http://www.siemensjobcam.com/windows-mobile-6-1-launchers/
Funny UST Scandal Virus
Funny UST Scandal.exe (Sdbot-CID, Imaut-A) is a worm that is usually spread by email attachments. After Humor UST installation laps Scandal.exe antivirus programs. You can also download different malware programs from Internet and install it without your knowledge. This worm infects to Yahoo Messenger and may block every application running on the PC. Funny UST May Scandal.exe perfect network computers, through network shares and e-mails infected.
Software used to create the virus = AutoIt V3
The virus apparently creates three files in your Following all units: A false. avi file called "Funny UST Scandal.avi.exe" smss.exe file, and a autorun.ini start automatically when the virus is in a new drive inserted.
It seems that this problem is relatively new, since I have not been able to find any assistance to any place, other than the usual "scan with AdAware and Norton." Automatically closes the programs that are "threats" to him, it seems: I can not follow all anti-spyware programs open long enough to get him. AVG Free does not detect it, either. Safe mode does not prevent the implementation with the operating system either.
Hoping you could help me? Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:06 AM, 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer V7.00 (7.00.6000.16544)
Boot mode: Normal
Operation process:
C: WINDOWS System32 smss.exe
C: WINDOWS system32 winlogon.exe
C: WINDOWS system32 services.exe
C: WINDOWS system32 lsass.exe
C: WINDOWS system32 svchost.exe
C: WINDOWS system32 svchost.exe
C: WINDOWS system32 svchost.exe
C: Program Files Intel Wireless Bin EvtEng.exe
C: Program Files Intel Wireless Bin S24EvMon.exe
C: WINDOWS System32 ACS.exe
C: WINDOWS system32 ZoneLabs vsmon.exe
C: WINDOWS system32 spoolsv.exe
C: Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService.exe
C: PROGRA ~ 1 Grisoft AVG7 avgamsvr.exe
C: PROGRA ~ 1 Grisoft AVG7 avgupsvc.exe
C: PROGRA ~ 1 Grisoft AVG7 avgemc.exe
C: Program Files Bonjour mDNSResponder.exe
C: Program Files TOSHIBA ConfigFree CFSvcs.exe
C: WINDOWS System32 DVDRAMSV.exe
C: Program Files Intel Wireless Bin RegSrvc.exe
C: Program Files Analog Devices SoundMAX SMAgent.exe
C: WINDOWS system32 svchost.exe
C: WINDOWS system32 Wacom_Tablet.exe
C: Program Files TOSHIBA TOSHIBA Applet TAPPSRV.exe
C: Program Files unsustainable Nessus nessusd.exe
C: WINDOWS Explorer.EXE
C: WINDOWS system32 WTablet Wacom_TabletUser.exe
C: WINDOWS system32 Wacom_Tablet.exe
C: Program Files Intel Wireless Bin ifrmewrk.exe
C: WINDOWS system32 TPSBattM.exe
C: Program Files QuickTime qttask.exe
C: Program Files Java jre1.6.0_03 bin jusched.exe
C: Program Files Zone Labs ZoneAlarm Zlclient.exe
C: Program Files HP HP Software Update HPWuSchd2.exe
C: Program Files DAEMON Tools daemon.exe
C: PROGRA ~ 1 Intel Wireless bin 1XConfig.exe
C: WINDOWS system32 ctfmon.exe
C: Program Files HP Digital Imaging bin hpqtra08.exe
C: WINDOWS system32 RAMASST.exe
C: Program Files iPod bin iPodService.exe
