Sep 9

Daemon Tools Free Downloads

Posted on Friday, September 9, 2011 in Uncategorized

Funny Scandal Ust Virus

Funny UST Scandal.exe (Sdbot-DIQ, Imaut-A) is a worm that usually spread by e-mail attachments. After installation Funny UST Scandal.exe turns of antivirus programs. Also it can download different malware programs from Internet and install it without your knowledge. This worm infects Yahoo Messenger and may block every application running on PC. Funny UST Scandal.exe may in fect network computers, through network shares and infected e-mails.

Software used to build the virus= AutoIt V3

he virus, it seems, creates three files on all your root drives: A fake .avi file named “Funny UST Scandal.avi.exe”, an smss.exe file, and an autorun.ini to automatically start the virus when it’s on a new inserted drive.

Seems this problem is relatively new, as I haven’t been able to find any sort of help for it anywhere, other than the usual “scan with AdAware and Norton”. It automatically closes programs that are “threats” to it, it seems: I can’t keep any anti-spyware programs open long enough to scan for it. AVG Free doesn’t detect it, either. Safe mode doesn’t stop it from starting up with the OS either.

Hoping you guys could help? Here’s the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:06 AM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSSystem32ACS.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:PROGRA~1GrisoftAVG7avgamsvr.exe
C:PROGRA~1GrisoftAVG7avgupsvc.exe
C:PROGRA~1GrisoftAVG7avgemc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:WINDOWSSystem32DVDRAMSV.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Wacom_Tablet.exe
C:Program FilesTOSHIBATOSHIBA AppletTAPPSRV.exe
C:Program FilesTenableNessusnessusd.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32WTabletWacom_TabletUser.exe
C:WINDOWSsystem32Wacom_Tablet.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:WINDOWSsystem32TPSBattM.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesDAEMON Toolsdaemon.exe
C:PROGRA~1IntelWirelessBin1XConfig.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:WINDOWSsystem32RAMASST.exe
C:Program FilesiPodbiniPodService.exe
C:TOSHIBAIVPISMivpsvmgr.exe
C:Program FilesMediaMonkeyMediaMonkey.exe
C:Program FilesBitTorrentbittorrent.exe
C:Program FilesMozilla Firefoxfirefox.exe
G:smss.exe **Here it is… strange though, seeing as G was assigned to my USB drive which I’ve already removed.**
G:smss.exe
C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesDownloadsaaw2007.exe
C:WINDOWSsystem32MSIEXEC.exe
C:WINDOWSSystem32msiexec.exe
C:WINDOWSSystem32MsiExec.exe
C:Program FilesSpybot – Search & DestroySpybotSD.exe
C:Program FilesSpybot – Search & DestroyTeaTimer.exe
C:Program FilesHijackThis!HiJackThis.exe

R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
F2 – REG:system.ini: Shell=explorer.exe, killer.exe
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 – BHO: Spybot-S&D IE Protection – {53707962-6F74-2D53-2644-206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: Cole2k Media Toolbar Helper – {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} – C:Program FilesCole2k Media Toolbarv3.2.0.0Cole2k_Media_Toolbar.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:Program FilesJavajre1.6.0_03binssv.dll
O3 – Toolbar: Cole2k Media Toolbar – {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} – C:Program FilesCole2k Media Toolbarv3.2.0.0Cole2k_Media_Toolbar.dll
O4 – HKLM..Run: [IntelWireless] C:Program FilesIntelWirelessBinifrmewrk.exe /tf Intel PROSet/Wireless
O4 – HKLM..Run: [PINGER] C:TOSHIBAIVPISMpinger.exe /run
O4 – HKLM..Run: [TPSMain] TPSMain.exe
O4 – HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 – HKLM..Run: [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 8.0ReaderReader_sl.exe”
O4 – HKLM..Run: [SoundMAX] C:Program FilesAnalog DevicesSoundMAXSmax4.exe /tray
O4 – HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP
O4 – HKLM..Run: [GrooveMonitor] “C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe”
O4 – HKLM..Run: [QuickTime Task] “C:Program FilesQuickTimeqttask.exe” -atboottime
O4 – HKLM..Run: [iTunesHelper] “C:Program FilesiTunesiTunesHelper.exe”
O4 – HKLM..Run: [SunJavaUpdateSched] “C:Program FilesJavajre1.6.0_03binjusched.exe”
O4 – HKLM..Run: [ZoneAlarm Client] “C:Program FilesZone LabsZoneAlarmzlclient.exe”
O4 – HKLM..Run: [HP Software Update] “c:Program FilesHPHP Software UpdateHPWuSchd2.exe”
O4 – HKCU..Run: [DAEMON Tools] “C:Program FilesDAEMON Toolsdaemon.exe” -lang 1033
O4 – HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [Vidalia] “C:Program FilesVidaliavidalia.exe”
O4 – HKCU..Run: [BitTorrent] “C:Program FilesBitTorrentbittorrent.exe” –force_start_minimized
O4 – HKCU..Run: [DietPower 4.4 Update Setup] C:Documents and SettingsJoel CasimirLocal SettingsApplication Data{5C0E52B3-AD33-4D51-B6BF-5B701DDC6CD8}DietPowerSetup.exe /updatesetup
O4 – HKCU..Run: [DietPower 4.4 Update Setup for All Users] C:Documents and SettingsAll UsersApplication Data{5C0E52B3-AD33-4D51-B6BF-5B701DDC6CD8}DietPowerSetup.exe /updatesetup
O4 – HKCU..Run: [Runonce] C:WINDOWSsmss.exe
O4 – HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot – Search & DestroyTeaTimer.exe
O4 – HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User ‘LOCAL SERVICE’)
O4 – HKUSS-1-5-20..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User ‘NETWORK SERVICE’)
O4 – HKUSS-1-5-18..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User ‘SYSTEM’)
O4 – HKUS.DEFAULT..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User ‘Default user’)
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 – Global Startup: lsass.exe
O4 – Global Startup: RAMASST.lnk = C:WINDOWSsystem32RAMASST.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:Program FilesJavajre1.6.0_03binssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:Program FilesJavajre1.6.0_03binssv.dll
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 – Extra button: (no name) – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:PROGRA~1SPYBOT~1SDHelper.dll
O9 – Extra ‘Tools’ menuitem: Spybot – Search & Destroy Configuration – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:PROGRA~1SPYBOT~1SDHelper.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe

