Mark Manching Posted September 17, 2007 Share Posted September 17, 2007 Credits to PC Express Online and stardestiny for the fix I've finally learned how to kill it... but first an intro... I got this virus in a internet cafe in Cebu, Philippines It exploits the autorun feature in memorycards and copies itself to computers and connected memory cards thereafter Because it does not spread itself to the internet, it hasn't gained enough notoreity to be included in virus defenses of various programs Be sure to also clean your infected memory cards... Here's how you clean it: Download startup control Panel at mlin.net (You're going to use this later) Go to your Task Manager (Ctrl+Alt+Del) Terminate the Wscipt.exe process Terminate the Explorer.exe process Click New Task and Type "cmd" (without the quotes) type the following in your command prompt del c:pooh.vbs /f/s/q/a del d:pooh.vbs /f/s/q/a (include your other drives and USB drives that have been infected) del c:autorun.inf del d:autorun.inf (include your other drives and USB drives that have been infected) del c:windowssystem32kernell.dll.vbs del c:aikelyu.html /f/s/q/a Use the start-up program from mlin.net to remove aikelyu.html on windows startup Go to New Task and type "regedit" (without the quotes) Go to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon and modify it to make the value in Shell to only contain "explorer.exe" That's about it... Good luck everybody... Oh yeah... to the creator of the virus... "Jayker"... go f*ck yourself further readings: http://www.mydigitallife.info/2007/04/19/u...torunvbs-error/ to Jayker: You're Sore Loser! :x Quote Link to comment Share on other sites More sharing options...
K1u Posted September 17, 2007 Share Posted September 17, 2007 Good job mark! Thanks for the contribution :D Quote Link to comment Share on other sites More sharing options...
Mark Manching Posted September 17, 2007 Author Share Posted September 17, 2007 You're Welcome But im First to Kill "pooh.vbs" inside your Windows Box and Your Flash Disk if your Anti-Virus can't detect reason to pooh.vbs slow your windows box :x opens a strage html message after your startup slow system resources p.s. got my karma or rep? p.s.s Download CCleaner at www.ccleaner.com after removing the startup process in pooh.vbs and cleans all junked stuff Quote Link to comment Share on other sites More sharing options...
K1u Posted September 17, 2007 Share Posted September 17, 2007 By chance out of curiosity... do you have the source code of this "virus" so we can see how it infects and learn more about it. Quote Link to comment Share on other sites More sharing options...
Mark Manching Posted September 17, 2007 Author Share Posted September 17, 2007 By chance out of curiosity... do you have the source code of this "virus" so we can see how it infects and learn more about it. im see the code but deleted myself Quote Link to comment Share on other sites More sharing options...
operat0r_001 Posted September 18, 2007 Share Posted September 18, 2007 "I was amazed at the results. Of the 20 USB drives we planted, 15 were found by employees, and all had been plugged into company computers." http://www.averageadmins.com/blog/2006/06/...the-network-is/ Quote Link to comment Share on other sites More sharing options...
VaKo Posted September 18, 2007 Share Posted September 18, 2007 Probally worth bumping this over to the wiki tbh. Quote Link to comment Share on other sites More sharing options...
moonlit Posted September 19, 2007 Share Posted September 19, 2007 Sorry, but despite my better judgement I had to comment on the fact this is technically a how-to for removing pooh from your computer... Quote Link to comment Share on other sites More sharing options...
Mark Manching Posted September 19, 2007 Author Share Posted September 19, 2007 @moonlit ok that. im newcomer to remove that s*it thing :x @VaKo so the pooh.vbs virus or work isn't spead the internet and speads itself running any windows machines on network @all im screwed the creator of pooh virus :x Quote Link to comment Share on other sites More sharing options...
DLSS Posted September 19, 2007 Share Posted September 19, 2007 By chance out of curiosity... do you have the source code of this "virus" so we can see how it infects and learn more about it.yeah we want sauce !!! (to say it the 4chan way xd) Quote Link to comment Share on other sites More sharing options...
K1u Posted September 19, 2007 Share Posted September 19, 2007 By chance out of curiosity... do you have the source code of this "virus" so we can see how it infects and learn more about it.yeah we want sauce !!! (to say it the 4chan way xd) Yummmy... :D Quote Link to comment Share on other sites More sharing options...
Mark Manching Posted September 20, 2007 Author Share Posted September 20, 2007 By chance out of curiosity... do you have the source code of this "virus" so we can see how it infects and learn more about it.yeah we want sauce !!! (to say it the 4chan way xd) Yummmy... :D you want sauce?? pm me to get the code! Quote Link to comment Share on other sites More sharing options...
K1u Posted September 21, 2007 Share Posted September 21, 2007 By chance out of curiosity... do you have the source code of this "virus" so we can see how it infects and learn more about it.yeah we want sauce !!! (to say it the 4chan way xd) Yummmy... :D you want sauce?? pm me to get the code! Just post it on the other site lovable site :D Quote Link to comment Share on other sites More sharing options...
Mark Manching Posted September 22, 2007 Author Share Posted September 22, 2007 By chance out of curiosity... do you have the source code of this "virus" so we can see how it infects and learn more about it.yeah we want sauce !!! (to say it the 4chan way xd) Yummmy... :D you want sauce?? pm me to get the code! Just post it on the other site lovable site :D @im sending that code to K1u Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.