-
-
Yesterday I got a new type of “Stupid Worm” hidding in background as xmss.exe. It copied itself on Local disk and Windows Directory (%Windir%). Terminated “Windows Task Manager”, Windows Command Prompt (DOS-Prompt) & crashed System Internal Process Explorer (procxp.exe).Its not a funny video
According to McAfee, this worm is known as W32/Autorun.worm.g.
It can propagate itself over removable media and network drives and cause execution of malicious code via an autorun.inf file.
XMSS.exe Win32 AutoRun Files
- x:autorun.inf
- x:xmss.exe
- x:Funny UST Scandal.avi.exe
- %Windir%\autorun.inf
- %Windir%\xmss.exe
- %Windir%\Funny UST Scandal.avi.exe
Fixes Win32 AutoRun.* Worm
Here’s a few step to prevent Win32 AutoRun Worm.
- Disabled System Restore for Temporary - KB 264887
- Boot Windows in Safe Mode - KB 315222
-
In Windows Safe Mode, Open Windows Registry Editor
Windows Start > Run > Regedit
-
Browse to the following registry settings ↓
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
- Replace
explorer.exe, xmss.exe with exporer.exe
- Delete all the following files
- C\autorun.inf
- C\xmss.exe
- C\Funny UST Scandal.avi.exe
- X:\autorun.inf
- X:\xmss.exe
- X:\Funny UST Scandal.avi.exe
- %Windir%\autorun.inf
- %Windir%\xmss.exe
- %Windir%\Funny UST Scandal.avi.exe
%Windir% refers to the Windows folder (e.g. C:\Windows, C:\WindowsNT) and X: is drive letters used by a removable or network drive
- Clean All Windows Temporary Files
- Restart Windows
XMSS.exe Win32 Autorun Variants
VirusTotal.com - Dec 2007 Results.
Antivirus Version Last Update Result AhnLab-V3 - - - AntiVir - - - Authentium - - - Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - Worm.AutoRun.abt ClamAV - - Trojan.Autoit-6 DrWeb - - - eSafe - - suspicious Trojan/Worm eTrust-Vet - - - Ewido - - - FileAdvisor - - - Fortinet - - W32/Autoit.BG!tr F-Prot - - W32/Trojan!c4a4 F-Secure - - Trojan.Win32.Autoit.bg Ikarus - - Virus.Win32.AutoRun.pc Kaspersky - - Trojan.Win32.Autoit.bg McAfee - - - Microsoft - - - NOD32v2 - - Win32/HackAV.P Norman - - - Panda - - Suspicious file Prevx1 - - Trojan.DoS.Win32.Opdos Rising - - Worm.Win32.Autorun.jax Sophos - - - Sunbelt - - - Symantec - - - TheHacker - - Trojan/Autoit.bg VBA32 - - Virus.Win32.AutoRun.pc VirusBuster - - Trojan.AutoIt.BB Webwasher-Gateway - - Riskware.HackAV External Links
-
- February 16, 2008 at 11:58 am
- June 24, 2008 at 3:58 pm
- 0.3
- url
-
-
-
11 Responses to “How to remove XMSS.exe Win32 AutoRun worm”
Trackback URL: Use the TrackBack url ↑ to ping this article. If your blog does not support Trackbacks you might want to leave a comment instead. -
-
-
- permalink
-
[...] Source Article [...]
-
- 1 pingback(s) þ markiee.com on WordPress 2.5.1
-
-
- permalink
-
[...] Maybe this page can help: How to Remove XMSS.exe, Funny UST Scandal.avi.exe - Win32 Autorun Worm ( autorun.abt,autorun.fj.worm... [...]
-
- 1 pingback(s) þ www.askmehelpdesk.com on vBSEO (http: www.vbseo.com)
-
-
-
"write as if you were talking to a good friend (in front of your mother)."
.haveyoursay
Disclaimer: For any content that you post, you hereby grant to Kakkoi the royalty-free, irrevocable, perpetual, exclusive and fully sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such content in whole or in part, world-wide and to incorporate it in other works, in any form, media or technology now known or later developed. Some rights reserved.
-
but i open safe mode after restor temprary off then i write on regedit on run buut the hide alll things they not show above picture setup
here's a quickie.
Press the Windows Start key (the windows Logo), select Run.
Browse like you normally do with windows Explorer ..
click HKEY_LOCAL_MACHINE first
then find SOFTWARE and so on.
The directory is like in step 4
"HKEY_LOCAL_MACHINE → SOFTWARE → Microsoft → Windows NT → CurrentVersion → Winlogon → Shell"
read step 5 and continue.
once i'm in safe mode(admin) and i type regedit, and i'm just starting to browse,EVERYTHING just disappears,and refuses to open again,..what should i do!?...plz i need help
↑ mina - download killbox used it to delete xmss.exe inside all the folder at step 6.
Thanks GUYS!!!! I owe you a lot!!! that virus won't get rid of my PC! I'm hoping that with your advise, I may be able to delete permanantly the not reall funny worm.
Remove Funny Scandal without any anti virus
Remove completely funny ust scandal avi.exe(virus) from your hard disk without using any anti virus and just installing fresh copy of window. This is done by jitender kumar. For any problem regarding viruses contact me on my e mail id
Funny ust scandal.avi.exe run these files :
If your computer corrupted with funny with xmss.exe then you :
And if funny with smss.exe then you are in some better condition . ok now apply this steps and give me reply and your experience on my e mail id and you can be my friend. Ok best of luck so for removing this virus you must install windows at one time and following these steps you will remove this virus.
OR
another solution for removing this virus first follow above 4 steps and then try this trick
then restart your system
and check virus on your computer by right clicking on all drive and if their is autoplay or autorun option then virus is their in your drive othervise virus is removed then use your full system
then follow 10 and 11 step.
I am a student and struggling for bright career in IT company so please must reply me your experience about viruses if you feel good by my solution. It will motivate me.
Jitender kumar
MCA student of software engineering
MIET Engineering college, Meerut
UP, INDIA
Gmail email icon generator by http://services.nexodyne.com/email/ ~ed
whats us the correct anti virus software for this problem,,,,,
firstly you have to downloads killbox.exe to enable you to delete the xmss.exe file....you must delete it in every partition of your computer and after that you can adjust the regsitry and use the antivirus,the other 2 file just ignore it and delete it using antivirus...i use ↓
but must remember to turn off the system restore first...anythings...ask me at yahoo messenger...afandi_mustaffa
how do you remove win32.Autorun.dmj