C: TOSHIBA IVP ISM ivpsvmgr.exe
C: Program Files MediaMonkey MediaMonkey.exe
C: Program Files BitTorrent bittorrent.exe
C: Program Files Mozilla Firefox firefox.exe
G: smss.exe ** Here is … Strangely enough, since G was assigned to the USB drive that I removed .**
G: smss.exe
C: WINDOWS PCHealth HelpCtr Binaries MSConfig.exe
C: WINDOWS system32 svchost.exe
C: Program Files Downloads aaw2007.exe
C: WINDOWS system32 MSIEXEC.EXE
C: WINDOWS System32 msiexec.exe
C: WINDOWS System32 MsiExec.exe
C: Program Files Spybot – Search & Destroy SpybotSD.exe
C: Program Files Spybot – Search & Destroy TeaTimer.exe
C: Program Files HijackThis ! HIJACKTHIS.EXE
R1 – HKCU Software Microsoft Windows CurrentVersion Internet Settings, ProxyOverride = *. local
F2 – REG: system.ini: Shell = explorer.exe, killer.exe
PDF O2 – BHO: Adobe Reader Link Helper – (06849E9F-C8D7-4D59 Programme -B87D-784B7D6BE0B3) – C: Common Files Adobe Acrobat ActiveX AcroIEHelper.dll
O2 – BHO: Spybot-S & D IE Protection – (53707962-6F74-2D53-2644-206D7942484F) – C: progra ~ 1 Spybot ~ 1 SDHelper.dll
O2 – BHO: Cole2k Media Toolbar Helper – (5499BCB1-5641-9F75-Program 4A4C-462D4D8D0DA0) – C: Files Cole2k Media Toolbar v3.2.0.0 Cole2k_Media_Toolbar.dll
O2 – BHO: Browser Helper Groove GFS – (72,853,161-30C5-4D22-B7F9-0BBC1D38A37E) – C: MICROS ~ 1 ~ 2 Office12 GRA8E1 ~ 1.DLL
O2 – BHO: SSVHelper Class – (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) – C: Program Files Java jre1.6.0_03 Bin ssv.dll
Toolbar O3 -: Cole2k Media Toolbar – (8AE33802-00D3-4F1B-B5C7-6FEE34E402CE) – C: Program Files Cole2k Media Toolbar v3.2.0.0 Cole2k_Media_Toolbar.dll
O4 – HKLM .. Run: [IntelWireless] C: Program Files Intel Wireless Bin ifrmewrk.exe / tf Intel PROSet / Wireless
O4 – HKLM .. Run: [Pinger] C: TOSHIBA IVP ISM pinger.exe / run
O4 – HKLM .. Run: TPSMain.exe [] TPSMain
O4 – HKLM .. Run: [Utility Logitech Logi_MwX.Exe]
O4 – HKLM .. Run: Adobe Reader [] Launcher "C: Program Files Adobe Reader 8.0 Reader Reader_sl.exe "
O4 – HKLM .. Run: [SoundMAX] C: Program Files Analog Devices SoundMAX Smax4.exe / tray
O4 – HKLM .. Run: [AVG7_CC] C: PROGRA ~ 1 Grisoft AVG7 avgcc.exe / HOME
O4 – HKLM .. Run:] [GrooveMonitor "C: Program Files Microsoft Office Office12 GrooveMonitor.exe"
O4 - HKLM .. Run: [QuickTime Task] "C: Program Files QuickTime qttask.exe"-Atboottime
O4 – HKLM .. Run:] QuickTime Task ["C: Program Files QuickTime qttask.exe"
O4 - HKLM .. Run: [SunJavaUpdateSched] "C: Program Files Java jre1.6.0_03 Bin jusched.exe "
O4 – HKLM .. Run: [ZoneAlarm Client] "C: Program Files Zone Labs ZoneAlarm zlclient.exe"
O4 – HKLM .. Run: HP Software [Update] "c: Program Files HP HP Software Update HPWuSchd2.exe"
O4 – HKLM .. Run: [DAEMON Tools] "C: Program Files DAEMON Tools daemon.exe "-lang 1033
O4 – HKLM .. Run: [swg] C: WINDOWS system32 ctfmon.exe
O4 – HKLM .. Run: [Vidalia] "C: Program Files Vidalia vidalia.exe"
O4 – HKLM .. Run: [BitTorrent] "C: Program Files BitTorrent bittorrent.exe "- force_start_minimized
