Jump to content


Photo
- - - - -

Prevention of "Funny UST Scandal Virus.avi.exe" virus.....


  • Please log in to reply
7 replies to this topic

#1 Mr.Red aka CH3CH2OH

Mr.Red aka CH3CH2OH

    � ��^v��`�) V�M��R€ �ƒ S}{� (״�`v^

  • Moderator
  • 2,107 posts
  • College:St.Devil College of Alcohol, Bewarze, and Enjoyment
  • Studying:Post Graduation
  • Country:India
  • Gender:Male

Posted 13 November 2007 - 05:33 PM

Here are some examples of autorun viruses which rely on the autorun function of Windows to infect PC’s and flash drives.

Funny UST Scandal.avi.exe (latest one in the Philippines)
Autorun.vbs
win32.autorun.k
copy.exe
imgkulot
taga lipa are
autorun.vbs
recycler
FS6519.dll.vbs
strawberry from baguio
W32/Perlovga (copy.exe | host.exe)
VBS_RESULOWS.A (Hacked by Godzilla, Hacked by Moozilla)
Bha.dll.vbs
w32automa worm (Autorun.vbs)
Trojan.Win32.VB.atg | Win32/Dzan | Worm_vb.bnr (tel.xls.exe | mmc.exe)
W32/RJump.worm (RavMonE)
Worm.Win32.Delf.bf | W32.Fujacks (spoclsv.exe)
W32.Fujacks.BH (SHOer.vbs)
WORM_AGENT.PGV (soundmix.exe)
W32/Hakaglan.worm (RVHost.exe)
Trojan.Win32.VB.ayo [AVP] (Macromedia_Setup.exe)
Trojan.VBS.DeltreeY.b#1 (Destrukto!!! | destrukto.vbs)
etc.


To prevent these kinds of viruses on infecting your PC, you need to disable autorun function in your computer, unfortunately, just shutting down autoplay is not a fix. You might think that you could protect yourself from AutoRun by adding two (2) keys to your Registry (NoDriveAutoRun and NoDriveTypeAutoRun) but these keys can be overridden by some programs.


Solution is here:

1. Start Notepad [Start Menu-All Programs-Accessories-Notepad] or right-click any empty space in your desktop then select New-Text Document
2. Copy the following text. (note: Everything in between the square brackets should be in one line)

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"



[b]3. Save the file with a name (anything) like DisableAutoRun.reg (The extension .reg is the important part)
4. Double Click your newly created registry file. Choose yes or continue to the warning that will appear.


But what if you are already infected with the virus? There are several programs on the internet that you can download. Here are some of those programs that can be helpful:

Taga Lipa Are Remover (or Noob Killer) (<--click to download)

NOOB KILLER can also cure some variant of those viruses listed above.

Baguio Strawberry Removal Tool also


Here's another one:

Flash Disinfector by sUBs (<--click to download)

You can also use RRT or Remove Restriction Tool if the virus make changes to the system restriction. These restriction are most often:

1. Task Manager - Disable Ctrl+Alt+Del
2. Disable Folder Options
3. Disable Show hidden files
4. Disable the Run Command
5. Firewall
6. Internet Options


Hope these information help you.

PS.

Maybe someone can send me the Funny UST Scandal.avi.exe virus along with the autorun.inf.


#2 Mr.Red aka CH3CH2OH

Mr.Red aka CH3CH2OH

    � ��^v��`�) V�M��R€ �ƒ S}{� (״�`v^

  • Moderator
  • 2,107 posts
  • College:St.Devil College of Alcohol, Bewarze, and Enjoyment
  • Studying:Post Graduation
  • Country:India
  • Gender:Male

Posted 13 November 2007 - 05:42 PM

mw.......the text is REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
..............I accidently posted it...........I cant edit my own topic, what to do.......

#3 Imu.

Imu.

    ~Treading Terra Incognita~

  • shos management
  • 6,255 posts
  • Location:Zhenjiang
  • College:Jiangsu University
  • Studying:Graduation
  • Country:India
  • Gender:Male
  • Job Position:Was, Is n Will be A Student!!

Posted 13 November 2007 - 06:40 PM

thx for the amazing info!!.... red
nicee!!
n NOOB killer?? :blink:
wud scare all noobs off SHO!! :p
anywayz nice!! im gonna implement Anti autorun policy soon!
hope it doesnt mess up my registry files!
n thx again!! :p

#4 aneesh62

aneesh62

    Noobs

  • Shos Babies
  • 2 posts
  • Country:India
  • Gender:Male

Posted 30 November 2007 - 09:15 AM

thx for the amazing info!!.... red
nicee!!
n NOOB killer?? :blink:
wud scare all noobs off SHO!! :p
anywayz nice!! im gonna implement Anti autorun policy soon!
hope it doesnt mess up my registry files!
n thx again!! :p



thanx dude

#5 ~Jinn~

~Jinn~

    NO TITLE

  • SHOs Rockers
  • 1,415 posts
  • Studying:School
  • Country:India
  • Gender:Male

Posted 30 November 2007 - 10:17 AM

thnx !!
gr8 info

#6 ShoFan

ShoFan

    I *Rock* this place

  • SHO's WindBags
  • 260 posts
  • Studying:Completed Studies
  • Country:India
  • Gender:Male

Posted 24 December 2007 - 04:10 PM

THANKS FOR THE NOOB KILLER FILES

CAN YOU TELL ME WHY SUCH VIRUS ATTACKS IN TO MY PC

#7 Ben 10

Ben 10

    [] Mind Is Nothing But Potential Of Everything []

  • SHO Roadies
  • 5,571 posts
  • Studying:Working
  • Country:India
  • Gender:Male

Posted 24 December 2007 - 10:50 PM

Nice info dude...
But should be in Software Discussion & Trouble Shooting....
Reported to Mods....


#8 coolparam

coolparam

    VIP

  • SHO Roadies
  • 1,896 posts
  • Studying:Post Graduation
  • Country:India
  • Gender:Male

Posted 25 December 2007 - 08:19 PM

nice and useful info. thx for sharing dude.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users