Saturday, June 14, 2008

I Defeated The iftuyszv.exe Malware!

As of today I was able to complete a two day battle against this new and powerful Malware bug. The main program that spawned a load of problems on my work computer is the ituyszy.exe malware. It's only been reported to be around this month. This thing was a killer; not anymore!
This blog post hopefully might help you if you are dealing with this crazy computer virus.


Here's a list of what it did:

  1. Slowed down my computer (that's easy)
  2. Spawned bogus Windows Command Center messages
  3. Spawned Bogus Windows Toolbar messages about supposed current Spyware in the computer...
  4. ..all to get you to buy bogus Spyware, Adware software on a fake site that pops up over and over again on Internet Explorer.
  5. Deleted my background image with a bogus linked image to its stupid site.
  6. Disabled my task manager!
  7. Deleted all System Restore Points, except when it was installed!
  8. Prevented a hard delete of it via DOS.
After at least a day or so of scans, debugs and other failed attempts to delete it....

Here's a list of what I did to stop it:

  1. Put the computer into Safe Mode; since the malware slowed the whole system and this speeds things up a bit.
  2. downloaded Spybot - Search & Destroy w/ the latest libraries.
  3. Used Spybot's "Immunity" function to slow the progression of the malware.
  4. Ran the Spybot search which is 100x faster than the other garbage that I downloaded that wanted you to pay for their slow programs.
  5. Did their "fix problems" function to correct the problems caught.
  6. While it was searching and fixing I went and located the cause of all the multiple programs being run... C:\Windows\system32\iftuyszv.exe.
  7. I dragged and dropped the bastard program into my desktop and renamed it to hopefully screwing up its next commands. Still can't delete it though since it and its being run and the task manager was still down.
  8. Restarted the computer (still in Safe Mode)
  9. Deleted iftuyszv.exe... well, what ever new name I gave it.
  10. The task manager was still down so you then "Run" regedit.exe (Windows-Run)
  11. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  12. Deleted the variable DisableTaskMgr
I restarted the computer and I was able to run things again. The only thing is that there still seemed to be a few extra items still stuck in the computer that slowed it down but with access to the Task Manager again, things are a bit easier to finish debugging and I can then use other programs that are slower but can maybe dig deeper and fully delete the damage.