this U.Z.A thing is becoming a big problem now. and these seems to be no good tutorial on the internet about this.
below is something i found while surfing for this and i would like to share it. i did try this and did remove it from the current user i was in but didn’t help the other users. so i guess its back to exploring.
—————————————-
what u need to do:
Go into registry
hklm\softwar\microsoft\windowsNT\currentversion\winlogon\
delete “IgnoreShiftOveride”
hkcu\software\microsoft\windows\currentversion\policies\system\
delete all hives under system, but default.
So now you can open Task manager use shortcut Ctrl Alt and Del
select Process Tab
From there you can find UOS.EXE .end process that one
Go to C:\Windows\System
Delete UOS.EXE
Ok Now is to change boot logo.
okay go to System properties from control panel or use the easy way (press windows button and Pause Break from the keyboard.)
okay select the Advance tab
under the startup and Recovery go to settings
Now find a Edit button
Now it will take you to the boot.ini
here is the Default file.
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /noexecute=optin /fastdetect
so delete any thing comes after fastdetect
Okay now the last thing , to change the UZA O/S near the system clock.. right?
change this keys from Registry
HKEY_CURRENT_USER\Control Panel\International\
“sTimeFormat”=”h:mm:ss tt”
and delete these dll’s from the directory (which you might not find)
C:\Windows\system32\
DPP(1).dll,DPP(2).dll,DPP(3).dll,DPP(4).dll,DPP(5).dll,DPP(6).dll,DPP(7).dll,DPP(8).dll,DPP(9).dll
DPP(10).dll
C:\Windows\system32\VisLoader.exe
C:\Windows\boot.bmp
C:\Windows\system32\PWallpaper.jpg
so now restart and check how it went.
original tutorial obtained from
http://modish.wordpress.com/2007/08/14/uza-operating-system/
14 Comments
Comments RSS TrackBack Identifier URI
Leave a comment
http://cyryx.blogspot.com/2007/08/i-was-infected-by-u.html
I THINK downloading this might be easier? Im no techie but I got it so…
The above mentioned blog has moved to:
http://sumbolo.blogspot.com/search?q=uza
I think what I did was easier. When my system got infected I just did a System Restore and restored the PC to the previous day. Worked perfectly and without any hassle. Took only a minute or so. But if you want to get technical I guess this is the way to go. I really don’t understand why people think this is such a big bad virus… it isn’t even a virus, right? A friend even formatted and reinstalled Windows over this.
azmyst ur correct it does work in some cases. some times when u do a simple system restore it does work. but i haven’t seen a system restore work when its fully infected. once i got my home pc infected and that time i just saw a uos.exe running in the task manager. i simply ended it and did a system restore. but that there was no defacing on the boot screen or the wallpaper.
next 3 times i saw this it was totally infected. like the wallpaper and the boot screen. during this if u try system restore u will see on each and every restore point there will be “uza o/s” written if u try to restore it to the earliest point u ever get ull end up with UZA in action.
so these times i ended up reinstalling the OS.
my pen is infected with uza and my folders cannot be opened how can i remove uza and restore my files and folders
hey zack i have seen few pendrives infected with that virus. as i remember there was a file called mypersonaldata.exe or mypersonalfolder.exe i think its the same thing. in some drives i came across i just deleted the files like autorun and things. in others there was only one file which is mypersonaldata.exe or mypersonalfolder.exe these times the owner of the pendrive did ask me to recover the data in it but it seems there wasnt any in it when i ran a recovery tool. so could u gimme a little more details abt the situation ur in.
hey.. may i ask? where did this thingy came from? I wasnt even connected to the internet the day before, and it was just like normal when i use it yesterday, but today, when i started my computer, there was this UZA O/S at my desktop.. I still havent connected to the nternet yet.. If i do system restore, the thing might have still be in my computer.. i’m so lazy to do the exploring thingy.. guess this thing is still new is it? i will try my best to remove this..
then u must have the file uos.exe running before also but it didnt trigger the full infection.
the most common way this thing spread is by portable data carrying medias. like pen drives.
about windows restore. i did post before also that it ur systems gets fully infected then u even though u restore it to the earliest it wont work.
Hey, i know how to remove uza, use uza eliminator or something which a friend of mine used to remove uza from his pc. but i just used the one above.
i had uza infected in my pc & i used some uza eliminator…it cleared everythin & it looked fine until today i found a file name recycler…and now i cant open taskmanager or either regedit…so can somebody tell me a solution.. :S
vsam may be thats due to another virus.i think u would feel much better if i tell u that u need a format and reinstallation of o/s
Chinese, Japanese, Russian, European, and more characters
hokay!
PsDFGl comment1 ,