VAUUCEY virus
Solved/Closed
shirley
-
Feb 27, 2010 at 02:09 PM
Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 - Nov 1, 2010 at 05:11 AM
Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 - Nov 1, 2010 at 05:11 AM
Related:
- VAUUCEY virus
- Goose virus - Download - Other
- Ntuser.dat virus - Guide
- Can jpg have virus - Guide
- How to get rid of trojan virus ✓ - Viruses & Security Forum
- Attrib - r-h-s /s /d *.* virus - Viruses & Security Forum
2 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Feb 27, 2010 at 04:52 PM
Feb 27, 2010 at 04:52 PM
Hi Shirley:
Your virus is known:
VAUUCEY.SCR has been seen to perform the following behavior:
Executes a Process
This process creates other processes on disk
Writes to another Process's Virtual Memory (Process Hijacking)
Registers a Dynamic Link Library File
Injects code into other processes
VAUUCEY.SCR has been the subject of the following behavior:
Added as a Registry auto start to load Program on Boot up
Created as a process on disk
Executed as a Process
Has code inserted into its Virtual Memory space by other programs
Terminated as a Process
There is not much documentation on this virus and Avira is known to not detect it; however here is your best
bet:
Download Malwarebyte which will deep clean your machine: scrub, wash, polish and shine and safely at that.
You may download Malwarebyte to your desktop from here:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Because virus are often self-protective and will prevent running antivirus tools, please click right on the mbam setup icon than on rename. This should fool the virus and that will be two points for Shirley!
Rename it explorer.exe
Install and run the application. From the welcome page, second tab, ensure to update it.
Then, please run a full system scan of your drives.
If Malwarebyte cleans your computer, I suggest the following:
Once your computer is clean and working normally just to be on the safe side
•Turn off system restore and wait 30 seconds,
•Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
I would much appreciate some feedback as we on Kioskea love to read stories with happy endings.
Should you need further assistance, we are here to help, so please come back.
Best regards
P.S. After running Malwarebyte, I would much appreciate a Hyjackthis log from you, just to make sure that everything is running perfect.
You can download Hyjackthis from this site:
http://free.antivirus.com/hijackthis/
Your virus is known:
VAUUCEY.SCR has been seen to perform the following behavior:
Executes a Process
This process creates other processes on disk
Writes to another Process's Virtual Memory (Process Hijacking)
Registers a Dynamic Link Library File
Injects code into other processes
VAUUCEY.SCR has been the subject of the following behavior:
Added as a Registry auto start to load Program on Boot up
Created as a process on disk
Executed as a Process
Has code inserted into its Virtual Memory space by other programs
Terminated as a Process
There is not much documentation on this virus and Avira is known to not detect it; however here is your best
bet:
Download Malwarebyte which will deep clean your machine: scrub, wash, polish and shine and safely at that.
You may download Malwarebyte to your desktop from here:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Because virus are often self-protective and will prevent running antivirus tools, please click right on the mbam setup icon than on rename. This should fool the virus and that will be two points for Shirley!
Rename it explorer.exe
Install and run the application. From the welcome page, second tab, ensure to update it.
Then, please run a full system scan of your drives.
If Malwarebyte cleans your computer, I suggest the following:
Once your computer is clean and working normally just to be on the safe side
•Turn off system restore and wait 30 seconds,
•Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
I would much appreciate some feedback as we on Kioskea love to read stories with happy endings.
Should you need further assistance, we are here to help, so please come back.
Best regards
P.S. After running Malwarebyte, I would much appreciate a Hyjackthis log from you, just to make sure that everything is running perfect.
You can download Hyjackthis from this site:
http://free.antivirus.com/hijackthis/
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 4, 2010 at 09:44 AM
Mar 4, 2010 at 09:44 AM
Hello Shirley,
Did you crush the virus?
Did you crush the virus?
Nov 1, 2010 at 03:54 AM
Will download Malwarebytes and run it.
Where in the Registry can I find and delete the exe or wherelse?
Thanks
Chris
Nov 1, 2010 at 05:11 AM