Noooh Fix (Sys.exe, ComSys.dll)

Written by Administrator | Friday, 18 September 2009 05:10

Information

Amendment to the parameters of the system which could impact negatively on the functioning of the system.
Amendment parameters in the Registry preventing you:

Using standard tools for editing registry
To restore the system
Using the Task Manager
Using cmd.exe

The virus displays the following information : Please Try to open - TaskManager - now

Alias :

Trojan.VB.DRRX [PCTools]
Trojan.BAT.Killfiles.OZ [PCTools]
Virus.Win32.AutoRun.cb [Kaspersky Lab]
W32.SillyFDC [Symantec]
W32/Hooon.worm [McAfee]
TROJ_AGENT.SCD [Trend Micro]

File

<Windows>\Web\Sys.exe
<System>\ComSys.dll
<System>\KillAll.bat
<All Root Partition>:\autorun.inf
<All Root Partition>:\Sys.exe

Registry Keys created:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System

Values created:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- NoooH = <Windows>\Web\Sys.exe
- Ce qui entraine le lancement de ce programme à chaque démarrage de Windows

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
- DisableSR = 0x00000001
- Désactive la restauration système

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
- DisableTaskMgr = 0x00000001
- DisableRegistryTools = 0x00000002
- Désactive le gestionnaire des tâches et les outils d'édition de la base de registre

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
- DisableCMD = 0x00000001
- Désactive cmd.exe

ATTENTION

This virus runs automatically each time you open or explore a partition, it is preferable to download the patch and unpack it on the desktop, reboot your machine in Safe Mode and run the patch, always in safe mode.