[Tutorial] How to remove FUvirus

FUvirus

Is a new virus that now conquering all computers by storm, now it is famous but said that cannot be detect by some anti-virus and spyware applications.

This file can perform following behavior

•File is created as process on the disk.

•This process can create, delete or modify files on the disk.

•Folders change its icon.

•Document folder always open after opening the desktop

•Can't open WINDOWS in hard disk

How to Remove

1. Close any application, browser and your anti-virus.

2. Download ComboFix, we need it to remove the FUvirus.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote:

KillAll:: File:: c:\windows\IFinst27.exe c:\windows\Tasks\AB30F2F3919B68EF.job c:\docume~1\loimic~1\applic~1\4hole\Tick stupid cast.exe c:\docume~1\LOIMIC~1\APPLIC~1\4hole\bitswindowsite .exe c:\windows\system32\FUvirus.exe Folder:: c:\docume~1\loimic~1\applic~1\4hole\ Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0b1e74c2-0019-11dc-9a0f-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1d43c855-47c5-11dd-be43-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{24d4ecec-ab67-11dc-bdba-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2c525715-13f5-11dc-99fb-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4ee655c6-5194-11dc-9a6a-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5020d6b3-51b0-11dd-be49-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{61900cbc-a7bb-11dd-8e21-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6e484edc-9eb0-11dc-9adf-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6eae7034-9ddd-11dc-9ade-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6eae7049-9ddd-11dc-9ade-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{71156742-34a4-11dc-9a30-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8271785a-8183-11dd-be6a-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{924ff07f-ee39-11dc-bdf7-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9b307eb6-7058-11dd-be5d-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9b307ebe-7058-11dd-be5d-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b24f4dfd-0057-11dc-9a11-d5deff17bbf1}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{bb7bd93a-902d-11dc-9ad6-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{da9047ec-0d9d-11dc-99ec-d4aa521976e0}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{eb632e57-5db4-11dd-be4e-00e04cc0c7ec}] [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{eda36a24-9292-11dc-9ad9-00e04cc0c7ec}]

4. Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall.