Friday, November 9, 2007

Prevent Autorun Viruses from Infecting Your Pc - How to Disable Autorun in Flash Drives

If you are looking for the Funny UST Scandal avi.exe remover, visit this link: http://techpinoy.blogspot.com/2007/11/funny-ust-scandal-aviexe-remover.html


Prevent autorun.inf Viruses from Infecting Your Pc


Prevention is better than cure.

Here are some examples of autorun viruses which rely on the autorun function of Windows to infect PC’s and flash drives.

Funny UST Scandal.avi.exe (latest one in the Philippines)
Autorun.vbs
win32.autorun.k
copy.exe
imgkulot
taga lipa are
autorun.vbs
recycler
FS6519.dll.vbs
strawberry from baguio
W32/Perlovga (copy.exe | host.exe)
VBS_RESULOWS.A (Hacked by Godzilla, Hacked by Moozilla)
Bha.dll.vbs
w32automa worm (Autorun.vbs)
Trojan.Win32.VB.atg | Win32/Dzan | Worm_vb.bnr (tel.xls.exe | mmc.exe)
W32/RJump.worm (RavMonE)
Worm.Win32.Delf.bf | W32.Fujacks (spoclsv.exe)
W32.Fujacks.BH (Fucker.vbs)
WORM_AGENT.PGV (soundmix.exe)
W32/Hakaglan.worm (RVHost.exe)
Trojan.Win32.VB.ayo [AVP] (Macromedia_Setup.exe)
Trojan.VBS.DeltreeY.b#1 (Destrukto!!! | destrukto.vbs)
etc.


To prevent these kinds of viruses on infecting your PC, you need to disable autorun function in your computer, unfortunately, just shutting down autoplay is not a fix. You might think that you could protect yourself from AutoRun by adding two (2) keys to your Registry (NoDriveAutoRun and NoDriveTypeAutoRun) but these keys can be overridden by some programs.


Solution is here:

1. Start Notepad [Start Menu-All Programs-Accessories-Notepad] or right-click any empty space in your desktop then select New-Text Document
2. Copy the following text. (note: Everything in between the square brackets should be in one line)

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"



3. Save the file with a name (anything) like DisableAutoRun.reg (The extension .reg is the important part)
4. Double Click your newly created registry file. Choose yes or continue to the warning that will appear.


But what if you are already infected with the virus? There are several programs on the internet that you can download. Here are some of those programs that can be helpful:

Taga Lipa Are Remover (or Noob Killer) by Leerz (<--click to download) NOOB KILLER can also cure some variant of those viruses listed above. Baguio Strawberry Removal Tool also by Leerz


Here's another one:

Flash Disinfector by sUBs (<--click to download) You can also use RRT or Remove Restriction Tool if the virus make changes to the system restriction. These restriction are most often:

1. Task Manager - Disable Ctrl+Alt+Del
2. Disable Folder Options
3. Disable Show hidden files
4. Disable the Run Command
5. Firewall
6. Internet Options


Hope these information help you.

PS.

Maybe someone can send me the Funny UST Scandal.avi.exe virus along with the autorun.inf.

25 comments:

Anonymous said...

hahaha..nabura ko na..thanks,,galinbg tlaga ng mga pinoy!

Triggy Morton said...

Hi. I sent you a copy of the so called Funny UST Scandal.avi.exe file together with the autorun.inf.

Anonymous said...

hi! i already did kung ano ung nkapost sa taas na solution..ung about DisableAutoRun.reg...paano ko malalaman kung wala na ung virus??? thanks!

Anonymous said...

hello...pano ko po ba mlalaman kung infected n ng virus ung computer ko...kc may pumasok na "funny ust scandal" n galing saq yahoo messenger...thank u poh!

Anonymous said...

hey there... my pc is infected with the funny ust scandal. i was able to delete it but problem is still there. any thoughts?

yanbu wizzard said...

Hi po! Gumamit kayo ng LIVE CD (BARD PE)Para ma delete nyo ang mga hidden files na nk hide sa mga root directories ng lahat ng drives. LIVE ay gimitin pr mk boot at mag load ng sariling windows. Punta sa command promt, tanggal mga attributes ng mga sumusunod: c:\Funny UST SCANDAL.avi.exe, SMSS.exe, at autorun.inf. Check nyo sa lahat drives. meron pa, sa c:\windows, my hidden files na killer.exe, Funny ust scandal.avi.exe, autorun.inf,hh.exe. Delete nyo mga yan.
Tapos turn off your pc.
Hope it works!

Anonymous said...

where can i get that LIVE CD? i searched it online, ang daming results eh (particularly for linux ata). any recomendations?

Ramesis said...