O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O23 – Service: Atheros Configuration Service (ACS) – Unknown owner – C:WINDOWSSystem32ACS.exe
O23 – Service: Apple Mobile Device – Apple, Inc. – C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:PROGRA~1GrisoftAVG7avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:PROGRA~1GrisoftAVG7avgupsvc.exe
O23 – Service: AVG E-mail Scanner (AVGEMS) – GRISOFT, s.r.o. – C:PROGRA~1GrisoftAVG7avgemc.exe
O23 – Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) – Apple Computer, Inc. – C:Program FilesBonjourmDNSResponder.exe
O23 – Service: ConfigFree Service (CFSvcs) – TOSHIBA CORPORATION – C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
O23 – Service: DVD-RAM_Service – Matsubleepa Electric Industrial Co., Ltd. – C:WINDOWSSystem32DVDRAMSV.exe
O23 – Service: EvtEng – Intel Corporation – C:Program FilesIntelWirelessBinEvtEng.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 – Service: iPod Service – Apple Inc. – C:Program FilesiPodbiniPodService.exe
O23 – Service: Pml Driver HPZ12 – HP – C:WINDOWSsystem32HPZipm12.exe
O23 – Service: RegSrvc – Intel Corporation – C:Program FilesIntelWirelessBinRegSrvc.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – CACE Technologies – C:Program FilesWinPcaprpcapd.exe
O23 – Service: Spectrum24 Event Monitor (S24EventMonitor) – Intel Corporation – C:Program FilesIntelWirelessBinS24EvMon.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 – Service: TabletServiceWacom – Wacom Technology, Corp. – C:WINDOWSsystem32Wacom_Tablet.exe
O23 – Service: TOSHIBA Application Service (TAPPSRV) – TOSHIBA Corp. – C:Program FilesTOSHIBATOSHIBA AppletTAPPSRV.exe
O23 – Service: Tenable Nessus – Tenable Network Security – C:Program FilesTenableNessusnessusd.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:WINDOWSsystem32ZoneLabsvsmon.exe

Script file
[autorun]open=smss.exe
shellOpenCommand=smss.exe
shellopenDefault=1
shellExploreCommand=smss.exe
shellAutoplaycommand=smss.exe
Remove Funny UST Scandal.exe system processes:
Funny UST Scandal.exe
killer.exe
xmss.exe
smss.exe

drop Files-

killer.exe (4084 kb) in c:windows
lsass.exe (3920kb) in c:documents and settingsall usersstart menuprogramsstartup
smss.exe (4088kb) in all root drives and in c:windows
autorun.inf (1kb) in all root drives with a script
Funny UST Scandal.avi.exe (228kb)

Remove Funny UST Scandal.exe files:

Funny UST Scandal.avi.exe
Funny UST Scandal.exe
killer.exe
xmss.exe
smss.exe
Remove Funny UST Scandal.exe registry values:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL
CheckedValue 0
HKCUSoftwareMicrosoftWindowsCurrentVersionRun
Runonce Windows>smss.exe

About the Author

Currently pursuing final year B.S.c I.T (Information Technology) in Subbalakshimi Lakshimipathi College of Science, madurai-22.

Deamon Tools Lite (How to download and use – Tutorial)

Comments Off | Tags: daemon tools free downloads, daemon tools free downloads crack, daemon tools free downloads for windows 7, daemon tools free downloads pc, daemon tools free downloads windows, iso, opensource, software, tools, windows

Cordless Drills & More //

Daemon Tools Free Downloads

Funny Scandal Ust Virus

Recent Posts

Tags

Pages