http://net-studio.org >> Patch>
    logininscription
 

Sohanad and all its variants

   
Google
 
  Patchs for virus
  Tutorials
  Tips
  Forum
  Windows Optimum
USB FireWall
Boost Google Search

 

 
Alias

Here are SCVVHSOT.exe's alias

  • Worm.Sohanad.U [PCTools]
  • WORM_SOHANAD.DS [Trend Micro]
  • W32.Imaut.A [Symantec]
  • W32/YahLover.worm [McAfee]
  • IM-Worm.Win32.Sohanad.as [Kaspersky Lab]
  • TROJ_AUTORUN.AHP[Sophos]

 
Information

Sohanad is a virus that spreads from yahoo messenger, it sends a message to all contacts of the victim which invitates their to download a file which is the virus in question. The virus spreads also via USB or external hard drive.
File

This virus puts three files in your system:

  • <System>\SCVVHSOT.exe
  • <Windows>\SCVVHSOT.exe
  • <System>\autorun.ini

And another two files in all your root directory and removable drive:

  • autorun.inf
  • SCVVHSOT.exe

 
Registry

Creates registry entry

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NofolderOptions
    0x00000001
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001

    DisableRegistryTools
    0x00000001

  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    Yahoo Messengger
    %System%\SCVVHSOT.exe

Change the value

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    SCVVHSOT.exe

 
ATTENTION

This virus launches out automatically to each time you open or explore an USB key, it is thus preferable to download this patch and to decompress it on the desk, to start again your machine in safe mode and of launching the patch, always in safe mode.
Insert all your USB keys when you launch the patch so that they all are disinfected.

Instruction on how to restart your computer in safe mode.
 
 
  Link  
 

Télécharger

  
 

Latest fixs:

  • cftmonn.exe (ksven, Autorun.dhl)
  • sbsm.exe, softhomepage.com (sbsm.dll,sbmdl.dll)
  • Virtual Made (Virtual Maid.dll, http://www.searchmaid.com)
  • VirusHeat (VirusHeat 4.3.exe, VirusHeat.exe)
  • MonaRonaDona (srvspool.exe, registrycleaner2008.exe)
  • Noooh (Sys.exe, ComSys.dll)
  • NetSky (FVProtect.exe,FirewallSvr.exe,netstats.exe) and all its variants
  • Tavo.exe (tavo0.dll, tavo1.dll) and all its variants
  • Patty.exe (S0UNDMANS.EXE,1sasrv.dll,adsldps.dll,twain.dll,realsched.exe)
  • Kxvo.exe and all its variants
  • Kavo.exe and all its variants
  • VirtuMonde (VirtuMondo, Vundo, TROJ_VUNDO, TROJ_MEREDROP,DL.Small.ADIB)
  • Sohanad fix (SCVVHSOT.exe, svchost.exe) (W32.Imaut.A, TROJ_AUTORUN.AH, Worm.Sohanad)
  • SdBot fix (ctfmonn.exe) (Backdoor.SdBot, Sdbot.worm.gen.a)
  • Amvo.exe (3o.exe, y82td3td.com, i.cmd, fppg1.exe, ekugb3.bat...) and its variants other than already proposed here
Top  
 
 
COPYRIGHT (C) 2008 NET STUDIO, ALL RIGHT RESERVED