Monday, March 9, 2009

Remove VBS/Autorun-QO LOVERAHULSAS.vbs


Name: VBS / Autorun-QO (or) LOVERAHULSAS.vbs
Style: virus / spyware
Type: Worm
Propagation method:
(1) move the storage media
(2) Network sharing

Affected operating systems: Windows


VBS/Autorun-QO displays the text "THIS IS AN ANTI-VIRUS AND WILL HELP YOUR SYSTEM TO WORK PROPERLY" and "RAHUL THE H@CkEr".

VBS/Autorun-QO copies itself to accessible drives and the Windows system folder as LOVERAHULSAS.vbs.

VBS/Autorun-QO spreads together with a file autorun.inf. The autorun.inf file is also detected as VBS/Autorun-QO.

The following registry will be created/affected.

HKCU \ Software \ Microsoft \ Internet Explorer \ Main
Window Title
"RAHUL THE H @ CkeR"

HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer
NoFolderOptions
0

HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System
DisableTaskmgr  0

HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System
DisableRegistryTools  0

HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
Shell  explorer.exe

HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
Userinit
\ Userinit.exe
\ wscript.exe
\ LOVERAHULSAS.VBS

Internet Explorer start page is adverse to get change and its corresponding registry is  modified as selected by the malicious code author. 

HKCU \ Software \ Microsoft \ Internet Explorer \ Main Start Page

My tip/advise:

First of all you have to remove all the autorun.inf files from all the drives of your system.Also after doing so,open the registry and change the values that were affected by the virus to its default values.Some of the default values can be checked here.Then restart your system.

Success/Failure put your valuable comments here....

1 comments:

Interesting facts said...

Thanks for sharing your info. I really appreciate your efforts and I will be waiting for your further write ups thanks once again.
Flash Video Player

Post a Comment