U.Z.A O/S Eliminator

I was infected by UZA O/S and my Antivirus Software could not detect it. It does nasty things like changing your wallpaper, disabling Taskmanager and Disabling Properties tabs.
UZA OSAfter analyzing the activity of the U.Z.A O/S on my computer I wrote a little utility to help you remove this virus/trojan or whatever it is. Get the utility from here.. It works on Windows XP. I don't have time to write more.. Let me know of any issues. It worked for me somehow! Cheers!

Update: The Link is Fixed now!
Make sure that you disinfect all your thumb drives. This trojan spreads through removable media. As soon as you connect an infected removable media to a PC, It'll get infected.. Therefore its important that you disinfect all the thumb drives/ removable media that is used with the PCs in your office/home. If the thumb drive has an application called 'My_personal_data' which looks like a folder (its icon is the same as a default folder icon in XP), then the pen drive/removable media is infected.

53 comments:

Anonymous said...

I just tried your link to remove UZA O/S... but somehow ur link is not working...

Shaamil said...

Sorry! Mistakenly I put the private link there because I was in a hurry. Try to download it now. Cheers!

Anonymous said...

Thank You.Shaamil... I tried your UZA_ eliminator. and it worked like easy. Thanks man. I am a IT student and am curious on how you built UZA o/s eliminator. If this is not against your policy can you give me some pointers as to how this tool came to life. You can reach me at shamoon@takaful.mv . also if you post it to this site it will be ok. cause i will be checking this site for any updates.

THANK YOU

Shamoon

Anonymous said...

thank u

Shaamil said...

hey shamoon,
Building it is easy though you may need to analyze the activities of the virus/Trojan under a virtual environment first to avoid any damages to your computer. Gather in depth information about its activities using a registry monitor and a file monitor. Then you can use any programming language or scripting utility or even a DOS batch file to undo the changes it made and delete its files.
Have a good day!

Anonymous said...

my pc also inffected with uza o/s. i googled for that and saw some discussions abt the virus/trojen or what ever it is. i have done what ever they said abt removing that bitch. but after doing all those things, once i restart the system, it is still there.

Anonymous said...

hey thanks for it n i apriciate of this.. it works n i am happy of this once again thanks

Shaamil said...

No problem guys, I appreciate your support. Thank you too. :)

Anonymous said...

Hey Shaamil u r the best. way to go man. i also apriciate ur help. thanks and keep it up. =Naash=

Anonymous said...

thank u thank u and more thank u..
ur the greatest.

Jeni said...

Shaamil... Hats off to you... Ur program cleaned my infected pen drive. But while i click scan button from ur program..no reaction....No results....??!! Anyway, my problem is solved.

I was suffering with my 12 office computers with UZA problem... Thaks a lot... So cute.!

Anonymous said...

thankx a lot man. good to know maldivians are getting to be script writers for such things. hehe, maybe one day u will get to open a symantec branch in maldives. or whichever. hehe

Abdul Kader Anwar said...

Hai Shaamil
This is Anwar. Still i didnt check ur sw. Just i want to is if we delete the file and if restart means it will be in th regisrty r in someotherplace. I think UOS.exe is not the source. if we delete also it will automatically generate next time rebooted. Is it possible to open the exe file using sofwares.

Anonymous said...

hey shaamil, thank you so much.. you save my day. the black desktop turned my day gloomy. now that you have cheered everyone of us up:) heart felt thank you*

Shaamil said...

Abdul Kader Anwar,
You can use a hex editor to open any file including applications.. And resource hacker is also a useful application if you want to see what's inside the executable.

Cheers everyone. :)

Shahid Ali Mahir said...

Hi shaamil, When your progrum is run the scan button remains greyed out... could you please help,

Anonymous said...

hello.. thanks for this great util.

I was able to eliminate it from one account.. but when i loged on to the other account and tried it., the scan button is grayed out.. is there a way to remove it from this account as well.. thanks

Shaamil said...

Shahid, anonymous,
If the scan button is grayed out that means the trojan is not present in memory (not currently running). If you have problems removing from other accounts try this modified version. I am not aware if there are other versions of this trojan. This trojan spreads through removable media such as thumb drives..

Anonymous said...

you are awesome shaamil.. this new one worked for me.. clock at the bottom looks fine and all.. however now i can press scan the next time after a reboot.. does this mean the virus is still present??
thanks again

Shaamil said...

When you scan with the utility from any account with sufficient rights the u.z.a O/S is eliminated from the whole system. But since this is a quick utility it isn't dynamic. It undoes all the changes done to the system for the account in which the utility is run. In the modified version which I linked in the comment, the scan button is not disabled even if the utility could not find u.z.a O/S in memory. In the original version the scan button will be disabled if it could not find u.z.a O/S in memory. That's the only difference.

Anonymous said...

thank your your UZA_ eliminator works like a charm.

Shahid Ali Mahir said...

