?
Solved

Funny UST Scandal.avi virus irritating me

Posted on 2008-02-02
7
Medium Priority
?
1,841 Views
Last Modified: 2013-11-22
My system has been infected by "Funny UST Scandal.avi" virus. I can't open my task manager,msconfig,registry editor and even command prompt. My folder option is also not appearing.How can I remove this virus?I didn't get any antivirus that could help me.
0
Comment
Question by:ashwini_mohan
7 Comments
 
LVL 2

Expert Comment

by:oyvindha
ID: 20804490
Hi,

Don't have experience with this virus myself, but there is a removal tool available for it;

http://www.4shared.com/file/30402575/d70dafa8/Remover.html
0
 
LVL 8

Accepted Solution

by:
eXpeLLeD_4RM_heLL earned 500 total points
ID: 20804546
I have had experience with this type of virus and SAV32CLI from Sopho. You can download SAV32CLI from :http://www.sophos.com/tools/sav32sfx.exe
On an uninfected Windows computer, run this file to extract the contents into a SAV32CLI folder on a medium that can be write-protected. Copy the SAV32CLI folder produced onto a medium that can be write-protected. Add any relevant IDEs to this folder and write-protect the disk (on a CD/R or CD/RW close the session).
Restart the computer in Safe Mode. Go to Start|Shut Down. Select 'Restart' from the dropdown list and click 'OK'. Windows will restart. Press F8 when you see the following text at the bottom of the screen "For troubleshooting and advanced startup options for Windows 2000, press F8". In the Windows 2000 Advanced Options Menu, select the third option 'Safe Mode with Command Prompt'.
At the infected computer, place the CD in the CD drive (D: in this example).

At the command prompt type
D:

to access the CD drive. Type:
CD SAV32CLI

Then type:
SAV32CLI -REMOVE -P=C:\LOGFILE.TXT

to remove the Worm.
Before leaving Safe Mode, edit any registry entries mentioned in the Worm analysis recovery instructions.
0
 
LVL 8

Expert Comment

by:eXpeLLeD_4RM_heLL
ID: 20804557
There are two versions of the virus that you have mentioned
W32/Imaut-A :
http://www.sophos.com/virusinfo/analyses/w32imauta.html
W32/Sdbot-DIQ :
http://www.sophos.com/virusinfo/analyses/w32sdbotdiq.html
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
LVL 8

Expert Comment

by:eXpeLLeD_4RM_heLL
ID: 20804570
Also download SDFix from :http://downloads.andymanchesta.com/removaltools/sdfix.exe and run it in safe mode and post the logs of SAV32CLI and SDFix back here for analysis because you may be infected with more then just the virus you have mentioned above.I'm saying this because the experience Ive had with this virus does not disable the Task manager and command prompt

Thank
Xpelled
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20804647
A lot of viruses/worms can disable utilities, the most well known for disabling msconfig, task manager, registry editor is Alcan/Alcra worm, but these days there are many other viruses that do the same thing.

Scan your system with Hijackthis so we'll have a better idea of what infection it is.
Can you run Hijackthis and show us the log please?
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.
Please attach the logfile.
0
 

Author Comment

by:ashwini_mohan
ID: 20893809
Still I m suffering from this virus.and any of these techniques is not working at all.
Any other solutions?
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 20895416
rpggamergirl:
>""Scan your system with Hijackthis so we'll have a better idea of what infection it is.
Can you run Hijackthis and show us the log please?
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.
Please attach the logfile.""<

You have not done this. It may help us see what is going on here...
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question