Get Rid The Funny UST Scandal.avi. exe (Vista and XP)

Remove Funny UST Scandal.avi. exe (Vista and XP)Details:
1) This will block your Task Manager, Registry Editor and Command Prompt.
2) It hacks in your Yahoo Messenger and sends stupid and senseless messages to them and even a copy of itself. (ask gigacore if you don’t believe me!!!:P)
3) It will log your all key strokes and send them to an unknown email address through IM.
4) It slows down your system badly and reinstalling the OS will do no good.
5) It will disable the search and viewing of hidden files.
It’s built using AutoIt V3 virus programming software.--( source= some blog)

Windows XP:
This virus was made mainly to infect XP and Windows NT systems.
In XP and NT systems, it makes the following files:
a) Killer.exe (4084 kb) in c:\windows\
b) lsass.exe (3920kb) in c:\documents and settings\all users\start menu\programs\ startup
c) xmss.exe (4088kb) in all partitioned drives and in c:\windows
d) autorun.inf (1kb) in all partitioned drives with a script.
e) Funny UST Scandal.avi. exe in all partitions and Funny UST Scandal.exe in c:\Windows.

This Virus makes the following registry entries:
a) HKLM\Software\ Microsoft\ WindowNT\ CurrentVersion\ Wi nlogonshell(killer. exe or xmss.exe)
b) HKCU\Software\ Microsoft\ windows\Currentv ersion\RunRunonce(c:\windows\ xmss.exe)If the virus has completely installed itself, then you can find all these files in your system.
To remove this virus:
a) In order to removes the files, you’ll first have to stop the execution of this virus. To do so, download this file and run it.
b) Now open cmd.exe and go the above mentioned locations and unhide the files by typing: attrib –h –s Funny UST Scandal.exe for C:\windows and so on for all the other files in different locations. You might get an error while unhiding Funny UST Scandal.avi. exe which is placed in all partitions. If you get that error, just leave that file.
c) After unhiding all these files, delete them from your hard disk.
d) Download REPLACER and open it.
e) In the REPLACER type: c:\Funny UST Scandal.avi. exe and press enter. It will now ask you for another file. Create a text file named a.txt in C:\ and then type: c:\ a.txt and press enter. Press Y and press enter. Go to C: drive and there you’ll find 3 files named Funny UST Scandal.backup, Funny UST Scandal.exe and a Temp file. Delete them.
f) Repeat Step e) for all you partitions.

Windows Vista: Files included:
a) xmss.exe (4088kb) in all partitioned drives and in c:\windows
b) autorun.inf (1kb) in all partitioned drives with a script.
c) Funny UST Scandal.avi. exe in all partitions and Funny UST Scandal.exe in c:\Windows.
Registry Entries:
a) HKLM\Software\ Microsoft\ WindowNT\ CurrentVersion\ Wi nlogonshell(killer. exe or xmss.exe)
b) HKCU\Software\ Microsoft\ windows\Currentv ersion\RunRunonce(c:\windows\ xmss.exe)The second key might no be present.

Removing the Virus:
To remove this virus:
a) In order to removes the files, you’ll first have to stop the execution of this virus. To do so, download this file and run it.(File include in Attachment)
b) Now open cmd.exe and go the above mentioned locations and unhide the files by typing: attrib –h –s Funny UST Scandal.exe for C:\windows and so on for all the other files in different locations. You might get an error while unhiding Funny UST Scandal.avi. exe which is placed in all partitions. If you get that error, just leave that file.
c) After unhiding all these files, delete them from your hard disk.
d) Download REPLACER and open it.
e) In the REPLACER type: c:\Funny UST Scandal.avi. exe and press enter. It will now ask you for another file. Create a text file named a.txt in C:\ and then type: c:\ a.txt and press enter. Press Y and press enter. Go to C: drive and there you’ll find 3 files named Funny UST Scandal.backup, Funny UST Scandal.exe and a Temp file. Delete them.
f) Repeat Step e) for all you partitions.
As you can see that the procedure for both the OS is same just the files are different. I have tested the steps myself on Windows XP sp2 (my desktop), Windows Vista Home Basic (my lappy), Windows Vista Home Premium (my friends lappy) and Windows Vista Ultimate (my desktop).Hope this guide is useful. Happy Removing…