India dot Mv: Get rid off U.Z.A Operating System and DrAntispy!!
What is U.Z.A Operating system? I googled it but unfortunate to return without anticipated results. is it a Trojan horse sypware? no idea. But it certainly had hijacked my office computer. during system start up, instead of windows XP , U.Z.A OPERATIVE SYSTEM, please wait, loading real time engine and OS were appeared (pic two) on the monitor with the black background.
The desktop remained (pic one) black with letters U.Z.A OPERATING SYSTEM. U.Z.A O/S was written near the clock in the desktop.
Internet Explorer was not responding to open and while closing the window annoying command aCD appeared. You have to click on it to close the IE.
DrAntispy was the first infected this computer. it was successfully removed with NoAdware by scaning, rebooting and scanning. Then we ran symantec but U.Z.A O/S was still there.
So we ran SmitfraudFix , which could fix the screen saver and internet connection but was unable to access few activeX image files in windows system32. If any one could tell me in layman’s term how to change U.Z.A operating system, without formatting the system, that would help me understand this problem. thanks in advance.
UPDATE; 1
Finally the solution for this problem is here. I wish I could have given it with more details. But I managed with the available time, so let me know if you have any difficulties in removing USA O/S to my mail arumugamks@gmail.com
1) go to Start –> Run and type Regedit
2) go to HKEY_CURRENT_CONFIG>software>microsoft>windows>currentversion>Internet Settings
3) Delete all hives under system, but default (FOLLOW THE PICTURE BELOW(3,4) IF YOU HAVE DOUBT). Do not close this registry editor.
4) To change UZA O/S near system clock, go to HKEY_CURRENT_USERControl PanelInternational. (FOLLOW THE PICTURE 5 DEMO)
5) go to the sTimeFormat and right click on it. Press Modify button. In the Edit String window, find Value date. there selecte UZA O/S and delete it and press OK button. Close the Registry Editor.
6) Press CTRL+ALT+DEL and go to the process tab
7) Look for uos.exe under the image name, and select it.
Press DEL to kill this file. If it give warning, press yes.
9) now open My Computer
10) In the address bar, type C:WindowsSystem and press enter.
11) Delete uos.exe file here. 
12) To change boot logo, press WINDOS+PAUSE BREAK from the keyboard or go to system properties from CONTROL PANEL.
13) Select the Advance tab
14) Under the Startup and Recovery, go to the Settings and press Edit button
15) You will get something like this
[boot loader] timerout=30 default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)WINDOWS=’’Microsoft Windows XP Professional’’/noexecute=option/fastdetect
Here delete anything comes after fastdetect
16) Reboot/Restart the system
17)Change the desktop picture as you do.
UPDATE:2
1. If you find nothing under registry key CURRENT VERSION except default(check the pic 3 and 4), do not panic, your registry key is default without attack. Even after deleting this registry, if you find difficult in getting back your task bar, download SmitfraudFix here.
2. Run the SmitfraudFix. double-click smitfraudfix.cmd Select option #2 – Clean by typing 2 and press “Enter” to delete infected files.
You will be prompted : “Registry cleaning – do you want to clean the registry ?”; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.
Running option #2 on a infected computer will remove your annoying uza Desktop background. Even if annoying background appears, need not worry, but you should have access to the task manager. Untill you get access into task manager, run the option #2 mutiple of times. once taskmanager is open, follow the the steps 6, 7, 8 from first update to delete the process application uos.exe. and rest of the steps as well.
From steps 4 and 5, there will not be any problem in fixing it.
Note: Running SmitfraudFix for the opten #2 in safe mode is recommended. But in this case, it may not be possible. so run it in normal mode.
After fixing all registry and once you have restarted the system, try to run SmitfraudFix in option #2 for last time. By this time, you should have got your system back without any trace.
For preventing recurrent infection, download Flash Disinfector here.
1. the virus My_Personal_Data affected pen drive or ipod could be inserted in the system. After plugging in the pen drive, just right click on your pendrive in my Computer before opening it. You can see My Personal Data instead of Open button (Check the pic below). it won’t open mostly (but explore would do) and it would ask you to choose, which program to open. just go to next step without opening pendrive (most of the antivirus scan never detects it).
2. Run flash disinfector by clicking on it. it might ask you to plug in your pen drive. so give ok to it as the pen drive is already plugged.
3. Wait for sometime, once the pendrive is cleaned, done button might appear. so press done button.
Now your pen drive must be free of My_Personal_Data, so you can open it. As no antiviurs or antispyware is cabable of finding this virus, there are chances even after this, you might find My_personal_Data in the pen drive, if so by selecting it, delete it manually. Careful NOT TO open this particular file.
I don’t have knowledge on the better spyware and antivirus for this problem, but you could try NoAdware or Spybot SD and Avast antivirus.
Regarding abnormally(??) increased uploading speed(read anonymous’ comment in this post), I have no clue. If you try to prevent recurrence using all these stuffs, I don’t think you need to get scared on it. UPDATE: 3 The software supposed to do all the above steps to get rid off annoying UZA O/S were among us for sometime now and I suggest you to download UOS.EXE eliminator here it and try your luck. Friends were satisfied in removing UZA O/S using this tool and you could visit Cyryx’s blog for comments etc. 
India dot Mv: Get rid off U.Z.A Operating System and DrAntispy!!
© Copyright © penmighty.com . All Rights Reserved. contact@penmighty.com Entries (RSS)