Techguy
November 28, 2000, 06:34 pm
PE_USSRHYMN.A
Risk rating: low
Virus type: File Infector
Destructive: N
Aliases:
USSRHYMN.A, W95.Ussrhymn@m
Description:
This direct infector, Windows 9x virus infects PE files that include executable files (.EXE) and screen saver files (.SCR) in the current directory, Windows and Windows System directories. It is also capable of infection all files on the hard disk as well as network and RAM drives ranging from drives, a:\ to z:\. However, this virus does not infect Dynamic Link Library (DLL) files. If the current system day is 1 and the month is January, the virus plays an old Soviet Republic hymn. The virus also drops a Trojan, TROJ_USSRHYMN.A, which resides in memory after the infected computer is re-started.
Solution:
Click START|RUNType REGEDIT and hit ENTER key
In the left panel, click the "+" to the left of the following:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersionRun
In the right panel, search for any of the registry key that contains the data value of
kernel="%WinDir\KERNEL.EXE".
This is the registry key that grants the capability to load the Trojan (TROJ_USSRHYMN.A) whenever the PC is started.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry
Exit the registry.
Restart computer.
Scan your system with your antivirus and delete all files detected as TROJ_USSRHYMN.A and PE_USSRHYMN.A.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.
Risk rating: low
Virus type: File Infector
Destructive: N
Aliases:
USSRHYMN.A, W95.Ussrhymn@m
Description:
This direct infector, Windows 9x virus infects PE files that include executable files (.EXE) and screen saver files (.SCR) in the current directory, Windows and Windows System directories. It is also capable of infection all files on the hard disk as well as network and RAM drives ranging from drives, a:\ to z:\. However, this virus does not infect Dynamic Link Library (DLL) files. If the current system day is 1 and the month is January, the virus plays an old Soviet Republic hymn. The virus also drops a Trojan, TROJ_USSRHYMN.A, which resides in memory after the infected computer is re-started.
Solution:
Click START|RUNType REGEDIT and hit ENTER key
In the left panel, click the "+" to the left of the following:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersionRun
In the right panel, search for any of the registry key that contains the data value of
kernel="%WinDir\KERNEL.EXE".
This is the registry key that grants the capability to load the Trojan (TROJ_USSRHYMN.A) whenever the PC is started.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry
Exit the registry.
Restart computer.
Scan your system with your antivirus and delete all files detected as TROJ_USSRHYMN.A and PE_USSRHYMN.A.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.