Music folder virus in your pen drive

Hello,

These USB drives are driving me crazy. Most of the times they carry unwanted guests (Virus files). Earlier it was Brontok (remember that 44 KB file, a folder with .exe extension). Now we can see Music folder in almost every pen drive.
What is it exactly?

hmmmmmm

I am not sure about what it is exactly, but few things i can tell you about it.

1. If it is executed or if it has a presence in your system then it will do the followings:
• It will create a 232 KB folder in your hard drive.
• It will start a fake lsass.exe process, the origin of this process is C:\windows\system.
• The original shell extension file exists in C:\windows\system32 folder.
• You can delete the Music folder if this process is running but it will come back.
  
2. Now simply do the following to kill this
1. Kill the process lsass.exe in task manager which has user name as "Administrator" or "Your name"
2. Delete file lsass.exe from C:\Windows\system.
   
3. Now remove registry entry:

• If you are running Windows 95/98/ME, this startup entry is being started via the Shell= line in the Windows\system.ini file.
• If you are running Windows NT/XP/Vista/2000/2003, this startup entry is being started via the Shell= line in the registry key:
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

Once you do these steps. You can delete the Music folder and it won't come back.

Comments are welcome. You may seek help or reply me @ spgarg04@gmail.com