Currently pursuing final year B.S.c I.T (Information Technology) in Subbalakshimi Lakshimipathi College of Science, madurai-22.
Funny UST Scandal.exe (Sdbot-DIQ, Imaut-A) is a worm that usually spread by e-mail attachments. After installation Funny UST Scandal.exe turns of antivirus programs. Also it can download different malware programs from Internet and install it without your knowledge. This worm infects Yahoo Messenger and may block every application running on PC. Funny UST Scandal.exe may in fect network computers, through network shares and infected e-mails.
Software used to build the virus= AutoIt V3
he virus, it seems, creates three files on all your root drives: A fake .avi file named "Funny UST Scandal.avi.exe", an smss.exe file, and an autorun.ini to automatically start the virus when it's on a new inserted drive.
Seems this problem is relatively new, as I haven't been able to find any sort of help for it anywhere, other than the usual "scan with AdAware and Norton". It automatically closes programs that are "threats" to it, it seems: I can't keep any anti-spyware programs open long enough to scan for it. AVG Free doesn't detect it, either. Safe mode doesn't stop it from starting up with the OS either.
Hoping you guys could help? Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:06 AM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSSystem32ACS.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:PROGRA~1GrisoftAVG7avgamsvr.exe
C:PROGRA~1GrisoftAVG7avgupsvc.exe
C:PROGRA~1GrisoftAVG7avgemc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:WINDOWSSystem32DVDRAMSV.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Wacom_Tablet.exe
C:Program FilesTOSHIBATOSHIBA AppletTAPPSRV.exe
C:Program FilesTenableNessusnessusd.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32WTabletWacom_TabletUser.exe
C:WINDOWSsystem32Wacom_Tablet.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:WINDOWSsystem32TPSBattM.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesDAEMON Toolsdaemon.exe
C:PROGRA~1IntelWirelessBin1XConfig.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:WINDOWSsystem32RAMASST.exe
C:Program FilesiPodbiniPodService.exe
C:TOSHIBAIVPISMivpsvmgr.exe
C:Program FilesMediaMonkeyMediaMonkey.exe
C:Program FilesBitTorrentbittorrent.exe
C:Program FilesMozilla Firefoxfirefox.exe
G:smss.exe **Here it is... strange though, seeing as G was assigned to my USB drive which I've already removed.**
G:smss.exe
C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesDownloadsaaw2007.exe
C:WINDOWSsystem32MSIEXEC.exe
C:WINDOWSSystem32msiexec.exe
C:WINDOWSSystem32MsiExec.exe
C:Program FilesSpybot - Search & DestroySpybotSD.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesHijackThis!HiJackThis.exe
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=explorer.exe, killer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Cole2k Media Toolbar Helper - {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} - C:Program FilesCole2k Media Toolbarv3.2.0.0Cole2k_Media_Toolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O3 - Toolbar: Cole2k Media Toolbar - {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} - C:Program FilesCole2k Media Toolbarv3.2.0.0Cole2k_Media_Toolbar.dll
O4 - HKLM..Run: [IntelWireless] C:Program FilesIntelWirelessBinifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM..Run: [PINGER] C:TOSHIBAIVPISMpinger.exe /run
O4 - HKLM..Run: [TPSMain] TPSMain.exe
O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [SoundMAX] C:Program FilesAnalog DevicesSoundMAXSmax4.exe /tray
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [HP Software Update] "c:Program FilesHPHP Software UpdateHPWuSchd2.exe"
O4 - HKCU..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Vidalia] "C:Program FilesVidaliavidalia.exe"
O4 - HKCU..Run: [BitTorrent] "C:Program FilesBitTorrentbittorrent.exe" --force_start_minimized
O4 - HKCU..Run: [DietPower 4.4 Update Setup] C:Documents and SettingsJoel CasimirLocal SettingsApplication Data{5C0E52B3-AD33-4D51-B6BF-5B701DDC6CD8}DietPowerSetup.exe /updatesetup
O4 - HKCU..Run: [DietPower 4.4 Update Setup for All Users] C:Documents and SettingsAll UsersApplication Data{5C0E52B3-AD33-4D51-B6BF-5B701DDC6CD8}DietPowerSetup.exe /updatesetup
O4 - HKCU..Run: [Runonce] C:WINDOWSsmss.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: lsass.exe
O4 - Global Startup: RAMASST.lnk = C:WINDOWSsystem32RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:WINDOWSSystem32ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:WINDOWSSystem32DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:Program FilesWinPcaprpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:WINDOWSsystem32Wacom_Tablet.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:Program FilesTOSHIBATOSHIBA AppletTAPPSRV.exe
O23 - Service: Tenable Nessus - Tenable Network Security - C:Program FilesTenableNessusnessusd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
