How to manually remove Funny UST Scandal.avi.exe (worm)

Software used to build the virus= AutoIt V3
drop Files- killer.exe(4084 kb) in c:\windows\
lsass.exe(3920kb) in c:\documents and settings\all users\start menu\programs\startup
smss.exe(4088kb) in all root drives and in c:\windows
autorun.inf(1kb) in all root drives with a script

[autorun]
open=smss.exe
shell\Open\Command=smss.exe
shell\open\Default=1
shell\Explore\Command=smss.exe
shell\Autoplay\command=smss.exe

Funny UST Scandal.avi.exe(228kb) in all root drives

Registry Entries-HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon=shell(killer.exe)
HKCU\Software\Microsoft\windows\Currentversion\Run=runonce(c:\windows\smss.exe)


HOw to remove this virus????

first download taskiller in here and install it to your computer because you can’t use task manager to terminate the virus(the virus automatically close task manager).

run taskiller and left click it on the system tray(the one with a skull icon)
click processes to close the virus, select process and click yes to the question

(process to close)


killer.exe
lsass.exe
smss.exe
note: close only file that have the same icon of Funny UST Scandal.avi.exe

CMD STEPS


1 now, click “start” then “run”
2 type “cmd” without quotes
3 type “cd\” without quotes
4 type “attrib -h -s smss.exe” without quotes
5 type “attrib -h -s autorun.inf” without quotes
6 type “start c:” without quotes (a new window will open)
7 select smss.exe, autorun.inf, Funny UST Scandal.avi.exe and delete it

If theres any drive or a partition type “d:” in command prompt without quotes “d” is the drive letter then repeat the CMD STEPS number 4-7 above…….

- now type this on the command prompt “cd windows” without quotes.
- type “attrib -h -s smss.exe” (without quotes)
- type “start c:\windows” (without quotes)
- delete the file smss.exe
- now, goto c:\documents and settings\all users\startmenu\programs\startup
- delete lsass.exe

click “start” then “run”
type “regedit” without quotes then delete the registry entries above….