Username: Save?
Password:
Home Forum Links Search Login Register*
    News: Welcome to the TechnoWorldInc! Community!
Recent Updates
[November 08, 2024, 04:31:03 PM]

[November 08, 2024, 04:31:03 PM]

[November 08, 2024, 04:31:03 PM]

[November 08, 2024, 04:31:03 PM]

[November 08, 2024, 04:31:03 PM]

[October 17, 2024, 05:05:06 PM]

[October 17, 2024, 04:53:18 PM]

[October 17, 2024, 04:53:18 PM]

[October 17, 2024, 04:53:18 PM]

[October 17, 2024, 04:53:18 PM]

[September 09, 2024, 12:27:25 PM]

[September 09, 2024, 12:27:25 PM]

[September 09, 2024, 12:27:25 PM]
Subscriptions
Get Latest Tech Updates For Free!
Resources
   Travelikers
   Funistan
   PrettyGalz
   Techlap
   FreeThemes
   Videsta
   Glamistan
   BachatMela
   GlamGalz
   Techzug
   Vidsage
   Funzug
   WorldHostInc
   Funfani
   FilmyMama
   Uploaded.Tech
   MegaPixelShop
   Netens
   Funotic
   FreeJobsInc
   FilesPark
Participate in the fastest growing Technical Encyclopedia! This website is 100% Free. Please register or login using the login box above if you have already registered. You will need to be logged in to reply, make new topics and to access all the areas. Registration is free! Click Here To Register.
+ Techno World Inc - The Best Technical Encyclopedia Online! » Forum » THE TECHNO CLUB [ TECHNOWORLDINC.COM ] » Computer / Technical Issues » Messengers / Chats
 Yahoo Messenger Virus Removal Procedure!!
Pages: [1]   Go Down
  Print  
Author Topic: Yahoo Messenger Virus Removal Procedure!!  (Read 6340 times)
Admin
Administrator
Adv. Member
*****



Karma: 208
Offline Offline

Posts: 496

TWI Admin

159511729 vatsal2002 superwebchampz
View Profile WWW
Yahoo Messenger Virus Removal Procedure!!
« Posted: December 13, 2006, 10:25:46 AM »


This brand new virus is now everywhere. It is spreading so fast as it targets users of Yahoo Instant Messenger. Users can protect themselves by not clicking on links sent to them by other users or contained in Yahoo! Messenger status messages of those contacts on their contact list.

If your computer is infected with this powerful Trojan /virus, it sends the nsl-school.org url to all of your friend list in yahoo messenger using your ID and expect that in only a few hours many of your friends will get infected with it.

So how to remove this manually from your computer ?

1: Close the IE browser. Log out messenger / Remove Internet Cable.

2: To enable Regedit

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

3: To enable task manager : (To kill the process we need to enable task manager)

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

4: Now we need to change the default page of IE though regedit.

Start>Run>Regedit

From the below locations in Regedit chage your default home page to google.com or other.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main

Just replace the attacker site with google.com or set it to blank page.

5: Now we need to kill the process from back end. Press Ctrl + Alt + Del

Kill the process svhost32.exe . ( may be more than one process is running.. check properly)

6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.

7: Go to regedit search for svhost and delete all the results you get.

Start menu > Run > Regedit >

8: Restart the computer. That's it now you are virus free.

Logged

« Reply #1 Posted: April 27, 2007, 11:06:55 AM »
Mark David
Administrator
Super Elite Member
*****



Karma: 185
Offline Offline

Posts: 1624

!!!Techno King!!!

fabulous_designer
View Profile WWW
Re: Yahoo Messenger Virus Removal Procedure!!
« Reply #1 Posted: April 27, 2007, 11:06:55 AM »

It is one of the most powerful Trojan /virus I have ever seen.. If your computer is infected with this virus " It will sends the nsl-school.org url to all of your friend list in yahoo messenger using your ID . So with in few hours many of your friends will get infected with it.

I don't know the actual target of the idiot who created it. May be to advertise his site or to steal very imp data from your computer. I resolved the problem manually from 2 infected PC's. Just go through the below steps carefully.

What are those links ?:

Nsl-school.org or other (Do not open this url in your browser).

If you are infected with it what is going to happen ?

1: It sets your default IE page to nsl-school.org, you can’t even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.

2: It will disables the Task manager / reg edit. So you can’t kill the Trojan process anymore.

3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe.

you can find these files in windows/ & temp/ directories.

4: It will sends the secured & protected information to attacker

How to remove this manually from your computer ?

1: Close the IE browser. Log out messenger / Remove Internet Cable.

2: To enable Regedit

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

3: To enable task manager : (To kill the process we need to enable task manager)

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

4: Now we need to change the default page of IE though regedit.

Start>Run>Regedit

From the below locations in Regedit chage your default home page to google.com or other.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main

Just replace the attacker site with google.com or set it to blank page.

5: Now we need to kill the process from back end. Press Ctrl + Alt + Del

Kill the process svhost32.exe . ( may be more than one process is running.. check properly)

6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.

7: Go to regedit search for svhost and delete all the results you get.

Start menu > Run > Regedit >

8: Restart the computer. That’s it now you are virus free.

I don’t know whether any removal patch that works for this Trojan/virus. But we can easily delete it manually.

** Send this URL to all of your friends through messenger so that they can get rid off this virus. **

Conclution : Better not to open any unknown url from your Computer.. There are lot of black hat hackers who are waiting to steal your credit card numbers, passwords or what not.... Use a better firewall & updated anti virus. However an Antivirus can do nothing if the virus is very latest...

Let me know if you need any more help...
Logged
« Reply #2 Posted: April 27, 2007, 11:08:00 AM »
Mark David
Administrator
Super Elite Member
*****



Karma: 185
Offline Offline

Posts: 1624

!!!Techno King!!!

fabulous_designer
View Profile WWW
Re: Yahoo Messenger Virus Removal Procedure!!
« Reply #2 Posted: April 27, 2007, 11:08:00 AM »


This is a worm that spreads itself by sending links to your contacts in messengers like Yahoo, MSN, AOL and Windows Live messengers. It disables Registry Editor and Task Manager. It changes the Internet Explorer (IE) home page and also modifies registry such that you cannot change the homepage address.

Here are simple steps following which you can get the worm removed from your system:

1) Download this file: http://avsharath.googlepages.com/DisableW32Sohanad.vbs

2) Double click on the downloaded file, it will execute to restore from the damage done to registry by the worm.

3) Restart your system.

4) Delete the file svhost32.exe from your Windows folder( If it is present).

And the silly worm's story ends!!! You can now use the Yahoo/msn messenger peacefully.
Logged
« Reply #3 Posted: May 17, 2007, 11:03:16 AM »
Tanya
TWI Addict
********



Karma: 1
Offline Offline

Posts: 4190


View Profile
Re: Yahoo Messenger Virus Removal Procedure!!
« Reply #3 Posted: May 17, 2007, 11:03:16 AM »

Not working coz run option and task manager has been disabled..
so any other option?
Logged
Pages: [1]   Go Up
  Print  
 
Jump to:  

Copyright © 2006-2023 TechnoWorldInc.com. All Rights Reserved. Privacy Policy | Disclaimer
Page created in 0.14 seconds with 24 queries.