Who says new version of operating system would be safe and better than older version ?!?! In this case virus trouble maker show how they can adapted their new technique to touching new version of operating system. In this case “huhhaha” virus has been touched windows vista even it categorized as low risk virus.

“huhuhaha” virus has been created using language “VBScripting” virus size around 6 kb. Spreading technique almost same with classic technique using autorun.inf .. here us virus structure :

  1. autorun.inf (in all root drive)
  2. huhuhaha.vbs (in all root drive)
  3. %systemroot%\WINDOWS\system32\XpWin.vbs

How to detect when you get infected by this virus?

1. look on your run command.

huhuhaha-run

2. System restore deactivated automatically.

3. On your browser header.

huhuhaha-browser

4. Disable UAC (User Account Control) function, Vista team clarify this function as better protection for vista and now it’s already broken so who say vista are safe?

huhuhaha-uac

5. Change registry on name and organization on your registered version to become “huhuhaha

6. De-activated safe mode function, and try to make BSOD (Blue screen of death when you try to access “safe mode”.

huhuhaha-bsod

7. Turned off “security center” function.

How to clean your computer from huhuhaha VBS/Autorun.AO:

1. Unplug your computer from network.

2. Kill active virus process, in this case because this virus run as “VBScript” it will used file “wscript.exe” to run in computer background. Kill wscript.exe by select end process.

huhuhaha-process

3. Delete virus file using search function. search *.vbs file with size around 6 kb and autorun.inf size around 1 kb (I recommended to shown hidden files first before you search)

  • autorun.inf (in all root drive)
  • huhuhaha.vbs (in all root drive)
  • %systemroot%\WINDOWS\system32\XpWin.vbs

4. Repair your registry using this code and safe it as repair.inf or downloaded repair.inf click here:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[UnhookRegKey]
HKLM, SOFTWARE\Microsoft\Security Center, AntiVirusDisableNotify, 0x00000000,0
HKLM, SOFTWARE\Microsoft\Security Center, FirewallDisableNotify, 0x00000000,0
HKLM, SOFTWARE\Microsoft\Security Center, UpdatesDisableNotify, 0x00000000,0
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization, 0, “Organization”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOwner, 0, “Owner”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore, DisableSR, 0x00000000,0
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell, 0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell, 0, “cmd.exe”
HKLM, SYSTEM\ControlSet003\Control\SafeBoot, AlternateShell, 0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell, 0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}, (default), “Universal Serial Bus controller”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}, (default), “CD-ROM Drive”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}, (default), “DiskDrive”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}, (default), “Standar floppy disk controller”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}, (default), “Hdc”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}, (default), “Keyboard”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}, (default), “Mouse”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}, (default), “PCMCIA Adapters”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}, (default), “SCSIAdapters”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}, (default), “System”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}, (default), “Floppy disk drive”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}, (default), “Volume”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}, (default), “Human Interfaces Devices”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys, (default), “FSFilter System Recovery”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}, (default), “Universal Serial Bus controller”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}, (default), “CD-ROM Drive”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}, (default), “DiskDrive”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}, (default), “Standar floppy disk controller”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}, (default), “Hdc”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}, (default), “Keyboard”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}, (default), “Mouse”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}, (default), “Net”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}, (default), “NetClient”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}, (default), “NetService”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}, (default), “NetTrans”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}, (default), “PCMCIA Adapters”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}, (default), “SCSIAdapters”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}, (default), “System”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}, (default), “Floppy disk drive”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}, (default), “Volume”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}, (default), “Human Interfaces Devices”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys, (default), “FSFilter System Recovery”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI, (default), “Driver Group”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys, (default), “Driver”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt, (default), “Service”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC, (default), “Service”

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\RunMRU, a
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Ageia
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Systemdir
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system, EnableLUA
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon

5. For future safe reference you can use your favorite antivirus program to scan all your system. I recommended to use norman and norton antovirus (I’m not promote them!)

Similar Posts:

Related Search Terms:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!