ADVERTISEMENTS
Trouble:
One of our reader Kavi’s system got infected by the UST Scandal avi.exe virus, this is what he has said in the mail to troublefixers.com
“How to remove funny ust scandel.exe without any virus removal tool? or can you
provide any Vbscript for removing this virus?“
As far as writing a vbscript for automatic removal of this virus, we would love to but these days we are not getting enough time to do it, but in future we will try to provide free virus removal tools made by the troublefixers themselves.
Let’s see what are the UST Scandal virus symptoms and activities and how can we remove this virus both manually and automatically.
Fix:
Well we can remove this virus by a simple removal tool and through manual procedure also, lets first discuss about automatic removal tool.
Funny UST Virus Activities:
First of all this virus is not funny at all, either it may put yourself in state of embarrassment when it sends some senseless message to your friends in your yahoo messenger buddies.
It creates following files:
- Killer.exe in c:\windows\
- lsass.exe in c:\documents and settings\all users\start menu\programs\startup
- xmss.exe in the root drive of all partitions and also in c:\windows
- autorun.inf in all the partitions.
- the main file Funny UST Scandal.avi.exe in all the partitions and
- Funny UST Scandal.exe in c:\Windows.
Not only this, it also creates the following entries:
HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce
You will find all these or some of these files if your system is infected by this virus.
Method 1: Remove the virus automatically by UST Virus removal Tool. Download it here
Method 2: Manual removal procedure.
1. Firstly you need to end process running by the virus, for this download process explorer.
killer.exe ,b.lsass.exe ,c.smss.exe
Note: close all those processes that have the same icon of Funny UST Sandal.avi.exe
2. Open Start >> Run and type “cmd” (without quotes) and press enter.
3. Above command will open up command prompt, type “cd\” (without quotes)
4. Type “attrib -h -s smss.exe” (without quotes)
5. Type “attrib -h -s autorun.inf” (without quotes)
6. Repeat step 4 and 5 for all the drives through command prompt (on the root folder)
7. Now open all your drives one by one by typing C: ,D: and so on in the address bar at the top, delete smss.exe,autorun.inf,Funny UST Scandal.avi.exe
8. Open command prompt again by following step 2.
9. Type “cd c:\windows” (without quotes)
10. Type “attrib -h -s smss.exe” (without quotes)and press enter. Type “delete smss.exe” and press enter also type “delete lsass.exe” and press enter.
11. Now Open Start >> Run and type regedit and press enter.
12. Locate these paths one by one in the registry.
- HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell
- HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce
At these paths, locate the keys which have values as (killer.exe) and (c:\windows\smss.exe). Delete these registry keys.
Done!
We hope you will be able to remove the virus by at least one of the method specified above, if not please let us know through comments.
|
|
Author + Admin: Rohit KhuranaSoftware Engineer by profession. I am a part time tech blogger and believe in blogging because I enjoy writing on technology. I also write about Cars and Bikes at www.carblogindia.com. You can catch me on twitter @rohit_khurana. Get in touch with me at RohitKhurana.in.
Respected Rohitbhai,
I’m kavi, i have sent complain about Funny virus, thank you very much for fast reply, but in your this answer i couldn’t understood below line.
“Now open all your drives one by one by typing C: ,D: and so on in the address bar at the top, delete smss.exe,autorun.inf,Funny UST Scandal.avi.exe”
I request once again to explain all steps to remove in more lucid pattern, Funny Virus is still there in my system. I have runned that Funny removal tool also.
Waiting for your reply.
thanking you.
kavi
@Kavi
Hi Kavi
First of all open command prompt as told in step 2 above.
This line means, on command prompt, type “c:” without quotes and press enter
A. After this type “del smss.exe” without quotes and press enter
B. After this type “del autorun.inf” without quotes and press enter
C. After this type “del scandal.avi.exe” without quotes and press enter
Now type “d:” without quotes and press enter. Now repeat step A,B and C as written above, similarly for all your hard disk partitions, i.e “e:”, “f:” etc.
how i remove pop ups from my web pags
@Ahmed
Please see the link below for solution to your problem
http://www.troublefixers.com/adware-problems-pop-ups-containing-ads-come-automatically/
The first time I tried removing this virus manually, but Command Prompt or RegEdit or even Windows Task Manager window kept closing instantly.
But, the worm-removal tool worked great!
