How to Remove Funny UST Scandal.avi.exe and smss.exe trojan

Thursday, May 7, 2009 Leave a Comment

If you have your yahoo messenger logged in, it will automatically private message) your list, and it will say, “view this, its very funny” then will send you a file named ustscandal.avi.exe to your friends list.

This worm also will send a link through yahoo messenger, then after you’ve click the link that they gave to you, kaboom, your infected with the worm.

It can also duplicate itself on any removable media and network drives present in your computer.

Here are the files of the WORM:

* x: autorun.inf
* x: xmss.exe
* x: Funny UST Scandal.avi.exe
* %Windir%\autorun.inf
* %Windir%\xmss.exe
* %Windir%\Funny UST Scandal.avi.exe

Heres how to remove it manually:

1. Restart windows

Start > Turn Off Computer > Restart

2. Boot in safe mode

After the bios startup screen PRESS F8 this will let you choose “Windows Startup Mode”

Select safe mode.

3. In the windows safe mode. Press Start > Run then type regedit

4. Now your inside the Registry Editor.

Browse to the following registry settings ↓

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

5. Replace
explorer.exe, xmss.exe with explorer.exe

( explorer.exe is the default one in the windows logon sequence )

6. Delete all the following files

* C:\autorun.inf
* C:\xmss.exe
* C:\Funny UST Scandal.avi.exe
* X:\autorun.inf
* X:\xmss.exe
* X:\Funny UST Scandal.avi.exe
* %Windir%\autorun.inf
* %Windir%\xmss.exe
* %Windir%\Funny UST Scandal.avi.exe

( %Windir% refers to the Windows folder (e.g. C:\Windows, C:\WindowsNT) )
( X: is drive letters used by a removable or network drive )

7. Clean All Windows Temporary Files

8. Restart Windows

Share this Post :
| More


Leave your response!

Add your comment below,or trackback from your own site.

Be nice. Keep it clean. Stay on topic. No spam.