Friday, March 28, 2008

Manually Removing STI Virus: Transmit.exe, isetup.exe, autorun.inf, folder.exe

I'll teach you how to manually remove a particularly troublesome virus.

My PC just got infected with a new virus made by an STI Student from the Philippines. How did I know it's made by someone from STI? Because it leaves a Pegasus.log file on the root of your hard drive, and all the contact information about the virus maker is there. I had to manually remove the virus. I'll tell you how.

I frequently update my virus scanner, and I'm using ESET Smart Security, or NOD32, the best anti-virus so far. So okay, since the virus got in, I figured it must be new. My virus scanner is updated daily.

This virus will close the virus scanner, and any attempts to install a new virus scanner will be blocked.

Since I am on dual boot, one on Windows XP and one on Windows 98, I figured the virus would not work on Windows 98. And it didn't.

So I just took note of the files of the virus. While on Windows XP, I kept on pressing CTRL+ALT+DEL to see what were the scripts involved. The virus keeps closing the Task Manager.

To remove the virus:
The idea is to access your hard drive using an alternate operating system that the virus doesn't work on. For me, it was Windows 98, but Linux could work too.

Now, search for the files transmit.exe, isetup.exe, and folder.exe and delete them.

On each of the root of your drive, delete the autorun.inf file. If you try opening it using notepad or any text editor, you'll see that it tries to launch the tranmit.exe file.

That done, search your hard drives for *.exe with a file size of 240 KB. Delete all those files that have a folder icon, with a size of 240 KB.

That's it! You're free from the virus.

If this doesn't work for you, try this tutorial I found on the net...

Honestly, I'm amazed about this virus. It's pretty troublesome! I think I'm gonna try making my own virus sometime. lol.

(Did you find this post helpful? Feel free to leave any questions, comments, suggestions, and feedback.)

No comments: