a) In order to removes the files, you’ll first have to stop the execution of this virus. To do so, download this file and run it.
b) Now open cmd.exe and go the above mentioned locations and unhide the files by typing: attrib –h –s Funny UST Scandal.exe for C:\windows and so on for all the other files in different locations. You might get an error while unhiding Funny UST Scandal.avi.exe which is placed in all partitions. If you get that error, just leave that file.
c) After unhiding all these files, delete them from your hard disk.
d) Download REPLACER and open it.
e) In the REPLACER type: c:\Funny UST Scandal.avi.exe and press enter. It will now ask you for another file. Create a text file named a.txt in C:\ and then type: c:\ a.txt and press enter. Press Y and press enter. Go to C: drive and there you’ll find 3 files named Funny UST Scandal.backup, Funny UST Scandal.exe and a Temp file. Delete them.
f) Repeat Step e) for all you partitions.


Windows Vista:
Files included:
a) xmss.exe (4088kb) in all partitioned drives and in c:\windows
b) autorun.inf (1kb) in all partitioned drives with a script.
c) Funny UST Scandal.avi.exe in all partitions and Funny UST Scandal.exe in c:\Windows.

Registry Entries:
a) HKLM\Software\Microsoft\WindowNT\CurrentVersion\Wi nlogon
shell(killer.exe or xmss.exe)
b) HKCU\Software\Microsoft\windows\Currentversion\Run
Runonce(c:\windows\xmss.exe)
The second key might no be present.

Removing the Virus:

To remove this virus:
a) In order to removes the files, you’ll first have to stop the execution of this virus. To do so, download this file and run it.
b) Now open cmd.exe and go the above mentioned locations and unhide the files by typing: attrib –h –s Funny UST Scandal.exe for C:\windows and so on for all the other files in different locations. You might get an error while unhiding Funny UST Scandal.avi.exe which is placed in all partitions. If you get that error, just leave that file.
c) After unhiding all these files, delete them from your hard disk.
d) Download REPLACER and open it.
e) In the REPLACER type: c:\Funny UST Scandal.avi.exe and press enter. It will now ask you for another file. Create a text file named a.txt in C:\ and then type: c:\ a.txt and press enter. Press Y and press enter. Go to C: drive and there you’ll find 3 files named Funny UST Scandal.backup, Funny UST Scandal.exe and a Temp file. Delete them.
f) Repeat Step e) for all you partitions.