UST Scandal avi.exe Virus

How to remove Funny UST Scandal avi.Exe Virus

Funny UST Virus Activities:
First of all this virus is not funny at all, either it may put yourself in state of embarrassment when it sends some senseless message to your friends in your yahoo messenger buddies.
It creates following files:
Killer.exe in c:\windows\
lsass.exe in c:\documents and settings\all users\start menu\programs\startup
xmss.exe in the root drive of all partitions and also in c:\windows
autorun.inf in all the partitions.
the main file Funny UST Scandal.avi.exe in all the partitions and
Funny UST Scandal.exe in c:\Windows.
Not only this, it also creates the following entries:

HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce

You will find all these or some of these files if your system is infected by this virus.
Fix:
1. Firstly you need to end process running by the virus, for this download process explorer.
killer.exe ,b.lsass.exe ,c.smss.exe
Note: close all those processes that have the same icon of Funny UST Sandal.avi.exe
2. Open Start >> Run and type “cmd” (without quotes) and press enter.
3. Above command will open up command prompt, type “cd\” (without quotes)
4. Type “attrib -h -s smss.exe” (without quotes)
5. Type “attrib -h -s autorun.inf” (without quotes)
6. Repeat step 4 and 5 for all the drives through command prompt (on the root folder)
7. Now open all your drives one by one by typing C: ,D: and so on in the address bar at the top, delete smss.exe,autorun.inf,Funny UST Scandal.avi.exe
8. Open command prompt again by following step 2.
9. Type “cd c:\windows” (without quotes)
10. Type “attrib -h -s smss.exe” (without quotes)and press enter. Type “delete smss.exe” and press enter also type “delete lsass.exe” and press enter.
11. Now Open Start >> Run and type regedit and press enter.
12. Locate these paths one by one in the registry.

HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell
HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce
At these paths, locate the keys which have values as (killer.exe) and (c:\windows\smss.exe). Delete these registry keys.

Done!