Thanks a lot!
thanks sooo much iam very thanking from worker and owver of this Site its opened my brain iam very happy and thanking again and again i wish youre all be the best of luck Ty Ty
hello
Thanks so that i was able to remove smss.exe and autorun.inf both from the system by using step 1 but was unable to remove Funny UST Scandal.avi.exe adn try to remove the other using step2 but i was unable to do so could u plz suggest
i can’t format it bcoz it is my external hard disk and data is too important
plz suggest me
thanking u and waiting for replay
@ Asif
What problem are you exactly facing while deleting that file?
Cool website. I will definately recommend this site to all my friends.
Salim
Hi Rohit,
I’m running Windows 2003 Enterprise server and I’m infected by the DOTEX.32 virus which is detected but cannot be cleaned. Help!
Salim
awesome…..its gr8…it completely removed the virus ie funny ust scandal….thaks a lot
Dear Rohit
First of all I would like to acclaim your knowledge about computer softwares and your generosity.
But I encountered following problems when I tried to remove Funny UST Scandal.avi from my Computer.
1 when I killed Iass.exe,Smss.exe process with the help of process explorer,a message appeared that my computer will be shutdown within 2 mins and it happened so.
2 secondly when I tried to delete Smss.exe and Killer it shows a message that File not Found
3 Methoud 1 shows a message that No virus Is Running
But Iam sure that My computer is Infected by Scandal.avi because It appears in some of my drive
Iam sure that you can solve this problem without any hesitation.Please Help me I would be thankful to you
Thanks man! this was very helpful in removing the UST virus on my sis’ laptop!
Thanks thanks!
thanks
anybody used method #1 ? did it work ?
Thanks.. good explanation to remove this troublesome scandal.exe!
hii rohit !!!!!!!!!!111
though i used the method given above it is killing the virus for temporary plz help me out in killing permentally
thnx a lot dude
i hav been pist off by this virus
thank you
I have my personal experience on this virus. I will help in answering the question from:
Asif, April 3rd, 2008 and sharjeel, April 26th, 2008
Before following my procedure, please run the virus remover with method 1 described by rohit, first! It will remove some of the virus component (though not all, because after thorough search in my hard drive, i still find some of them there). But the virus remover did a good job in enabling us to use the command prompt. Therefore, you need to remove manually for the rest. To use this method, you need to have some basic knowledge in how to use command prompt because you need to move from folder to folder and understand some of DOS commands.
Answering Asif question:
I had the same problem with asif as I can’t delete the virus which is:Funny UST Scandal.avi.exe. The problem is because the virus has space between it. And in command prompt/DOS prompt, you can’t delete filename with space bwetween it. I will explain how to delete it, but before that, you could check whether some of the virus components are still in ur harddrive:
In my example, i am refering to check on C: prompt and on C:\windows prompt because i find the virus components still there for me. You might need to check it in other suspected folder and sub folders yourself. Anyway, you can type the command to show hidden files which is Dir/ah/p at each command prompt as shown below:
C:\>Dir/ah/p
and
C:\Windows>Dir/ah/p
/ah = it will show all hidden files in the folder
/p = pause the scrolling screen so you can find it slowly
For people who don’t know what DIR for, it instruct the PC to list down all the files in the current folder to your screen. But it only display non hidden files, as the virus files are hidden, you need /ah command. And some folders will contain alot of files, therefore you need to use /p command to pause at each scroll. Anyway, back to our problem:
You might find that autorun.inf, smss.exe or Funny USt Scandal.avi.exe is still shown in some of ur folder
Therefore, please follow this command in C:\> prompt:
C:\>Attrib -h -s -r funny*.exe /s
C:\>Del /p funny*.exe /s
/s = it will run the command in all folder and subfolder for the virus
/p = it will ask confirmation when you delete the file. It will prevent you to delete other files if you make some mistake in typing by asking confirmation before deleting.
Note: It will take few mins and longer if you have slower computer when using /s command. Because it search in all folder and subfolder of the specified drive (in this case, C drive). Just be patient and do other things until they finished doing their work.
By using funny*.exe, it means it will delete all executables files (exe) with the words funny in front of it such as funny.exe, funny UST Scandal.avi.exe, funny UST.exe, funnyscandal.exe, and so on.
And please do the same thing for autorun.inf. From C:\> prompt:
C:\>Attrib -h -s -r autorun.inf /s
C:\>Del /p autorun.inf /s
For smss.exe, you have to be careful. Because smss.exe located in C:\Windows>System32 is a valid windows file. So, I would not recommend using the /s command for smss.exe. Just go to C:\> and C:\Windows> folder and use Dir/ah/p on those 2 folders to see whether the file is displayed or not.