O4 – HKLM .. Run: [Configuration DietPower 4.4] update C: Documents and Settings Joel Casimiro Local Settings Application Data (5C0E52B3-AD33-4D51-DietPowerSetup.exe B6BF-5B701DDC6CD8) / Updatesetup
O4 – HKLM .. Run: [DietPower Setup 4.4 update for all users] "C: Documents and Settings All Users Application Data (5C0E52B3-AD33-4D51-DietPowerSetup.exe B6BF-5B701DDC6CD8) / Updatesetup
O4 – HKLM .. Run: [Runonce] C: WINDOWS smss.exe
O4 – HKLM .. Run:] [spybotsd TeaTimer C: WINDOWS de programa Spybot - Search & Destroy TeaTimer.exe
O4 - HKUS S-1-5-19 .. Run: [AVG7_Run] C: PROGRA ~ 1 Grisoft AVG7 avgw.exe / RunOnce (Local user "service")
O4 – HKUS S-1-5-20 .. Run: [AVG7_Run] C: PROGRA ~ 1 Grisoft AVG7 avgw.exe / RunOnce (User 'SERVICE NETWORK)
O4 – HKUS S-1-5-18 .. Run: [AVG7_Run] C: PROGRA ~ 1 Grisoft AVG7 avgw.exe / RunOnce (User 'SYSTEM')
O4 – HKUS. DEFAULT .. Run: [AVG7_Run] C: PROGRA ~ 1 Grisoft AVG7 avgw.exe / RunOnce (user default user)
O4 – Global Startup: Monitor.lnk HP Digital Image = C: Program Files HP Digital Image bin hpqtra08.exe
O4 – Global Startup: lsass.exe
O4 – Global Startup: RAMASST.lnk = C: WINDOWS system32 RAMASST.exe
O8 – Extra context menu item: E & xport to Microsoft Excel – res: / / C: MICROS ~ 1 ~ 2 Office12 EXCEL.EXE/3000
O9 – Extra button: (no name) – (08B0E5C0-4FCB-11CF-AAA5-00401C608501) – C: Program Files Java jre1.6.0_03 bin ssv.dll
O9 – Tools 'Extra' menuitem: Sun Java Console – (08B0E5C0-4FCB-11CF-AAA5-00401C608501) – C: Program Files Java jre1.6.0_03 bin ssv.dll
O9 – Extra button: Send to OneNote – (2670000A-7350-8081-4f3c-5663EE0C6C49) – C: MICROS ~ 1 ~ 2 Office12 ONBttnIE.dll
O9 – Extra menuitem "Tools": S & end to OneNote – (2670000A-7350-8081-4f3c-5663EE0C6C49) – C: PROGRA ~ 1 MICROS ~ 2 Office12 ONBttnIE.dll
O9 – Extra button: Research – (92780B25-18CC-41C8-B9BE-3C9C571A8263) – C: PROGRA ~ 1 MICROS ~ 2 Office12 REFIEBAR.DLL
O9 – Extra button: (no name) – (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) – C: progra ~ 1 Spybot ~ 1 SDHelper.dll
O9 – Tools 'Extra' menuitem: Spybot – Search & Destroy Configuration – (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) – C: PROGRA ~ 1 Spybot ~ 1 SDHelper.dll
O9 – Extra button: (no name) – (e2e2dd38-d088-4134-82b7-f2ba38496583) – C: WINDOWS Network Diagnostic xpnetdiag.exe
O9 – Tools 'Extra' menuitem: @ Xpsp3res.dll, -20,001 – (e2e2dd38-d088-4134-82b7-f2ba38496583) – C: WINDOWS Network Diagnostic xpnetdiag.exe
O9 – Extra button: Messenger – (FB5F1910-F110-11D2-BB9E-00C04F795683) – C: Program Files Messenger msmsgs.exe
O9 – Extra 'MenuItem' Tools ': Windows Messenger – (FB5F1910-F110-11D2-BB9E-00C04F795683) – C: Program Files Messenger msmsgs.exe
O18 – Protocol: grooveLocalGWS – (88FED34C-F0CA-4636-A375-3CB6248B04CD) – C: MICROS ~ 1 ~ 2 Office12 ~ 1.DLL GR99D3
its O23 – Service: Atheros Configuration Service (ACS) – Unknown – C: WINDOWS System32 ACS.exe
Service O23 -: Apple Mobile Device – Apple Inc. – C: Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService.exe
Service O23 -: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, sro – C: PROGRA ~ 1 Grisoft AVG7 avgamsvr.exe
