Sunday, November 2, 2008

Hacked by Stout

The stout virus removal process

You can manually remove the stout/sasha virus in three major steps. The process will also work for any other variant of this virus (Script) e.g. hacked by Sam, Man etc

STEP I (disabling sasha from running as a process during system startup)

  • Click start – run then type Msconfig
  • Choose the startup tab to display programs that run during system startup
  • Un-tick the check box for sasha so that it does not run during the next system startup.
  • Click apply
  • Restart the computer

STEP II (Deleting sasha.vbs script and autorun.inf files from system drives)

Login into the system after system startup.

  • beware not to double click any drive otherwise the autorun file will run sasha so during this process always right -click and chose explore to open drive C or any other drives.
  • Show hidden files by
  • Clicking tools-folder options-view
  • Choose show hidden files option
  • Un-tick hide extensions for known file types and hide protected operating system files options.
  • Click apply
  • Right click C drive choose explore
  • Locate sasha.vbs and autorun.inf files and delete them
  • Open c:\windows folder and delete only sasha.vbs (this is the file that runs at system startup). If you are not able to delete this file then it means that sasha is still running as a process therefore repeat step I
  • Search for sasha.vbs and autorun.inf in flash disks and any other drives (D,e etc) even in the system recovery drives for those using the current hp computers . Empty the recycle bin.
  • Remember to restore folder option defaults to hide hidden files and operating system files you exposed above.


 

NB: ensure you delete the autorun.inf file that executes the sasha.vbs .

Be careful not to delete a genuine file for other programs.

Ascertain that it's the right file by right-clicking the autorun file then open in notepad.

The content of the file should read shellexecute ......=sasha.vbs.

STEP III (editing the system registry)

  • Click start-run and type regedit to open the registry
  • Expand the following keys
  • HKEY_CURRENT_USER/software/Microsoft/Internet explorer/main.
  • While in this key delete the window title key (sasha has edited it to read
  • Hacked by stout lord kingz)
  • HKEY_CURRENT_USER/software/Microsoft/Internet explorer/TypedUrls
  • Delete all the keys registered in this hive and leave only (ab) default


 

You can further restrict editing of the two keys above (Main and typeUrls) by changing permissions for all the users and system to read (i.e. remove full control option from all the users). This step prevents any further editing of this explorer option by any variant of this virus (Script) however this step is optional.

Restart the computer for the last time

Your computer is now clean
Posted by at

1 comment:

Unknown said...

Its a wonderful site

November 10, 2008 at 7:44 PM

Post a Comment

Subscribe to: Post Comments (Atom)