Thread: Any Help About XMSS.EXE and Funny UST Scandal.avi.EXE
View Single Post
Old 24-11-2007, 07:27 PM   #4
Rey Santos
Guest
 
Posts: n/a
Re: Any Help About XMSS.EXE and Funny UST Scandal.avi.EXE
Congratulations Fahid. Glad to be of help.
--
Rey


"Fahid Shehzad" wrote:

> Thanks A Million Mr. Rey Santos
>
> I have succesfully removed the viruses with your instructions
>
> Thanks Again
>
>
> "Rey Santos" <ReySantos@discussions.microsoft.com> wrote in message
> news:1DB9F302-478D-4F95-B9B6-B610EFE6549C@microsoft.com...
> > From Sophos: http://www.sophos.com/security/analy...2sdbotdiq.html
> >
> > From a Philippines forum UST is University of Sto. Tomas a prestigious
> > Philippine universty:
> > http://www.pcx.com.ph/forum/display_...28487&get=last
> >
> > Some of it is in local language so I had to translate below:
> >
> > Software used to build the virus= AutoIt V3
> > drop Files- killer.exe(4084 kb) in c:\windows\
> > lsass.exe(3920kb) in c:\documents and settings\all users\start
> > menu\programs\startup
> > smss.exe(4088kb) in all root drives and in c:\windows
> > autorun.inf(1kb) in all root drives with a script
> >
> > [autorun]
> > open=smss.exe
> > shell\Open\Command=smss.exe
> > shell\open\Default=1
> > shell\Explore\Command=smss.exe
> > shell\Autoplay\command=smss.exe
> >
> > Funny UST Scandal.avi.exe(228kb) in all root drives
> >
> > Registry
> > Entries-HKLM\Software\Microsoft\WindowNT\CurrentVersion\Wi nlogon=shell(killer.exe)
> >
> > HKCU\Software\Microsoft\windows\Currentversion\Run =runonce(c:\windows\smss.exe)
> >
> >
> > HOw to remove this lame virus????
> >
> > -first download taskiller in http://www.rsdsoft.com/task_killer/index.php4
> > and install it to
> > your computer because you cant use taskmanager to terminate the virus(the
> > virus automatically close taskmanager).
> >
> > -run taskiller and left click it on the system tray(the one with a skull
> > icon)
> >
> > -click processes
> >
> > -to close the virus, select process and click yes to the question
> >
> > (process to close)
> > 1.killer.exe
> > 2.lsass.exe
> > 3.smss.exe
> >
> > note: close only file that have the same icon of Funny UST Scandal.avi.exe
> >
> >
> > CMD STEPS
> > 1-now, click "start" then "run"
> > 2-type "cmd" without quotes
> > 3-type "cd\" without quotes
> > 4-type "attrib -h -s smss.exe" without quotes
> > 5-type "attrib -h -s autorun.inf" without quotes
> > 6-type "start c:" without quotes(a new window will open)
> > 7-select smss.exe,autorun.inf,Funny UST Scandal.avi.exe and delete it
> >
> > -if theres any drive or a partition type "d:" in command prompt without
> > quotes
> > "d" is the drive letter then repeat the CMD STEPS number 4-7 above.......
> >
> > -now type this on the command prompt "cd windows" without quotes(na
> > naman!)
> > -type "attrib -h -s smss.exe" without quotes(uli)
> > -type "start c:\windows" without quotes(hay naku!)
> > -delete the file smss.exe
> > -now, goto c:\documents and settings\all users\startmenu\programs\startup
> > -delete lsass.exe
> >
> > -click "start" then "run"
> > -type "regedit" without quotes then delete the registry entries above....
> >
> > Note:
> > If you have problems opening drives in My Computer open regedit find
> > "\smss.exe" then erase values like: "c:\smss.exe", "d:\smss.exe" etc..
> >
> > --
> > Rey
> >
> >
> > "Fahid" wrote:
> >
> >> Can Someone help about these viruses/spywares
> >>
> >> XMSS.EXE
> >>
> >> Funny UST Scandal.avi.EXE
> >>
> >>
> >>
>
>
>
  Reply With Quote