O23 – Service: Service AVG7 Update (Avg7UpdSvc) – GRISOFT, sro – C: PROGRA ~ 1 Grisoft AVG7 avgupsvc.exe
O23 – Service: AVG E-mail Scanner (AVGEMS) – GRISOFT, sro – C: PROGRA ~ 1 Grisoft AVG7 avgemc.exe
Service O23 -: # # Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 # # (Bonjour Service) – Apple Computer, Inc. – C: Program Files Bonjour mDNSResponder.exe
Service O23 -: ConfigFree Service (CFSvcs) – TOSHIBA CORPORATION – C: Program Files TOSHIBA ConfigFree CFSvcs.exe
O23 – Service: DVD-RAM_Service – Matsubleepa Electric Industrial Co., Ltd. – C: WINDOWS System32 DVDRAMSV.exe
Service O23 -: EvtEng – Intel Corporation – C: Program Files Intel Wireless Bin EvtEng.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C: Program Files Files common Macrovision Shared FLEXnet Publisher FNPLicensingService.exe
Service O23 -: Google Updater Service (gusvc) – Google – C: Program Files Google Common Google Updater GoogleUpdaterService.exe
O23 – Service: iPod Service – Apple Inc. – C: Program Files iPod bin iPodService.exe
O23 – Service: HPZ12 Pml Driver – HP – C: WINDOWS system32 HPZipm12.exe
Service O23 -: RegSrvc – Intel Corporation – C: Program Files Intel Wireless Bin RegSrvc.exe
O23 – Service: Remote Packet Capture Protocol V.0 (experimental) (rpcapd) – CACE Technologies – C: Program Files WinPcap rpcapd.exe
O23 Service -: Spectrum24 Event Monitor (S24EventMonitor) – Intel Corporation – C: Program Files Intel Wireless Bin S24EvMon.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C: Program Files Analog Devices SoundMAX SMAgent.exe
O23 – Service: TabletServiceWacom – Wacom Technology, Corp. – C: WINDOWS system32 Wacom_Tablet.exe
Service O23 -: TOSHIBA Application Service (TAPPSRV) – Toshiba Corp. – C: Program Files TOSHIBA TOSHIBA Applet TAPPSRV.exe
O23 – Service: sustainable Nessus – Tenable Network Security – C: Program Files unsustainable Nessus nessusd.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C: WINDOWS system32 ZoneLabs vsmon.exe
Script
[Autorun open] = Smss.exe
shell open Command = smss.exe
Shell open default = 1
shell Explore Command = smss.exe
shell Autoplay command = Smss.exe
Remove Funny UST Scandal.exe system processes:
Funny UST Scandal.exe
killer.exe
xmss.exe
smss.exe
drop -files
killer.exe (4084 kb) in c: windows
lsass.exe (3920kb) in c: documents and settings All Users Start Menu Programs Startup
windows smss.exe (4088kb) in all root drives and in c:
autorun.inf (1kb) in all root drives with a script
Scandal.avi.exe Funny UST (228KB)
Remove Funny UST Scandal.exe files:
Funny UST Scandal.avi.exe
Funny UST Scandal.exe
killer.exe
xmss.exe
smss.exe
Remove Funny UST Scandal.exe registry values:
HKLM SOFTWARE Microsoft Windows CurrentVersion Explorer Advanced Folder Hidden ShowAll
CheckedValue 0
HKCU Software Microsoft Windows CurrentVersion Run
Runonce Windows> Smss.exe
About the Author
Currently pursuing final year B.S.c I.T (Information Technology) in Subbalakshimi Lakshimipathi College of Science, madurai-22.
Throttle Launcher Touchflo 3D