Hypinit32.exe Thumb Drive virus

I got today at work a USB disk on key (a.k.a. thumb drive) transmitted virus. The moment i noticed it was the moment that McAfee VirusScan Enterprise noticed a Trojan on my machine at c:\Windows\System32\spfx\hypinit32.exe and was unable to delete it. sure he was unable! it was part of explorer…
Apearantlly this was a Trojan.Win32.Buzus.pov
This virus is nasty. it prevents you from changing the visability of system files so you cannot discover it. every time you select the option in explorer -> Tools -> Folder Options -> View -> Hidden files and folders -> Show hidden files and folders. it immediately returns it to Hide. so you can never shift delete the files and using some tool like Unlocker disassociating it from explorer.exe process.
The next visible thing was that Firefox started generating some high CPU cycles and spontaneously spored processes… that was strange and i have noticed that a split second before the new Firefox process started i had a hypinit32.exe process flashing in the Task Manager.
So how did i solve it you ask?
I had a trick up my sleeve… most of the places i went to asked to boot with safe mode and run this command
rmdir /s /q C:\WINDOWS\system32\spfx\
I tried that but the process was holding the files. so i started looking for ways to detangle it from the explorer process. one of them was using Unlocker. but that drew up nothing. then i even tried mounting the file system with winternals CD from our tech support but it was not working.
Tried using Spybot and windows malicious software remover but they didn’t cut the cheese. i even got some dodgy one to try and remove it but it was useless.
The solution sprung into my mind when i was reaching the end of the day. its a simple one open Start -> Run -> CMD and then using Task manager just terminate the explorer.exe process. after explorer is killed and the taskbar is gone try running the command in the CMD window you got open. this did the trick.
After all of that is done scan the registry with the hypinit32.exe as search parameter and delete all occurrences. this is been done like this Start -> Run -> regedit. then find and type hypinit32.exe and enter. the search window will disappear but the search has commenced until you hit the first item. press the Delete button and then the F3 this will continue searching from the point it stopped.
That was so simple and stupid that i felt ashamed and gone home for the day.
well it was 5PM any way and the train reported delays.
I hope you will not get this virus but if you do i hope i helped.

Comments

  1. Alexis says:

    OMG YOU’RE AMAZING! THANKS!

  2. Crystal says:

    Brilliant! Am in the midst of trying this out..

  3. How did it go?

Trackbacks

  1. […] Unbeatable Price. Sponsored by: http://www.buydirectoutlet.com • Found on Ads by Yahoo! Hypinit32.exe Thumb Drive virus | Yuval Ararat So how did i solve it you ask? … "Hypinit32.exe Thumb Drive virus" was published on […]

Speak Your Mind

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.