Hello to everyone! my pc is infected by this funny ust scandal.avi.exe. so recently i've installed this PREVX 2.0 anti-malware. as we all know mcafee and some other AV softwares are being disabled by this virus keeping us from using our AV sw's. but this PREVX was able to scan without being cut off. it was able to detect the funny ust scandal.avi.exe, smss.exe, killer.exe, Lsass.exe, and some others from root drives.
but unfortunately, i'm unable to delete these malwares from my system (im just using the trial version). trial version only allows you to scan, block, and quaranteen, i think. the full version, you have to purchase (around $25).
so if anyone knows about this PREVX 2.0 and has the full version, can u let me know if it really works. thanks!

yanbu wizzard said...

Hi! To make LIVE CD, follow the link http://www.nu2.nu/pebuilder/

kala_mai21 said...

hello!!! am infected with the stupid "fUNNY uST sCANDAL.AVI" nakakainis kc it keeps my floopy drive working... tanong ko lang..... D na ba talaga pedeng gamitin yung add ko na infected nang virus na to?? hOW CAN i MAKE MY pC SECURE OVER THE NET???,, OK BA ANG MAG DEFREZZED???

abscbnvsgma said...

ako may alam...

kung 2 HDD nio... ng infected gwin niong primary windows... kahit win98 lng..

if ur Windows dir "C:\Windows" then ur slave HDD is "D:"

plz.. Start>Run then type this...
"D:" (note: without ")

the delete Funny UST Scandal.avi & xmss.exe

c",)

ayanamirei said...

yung akin po nabura ko na lahat nung mga file na un... kaya lang may problema pa po. nag ka-crash explorer.exe pag pumupunta sa c:\windows. pano po kaya gagawin ko... patulong naman po... salamat!

kasumi said...

kasama ba yung "4" dun sa line ng

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

kazuyen said...

yug binigay nyo po na pang tangal ng virus gumadana pero pag ni restart ko bumabalik lng po pede po bang paki ulit nyo kung paano aalis mga registry ng virus???

HeroOfTheDay said...

@kazuyen

na try nyo na po ito?

http://techpinoy.blogspot.com/2007/11/funny-ust-scandal-aviexe-remover.html

Triggy Morton said...

try SOPHOS anti virus. It worked for me :)

kazuyen said...

na try ko na po yung remover ba ganun din maalis pero bumabalik gusto ko sana malaman kung paano permanently maalis kc affected lahat dito s com. shop naka network cla na try ko na clang inaalisan ng sabay2x pero same pag restart ng pc ganun pa din anyway.
tsaka yung s cmd na steps not valid namn not found pls help me out

jenny said...

my anti-virus detected a "worm/autorun.k" in my pc.. ang bagal ng pc ko ngayon..pag nagsscan ako (using avg), 8hrs na akong nagsscan, 10thousand files pa lang ang naiiscan nya.. pag nag-ym ako, it sends an IM to all my friends.. and di ko rin magamit ung task manager ko.. i think that virus disabled it or something..

please help! what can i do to get rid of the virus.. thanks a lot..

jenny said...

and yeah, a simple wipe or heal doesn't do the job :(

TechPinoy said...

@jenny

suggestion ko lang, palitan mo na yang avg, i've been a long time user ng avg, lahat ng nagpapagawa dito sa shop ko, yan din ang sinasuggest ko na gamitin, kaya lang nong nauso yang mga autorun viruses, ang daming nakakalusot sa avg.

nag switch na ko sa avast ngayon. libre rin sya, kailangan mo lang iregister para magamit mo ng 1 year, after non register ka na lang ulit.

pag nag install ka ng avast, tatanungin ka sa setup kung gusto mong enable yung scan ng pc before mag boot ang windows, press ok, one time lang naman yon, hindi every boot.

pero before ka magrestart, erase mo muna temporary internet files, pati laman ng recycle bin, pag madami kasi temp files, mas matatagalan ang scan. update mo din muna avast before restart.

jenny said...

@ techpinoy

thanks sa advice.. id like to agree that avast is a better virus buster.. though disabled pa rin ung task manager ko after deleting the viruses with avast, nakahanap ako ng tips from a thread kung pano sya ieenable and it worked..

salamat ulit! ok n ung ym ko and better n ung speed ng pc.. :)

jake r said...

question lang. i tried downloading the avast home edition from the avast site. however i got a message from my mcafee viruscan which tagged the downloaded file as a trojan. bakit kaya? plano koNG Iinstall ang avast alongside avg sa laptop ko.

TechPinoy said...

@jake r

if you downloaded it from the avast official site, i can say that it's just a false positive and also i don't recommend using two anti-virus in one computer. you just need to keep your anti virus updated

jake r said...

thanks for yur feedback. more power to you guys

hoshi said...

hindi po gumagana yung disableautorun sa amin.... =[

pero thank u thank u thank u very much po, natanggal ung Funny UST scandal!!! doumo arigato gozaimasu!! kamsahamnida!!