Script file
[autorun]open=smss.exe
shellOpenCommand=smss.exe
shellopenDefault=1
shellExploreCommand=smss.exe
shellAutoplaycommand=smss.exe
Remove Funny UST Scandal.exe system processes:
Funny UST Scandal.exe
killer.exe
xmss.exe
smss.exe
drop Files-
killer.exe (4084 kb) in c:windows
lsass.exe (3920kb) in c:documents and settingsall usersstart menuprogramsstartup
smss.exe (4088kb) in all root drives and in c:windows
autorun.inf (1kb) in all root drives with a script
Funny UST Scandal.avi.exe (228kb)
Remove Funny UST Scandal.exe files:
Funny UST Scandal.avi.exe
Funny UST Scandal.exe
killer.exe
xmss.exe
smss.exe
Remove Funny UST Scandal.exe registry values:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL
CheckedValue 0
HKCUSoftwareMicrosoftWindowsCurrentVersionRun
Runonce Windows>smss.exe
- Related Videos
- Related Articles
- Ask / Related Q&A
Some Latest Information about mini sd 8 gb
By: Beerbohm Max | 04/01/2010Whenever consumers visit the shop for buying handset always take care of buying memory card suitable according to the handset. In the same way mini sd 8 gb provides the user more space for their daily purposes in the market. Also the mini sd 8 gb helps in storing large amount of data, music and software applications on their phone.
Download LEGO Indiana Jones 2 The Adventure Continues PSP and PSP GO Game
By: Jack Corner | 03/01/2010Are you seeking to download LEGO Indiana Jones 2 The Adventure Continues PSP game? Do you want to know how and where you can download the game for less than $0.01? Do you want to get access to more than 150,000 PSP game titles for unlimited downloads? This article will show where and how you can download the newest and your favorite PSP games. Visit PSP GO Download Center
DVR vs VCR: A Battle in the Security and Spy Equipment Industry
By: Vellard | 01/01/2010The DVR seems to be the technology that wins the match. There is no room for melancholy in the ever-evolving world of security and spy equipment. You can keep up with the surveillance technology at Vellard. Visit now their website at www.vellard.com.au.
How to Delete Antispyware Shield Pro, Quickly and Easily. Uninstall this Spyware Before Certain Destruction!
By: Bob Walker | 31/12/2009One of the top concerns I have while browsing the internet is what files are secretly being transferred via websites of questionable content. Antispyware Shield Pro is an example of a virus that can be installed in this stealth manner through a Trojan. Once installed, this malware will attempt to trick you into purchasing a "full version", which will do nothing but sap you of your money.
Uninstall Malware Defense Easily - How To Remove Malware Defense Quickly
By: Bob Walker | 31/12/2009What's the deal with Malware Defense? Is it legitimate or is it a scam? If you're familiar with viruses, then you know that this software is malicious. It's the kind that will try to corrupt your entire system, block your programs, and scare you into purchasing what it claims as "full protection". It provides nothing of the sort. Its cousins are FakeAlert and AntiMalware spyware. You will want to get rid of this spyware immediately, because if you do not, you will be harrassed with fake warnings
Get In Touch With Norton Antivirus
By: James | 31/12/2009Antivirus has become one of the most essential software these days. Norton antivirus is considered as the most reliable antivirus software. There are many people who want to contact Norton antivirus before buying one. It can be quite easy to get in touch with them either through website or via phone.
Rising demand for Investigating services
By: Sleuth India | 30/12/2009The changing life style reveal the secret. Life today has gained such a tremendous pace that people rarely have time for themselves. This ultra-busy lifestyle coupled with extremely tense job requirements make people very impatient and intolerant. No wonder smallest of issues today lead to major differences.
Advice On Protecting Your Netbook
By: Mark Walters | 30/12/2009Useful information and advice on netbooks. Find out how to make a netbook as safe and secure as possible.
Funny Scandal Ust Virus
By: srimanigandan | 10/08/2008 | SecurityFunny UST Scandal.exe (Sdbot-DIQ, Imaut-A) is a worm that usually spread by e-mail attachments
Open Source Vs Proprietary Software
By: srimanigandan | 10/08/2008 | Information TechnologyProprietary software is computer software on which the producer has set restrictions on use, private modification, copying, or republishing. Similar terms include "closed-source software" and "non-free software"Open source software (OSS) began as a marketing campaign for free software. OSS can be defined as computer software for which the human-readable source code is made available under a copyright license (or arrangement such as the public domain) that meets the Open Source Definition