Don’t forget to repeat all of the above for killer.exe. Most of the time it already deleted by the virus remover. But sometimes you can reintroduce it again when you insert flashdisk/thumbdrive/pendrive or whatever you called the removable drive that still contain the virus.
Answering sharjeel:
I tried to remove the virus manually after I use the virus remover program mentioned in method 1 by rohit.
1. I think if you already use the virus remover, dont kill lsass.exe, as that one left in ur taskmanager is the valid one required by windows.
2. You have to use the command: Dir/ah from command prompt to find them. If you try to look for them from windows by looking at folder or subfolder, you wont find them always because some of them is hidden.
3. Look for my explanation aboce (explanation for asif)
I know asif or sharjeel might already solve their problem, but I am posting this to help other people still having the problem with this annoying virus.
One more thing, if you want to remove the virus from your flashdisk/thumbdrive/pendrive/other drive, then you need to remove it manually from command prompt. The virus remover only clear virus in your C drive/primary harddisk. When you plug in ur flashdisk/thumbdrive/pendrive/other drive, if the autorun command is active, you might re-contaminate your computer. So, first run the virus remover, second remove the virus manually again from your harddisk from command prompt, then go into the directory of your flashdisk/thumbdrive/pendrive/other drive (Might be D:, E:, F:, G:, etc) from command prompt and remove it manually.
Again basic DOS prompt is necessary for removing this virus manually. Hope my explanation will be helpful.
i want to tell you that i cant open any of my disk in xp as it is written something about administrator and moreover taskbar doesnt opens
Respected sir,
i would like to thank u for your precious tips
that helps us a lot .
i am doing B-Tech in CSE kindly tell me about which field i have to choose for carrier side ,also send me your tricks in forgot ting administrator password ,recover it by commands only
and latest u want…………
GD NT……
hi, i have only found this website now. but have a feeling that it might be too late for me.
i dont think that i have the Scandalavi.Exe virus but i do have smss.exe virus from a rogue flashstick in “c:\windows\system32 ” – yes there is a space. it blocked blocked my AV and gave itself auto permit with windows defender so it took some time for me to work out that i had it.i killed the processes and unplugged my internet hoping to restart my comp to get my AV back, scan and get rid of it.
which then leads me to my current problem. i am unable to login to my desktop, 2seconds after my comps tries to boot up to the desktop it logs out to the user login page. i have already tried all f8 – safe mode options and for each one it still logs me out.
i have also tried to boot up using the recovery console for dos access to do what you have already stated and remove from there, which brings me to my next problem the ” ” in windows environment, “c:\windows\system32 ” becomes “▼” – “c:\windows\system32▼” and i am unable to work out the dos ascii/accent for that image.
hence unable to access the folder to make it unhidden or delete the files and unable to do anything with my comp as it just logs me off.
any help would be greatly welcomed.
Thank you very much, you just saved me
Thx for your help, this is very usefull
rohit,
sir..i have tried running some anti virus before i researched for more ways to delete this virus. it was found and quarantined by both kaspersky and super anti spyware but my main concern is that my hidden files are not showing up even after trying to if i already changed the viewing of hidden file in folder options.
then i tried downloading the remover and it says…there is no funny virus running.
so i tried doing step 1…but it cant end the process of smss.exe and lsass.exe in task mgr.
then i proceed to step 2 and do it in all drives but the files cant be found.
i wish i knew what was happening to my pc why hidden files are not showing up…
any help sir? i dont really want to reboot my pc again…
thanks in advance and kudos for your site it is well recomended.
Thankyou SOOOOOO much!!! The damn funny UST virus has had me freaking out. You are my heroes 
Leave Your Comments Below
Hello, please leave your thought below
|
|
|
|
|
|
|
|
Featured Troubles and Fixes
- Not able to open drives on hard disk by double click
- Remove Virus Which Redirects to go.google.com | go.google.com Redirect Virus Removal tool for Windows
- Remove Write Protection On USB Pen Drive or Memory Card or iPod
- Not able to show hidden files and folders
- Drive opens in new window on double click in windows XP
- Solutions to Top 10 USB Pen Drive Problems
- USB pen drive detected but doesn't show up in My Computer
About Trouble Fixers
TroubleFixers are here to fix your computer related troubles. Share your computer troubles and we shall try to fix them.Read the solutions to commonly faced troubles.
25 Users Commented In This Post
Subscribe To This Post Comment Rss Or TrackBack URL