Is a new virus that now conquering all computers by storm, now it is famous but said that cannot be detect by some anti-virus and spyware applications.
This file can perform following behavior:
•File is created as process on the disk.
•This process can create, delete or modify files on the disk.
•Folders change its icon.
•Document folder always open after opening the desktop
•Can't open WINDOWS in hard disk
How to Remove
1. Close any application, browser and your anti-virus.
2. Download ComboFix, we need it to remove the FUvirus.
3. Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
File::c:\windows\IFinst27.exec:\windows\Tasks\AB30F2F3919B68EF.jobc:\docume~1\loimic~1\applic~1\4hole\Tick stupid cast.exec:\docume~1\LOIMIC~1\APPLIC~1\4hole\bitswindowsite .exec:\windows\system32\FUvirus.exe
Folder::c:\docume~1\loimic~1\applic~1\4hole\
Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0b1e74c2-0019-11dc-9a0f-806d6172696f}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1d43c855-47c5-11dd-be43-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{24d4ecec-ab67-11dc-bdba-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2c525715-13f5-11dc-99fb-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4ee655c6-5194-11dc-9a6a-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5020d6b3-51b0-11dd-be49-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{61900cbc-a7bb-11dd-8e21-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6e484edc-9eb0-11dc-9adf-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6eae7034-9ddd-11dc-9ade-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6eae7049-9ddd-11dc-9ade-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{71156742-34a4-11dc-9a30-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8271785a-8183-11dd-be6a-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{924ff07f-ee39-11dc-bdf7-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9b307eb6-7058-11dd-be5d-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9b307ebe-7058-11dd-be5d-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b24f4dfd-0057-11dc-9a11-d5deff17bbf1}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{bb7bd93a-902d-11dc-9ad6-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{da9047ec-0d9d-11dc-99ec-d4aa521976e0}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{eb632e57-5db4-11dd-be4e-00e04cc0c7ec}][-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{eda36a24-9292-11dc-9ad9-00e04cc0c7ec}]
4. Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
DO NOT mouseclick combofix's window while it's running. That may cause it to install.
No comments:
Post a Comment