remover of the funny UST Scandal

Im The Remover

Funny UST Scandal, smss Virus

What a lame virus......peace...!!!!! MABUHAY ANG LIPA(Lipa City Public College)F.E.S
Before I teach you how to remove this... first... this is the information
of that virus....

Software used to build the virus= AutoIt V3
drop Files- killer.exe(4084 kb) in c:\windows\
lsass.exe(3920kb) in c:\documents and settings\all users\start menu\programs\startup
smss.exe(4088kb) in all root drives and in c:\windows
autorun.inf(1kb) in all root drives with a script

[autorun]
open=smss.exe
shell\Open\Command=smss.exe
shell\open\Default=1
shell\Explore\Command=smss.exe
shell\Autoplay\command=smss.exe

Funny UST Scandal.avi.exe(228kb) in all root drives

Registry Entries-HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon=shell(killer.exe)
HKCU\Software\Microsoft\windows\Currentversion\Run=runonce(c:\windows\smss.exe)

HOw to remove this lame virus????

-first download taskiller in http://www.rsdsoft.com/task_killer/index.php4 and install it to
your computer because you cant use taskmanager to terminate the virus(the virus automatically close taskmanager).

-run taskiller and left click it on the system tray(the one with a skull icon)

-click processes

-to close the virus, select process and click yes to the question

(process to close)
1.killer.exe
2.lsass.exe
3.smss.exe

note: close only file that have the same icon of Funny UST Scandal.avi.exe

CMD STEPS
1-now, click "start" then "run"
2-type "cmd" without quotes
3-type "cd\" without quotes
4-type "attrib -h -s smss.exe" without quotes
5-type "attrib -h -s autorun.inf" without quotes
6-type "start c:" without quotes(a new window will open)
7-select smss.exe,autorun.inf,Funny UST Scandal.avi.exe and delete it

-if theres any drive or a partition type "d:" in command prompt without quotes
"d" is the drive letter then repeat the CMD STEPS number 4-7 above.......

-now type this on the command prompt "cd windows" without quotes(na naman!)
-type "attrib -h -s smss.exe" without quotes(uli)
-type "start c:\windows" without quotes(hay naku!)
-delete the file smss.exe
-now, goto c:\documents and settings\all users\startmenu\programs\startup
-delete lsass.exe

-click "start" then "run"
-type "regedit" without quotes then delete the registry entries above....

-thats all!!!!!! MABUHAY ANG LIPA(6519)

Note:
Magtatagalog na ako.. hirap na akong mag english......
Kapag nagkaproblema kau sa pagoopen ng drives sa mycomputer open
nyo lang uli ang regedit tpos find nyo lang ang "smss.exe"
tpos burahin nyo ung mga value na katulad nito--->>"c:\smss.exe","d:\smss.exe" etc.....
ok?????

Credits to :fs6519 thanx Man

jaymyka.wen9.com new virus spread by usb Heres a way to remove it

if you are infected by this virus just do the following to delete it manually;

1. open my computer then click tools, go to folder options, click view, select show hidden files and folders then uncheck "hide extensions for known file types" and uncheck also "hide protected operating system files" then click apply and ok.

2. now open your drive(s) using the address bar (you cannot double click your drives if you are infected) then click C: there you will see "jay.exe" and "autorun.inf", delete both of them, then go to address bar again and choose the other drives (depends on how many partition you have) TAKE NOTE: never click the "back" button, always go to address bar to select the drives,do the same procedure (like in Drive C:)

3. now go to registry editor, highlight my computer then click edit and search "jaymyka.wen9.com" also "jay.exe" and "mveo.exe", if you see them DELETE them all, be sure you deleted all of them then restart your pc.

4. after you restart, try to open my computer and double click your drive(s), check if "jay.exe" and "autorun.inf" totally gone, and you're done.

gud luck guys