Thanks shhamil! IT works fine now.... It leaves a green screen after scan is run and the virus ges cleared. One thing i noticed that after tha even after plugging in an infected pendrive, when it is double clicked the system gets the virus in the memory: the uos.exe file in the system directory and also the in the taskmanager it is running , also the visloader is also there but it never affects the system, the wallpaper never changes to the the horrible black scree... Has it devoloped an immunity to the virus I mean with you tool remaining as a TSR.... also I wonder if you would care to tell me from in an infected system from which folder does the virus actually load itself during the startup...I mean the UOS.exe in the taskmanager thanks ...hoping to get an answer from you...as i am too inquisitive

Shaamil said...

hello Shahid,
UZA_Eliminator tool does not remain resident in memory nor it leaves any traces in registry. If uos.exe is running then you are infected.. Its a common behavior among trojans and viruses that they doesn't do anything bad for sometime. The payload is activated by a trigger, sometimes it is the number of infections or a specified date etc.. Eliminate the trojan as soon as possible. Most trojans load from the registry. Some of them attach themselves to executables, so that whenever you run the infected executable the malicious code is also executed.
Have a good day.

Shahid Ali Mahir said...

Thanks for the info. shaamil, Will do that. Thats great work form you.

Anonymous said...

thnx dude

Anonymous said...

Cheeers! This is a Great and Useful Work shaamil, you have great programing skills..( I still cant understand a reason why this crazy Douche Bag who created this U.Z.A didnt try to make his own OS, instead of pretending to brand something else which he didnt and cause others trouble. Lamer!! )

Anonymous said...

:) thanks a lot. you´re a whiz.

Anonymous said...

The virus is a malware..its hard for scanners to find them and normally the removing tools are made by the one that actualy created the malware..since they cant take the credit for the malware infecting your pc they go around making a cleaner to take the credit :) my bet is that our little friend Shaamil is the author of this malicious code..

Anonymous said...

Hey dude.

i used the cool utility u created to eliminate UZA O/S, but after 2 days my comp is dead. Yeah, i mean dead
- can't start/boot
- can't use "Safemode"
- cant use Recovery Consol
- cant re-install XP or formatt

whats wrong with my pc!!! Any useful comment is well appriciated.

Anonymous said...

Dear Shaamil
My system was infected with U.Z.A operating system virus. Your tool has worked fine and I got rid of that virus. Thank you very much. I was going mad and searching all over the web to find iout the solution and thank God I found your blog.
hmusthaq@dhivehinet.net.mv

Anonymous said...

Awesome tool, Shaamil! removed the UZA o/s from my comp in a jifty. Really appreciate your help, thanks a million!

Anyway I've found the My_personal_data folder that contains the virus on my removable disk. But how do I remove it?

Thanks again!

Anonymous said...

My_personal_data just delete that don't double click it

Anonymous said...

thanks man

Anonymous said...

Hey thank you !!!

Anonymous said...

may b this guy is spreading a trojan saying it will remove the infection.

Anonymous said...

Thanks Shammil....... U had solve my problem. I apperiate it. today i can sleep tight without any worry. U the best.

stranger said...

hey blogmate...realliii thanks loads for dis!!!
u solve my biggest problem here..
thanks
ur helpin soo many ppl dis way its soo nice of u
:D thanks a whole bunch again!!

Anonymous said...

hey buddy thnx .. this elkimator workd on my pc u've done a great job dude. tc

Anonymous said...

Is there anything else I need to do after running the eliminator tool? Such as reinstalling anti-virus software, etc?

Anonymous said...

hey shamil ur great!!!thanks sooooooo much....btw is shiu ur gf?? -9009-

Anonymous said...

hey i used ur eliminator & i thot everythin was fine until 2day i tried to open the taskmanager i never tried it until today after i used eliminator.. i cant open taskmanager it closes wen its open.. even the regedit... so wot might b the probe.. is it some other virus??.. can u pls help :S

Unknown said...

Thank You.Shaamil... I tried your UZA_ eliminator. and it worked like easy. Thanks man. You can reach me at zakiooluct@yahoo. i will be checking this site for any updates.

THANK YOU
zaki

Anonymous said...

Hi SHAAMIL...Thanks for your great...killer program.....It's help me much more...

Anonymous said...

thanks a lot, you're a life saver

Anonymous said...

YOU'RE A GENIUS SHAAMIL... KEEP LIVING... THE'LL BE MORE FROM WHERE IT CAME FROM... THANX DUDE.

Anonymous said...

Shaamil, thanks for your innovation. I have been suffering from seeing UZA on my desktop for so long. My usb got infected. My colleagues' laptops got infected. Now the nasty thing is removed. Anyway, don't tell me you created UZA.

Anonymous said...

Hey man,
Thanks so much for coming up with the program and methods to remove it.

Anonymous said...

Thank you so much.^.^

dream said...

Thank You.Shaamil

Anonymous said...

hi i was not able toremove this UZA virus pls help me,i've got UZA Eliminator but "scan" button is grey in color,so what can i do?

Anonymous said...

Pls help! why i cannot link to the uza eliminator? HOw can i get the uza eliminator?

Anonymous said...

hi shaamil
your link still didnt work for me.
how? can u help me?
thanks.

Anonymous said...

hey friends.. here is the mirro of that tool

http://axenith.info/WP/wp-content/uploads/2007/10/uza_eliminator_x2.exe

thanx to shaamil.

Post a Comment

Do you have an opinion? Feel free to express your views!