These USB drives are driving me crazy. Most of the times they carry unwanted guests (Virus files). Earlier it was Brontok (remember that 44 KB file, a folder with .exe extension). Now we can see Music folder in almost every pen drive.
What is it exactly?
hmmmmmm
I am not sure about what it is exactly, but few things i can tell you about it.
- If it is executed or if it has a presence in your system then it will do the followings:
- It will create a 232 KB folder in your hard drive.
- It will start a fake lsass.exe process, the origin of this process is C:\windows\system.
- The original shell extension file exists in C:\windows\system32 folder.
- You can delete the Music folder if this process is running but it will come back.
- Now simply do the following to kill this
- Kill the process lsass.exe in task manager which has user name as "Administrator" or "Your name"
- Delete file lsass.exe from C:\Windows\system.
- Now remove registry entry:
- If you are running Windows 95/98/ME, this startup entry is being started via the Shell= line in the Windows\system.ini file.
- If you are running Windows NT/XP/Vista/2000/2003, this startup entry is being started via the Shell= line in the registry key:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Comments are welcome. You may seek help or reply me @ spgarg04@gmail.com
