Removing Funny ust scandal virus

This virus is affected to your yahoo messenger and it will change your status to something like Funny ust scandal .. It also send the virus file through your yahoo messenger. Try the following steps to remove that virus.

  1. Boot the system in safe mode
  2. Open command promt(Type “cmd” in Start->Run without quotes)
  3. Type the following 3 commands
    1. taskkill /f /im smss.exe
    2. taskkill /f /im killer.exe
    3. taskkill /f /im smss.exe
  4. Now we want to delete the virus files. For that execute the following commands
    1. del /a:h /f c:\autorun.inf
    2. del /a:h /f c:\smss.exe
    3. del /a:h /f c:\funny ust scandal.avi.exe
  5. Repeate the above 3 commands for all the drive(‘d’,’e’,’f’) except CD/DVD drive. Do the same by connecting your flash drive. The virus may b there..

    Eg:- if u have D drive then replace ‘c’ of “c:\autorun.inf” as “d:\autorun.inf”

    1. del /a:h /f c:\windows\killer.exe
    2. del /a:h /f c:\windows\autorun.inf
    3. del /a:h /f c:\windows\smss.exe
    4. del /a:h /f c:\windows\funny ust scandal.exe
    5. del /a:h /f “%userprofile%\Start Menu\Programs\Startup\lsass.exe”
  6. Goto Start -> Run and
    type “regedit” without quotes then search and delete the registry entries

    1. smss.exe
    2. lsass.exe
    3. killer.exe
    4. Scandal.avi.exe
  7. Restart your system in normal mode

The above steps are bit difficult. I will create a tool for removing the virus when i get time. Now bit bussy @ office. Hope this will help you 🙂

You may also like...

1 Response

  1. sajith says:

    Very Informative Blog. Keep it up and Wish you Great seccess. When you are writing the blogs of Onam 2008 (sept 12) You are welcome to Use our Flash Ecards and Image Cards with Backward Link. We Put No pop up ads or Spayware

    We have Lot of Onam Cards at . Please Feel Free to visit us to send or use it free greetings .

    onam Greetings Can be found at
    Onam greetings Section


Leave a Reply

Your email address will not be published. Required fields are marked *