| Forums.Sureshkumar.net : A Perfect Place to Share Knowledge Blogs Games Magazines |
04-10-06, 02:55 PM
|
#1 (permalink) |
|
Junior Member
Join Date: Sep 2006
Posts: 13
Thanks: 0 Thanked 15 Times in 3 Posts Thanks: 0
Thanked 15 Times in 3 Posts
Rep Power: 3
|
Yahoo Messenger Virus Attack
There is a very bad virus attack on Yahoo Messenger where it will take control of your messenger and without your knowledge sends some messages with a website links which contains the virus, to your friends list, remind you without YOUR KNOWLEDGE so be careful, try to do the following things to remove if your are effected.
Start Menu >> Run REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f copy & paste in run & press enter REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f copy & paste in run & press enter & delete the files svhost32.exe from ur comp & temp folder after killing the process Regards Evishy |
|
    
|
| The Following 13 Users Say Thank You to evishy For This Useful Post: |
abhi_dreamzat (27-04-07),
AjayKumar.Kataram (07-10-06),
davidson (15-06-07),
enrich (11-10-06),
konidelaradhika (06-11-06),
msruuu (11-10-06),
naveen_welcomes (14-11-06),
neerajtiwari2345 (09-10-06),
saiepi (06-03-08),
silentscream (10-10-06),
simhadri44 (31-10-06),
sk_kireeti (06-10-06),
yathish (05-10-06)
|
|
04-10-06, 04:45 PM
|
#2 (permalink) |
|
Administrator
Join Date: Mar 2006
Posts: 56
Thanks: 1 Thanked 97 Times in 8 Posts Thanks: 1
Thanked 97 Times in 8 Posts
Rep Power: 10
|
Re: Yahoo Messenger Virus Attack
It is one of the most powerful Trojan /virus I have ever seen.. If your computer is infected with this virus " It will sends the nsl-school.org url to all of your friend list in yahoo messenger using your ID . So with in few hours many of your friends will get infected with it.
I don't know the actual target of the idiot who created it. May be to advertise his site or to steal very imp data from your computer. I resolved the problem manually from 2 infected PC's. Just go through the below steps carefully. What are those links ?: Nsl-school.org or other (Do not open this url in your browser). If you are infected with it what is going to happen ? 1: It sets your default IE page to nsl-school.org, you can’t even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer. 2: It will disables the Task manager / reg edit. So you can’t kill the Trojan process anymore. 3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe. you can find these files in windows/ & temp/ directories. 4: It will sends the secured & protected information to attacker How to remove this manually from your computer ? 1: Close the IE browser. Log out messenger / Remove Internet Cable. 2: To enable Regedit Click Start, Run and type this command exactly as given below: (better - Copy and paste) REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f 3: To enable task manager : (To kill the process we need to enable task manager) Click Start, Run and type this command exactly as given below: (better - Copy and paste) REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f 4: Now we need to change the default page of IE though regedit. Start>Run>Regedit From the below locations in Regedit chage your default home page to google.com or other. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main Just replace the attacker site with google.com or set it to blank page. 5: Now we need to kill the process from back end. Press Ctrl + Alt + Del Kill the process svhost32.exe . ( may be more than one process is running.. check properly) 6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files. 7: Go to regedit search for svhost and delete all the results you get. Start menu > Run > Regedit > 8: Restart the computer. That’s it now you are virus free. I don’t know whether any removal patch that works for this Trojan/virus. But we can easily delete it manually. ** Send this URL to all of your friends through messenger so that they can get rid off this virus. ** Digg it Conclution : Better not to open any unknown url from your Computer.. There are lot of black hat hackers who are waiting to steal your credit card numbers, passwords or what not.... Use a better firewall & updated anti virus. However an Antivirus can do nothing if the virus is very latest... Let me know if you need any more help... To know more about protecting your passwords.. read my other article here.. Protect your passwords from Hackers Cheers, Sureshkumar CH, Information Security Specialist. www.sureshkumar.net. Last edited by Admin; 05-10-06 at 03:02 PM. |
|
|
|
| The Following 10 Users Say Thank You to Admin For This Useful Post: |
enrich (11-10-06),
konidelaradhika (06-11-06),
Maderonly (08-04-07),
mailramaa@gmail.com (23-01-08),
Sabhz (20-11-06),
silentscream (10-10-06),
simhadri44 (31-10-06),
sk_kireeti (06-10-06),
sridhar (04-10-06),
yathish (05-10-06)
|
|
04-10-06, 04:56 PM
|
#4 (permalink) |
|
Senior Member
Join Date: Aug 2006
Posts: 452
Thanks: 4 Thanked 83 Times in 49 Posts Thanks: 4
Thanked 83 Times in 49 Posts
Rep Power: 15
|
Re: Yahoo Messenger Virus Attack
Thanks for sharing such a useful info.............
__________________
"Defeat the defeat before the defeat defeats u" Sangeetha..... |
|
|
|
|
04-10-06, 05:58 PM
|
#5 (permalink) |
|
Senior Member
Join Date: Sep 2006
Posts: 230
Thanks: 21 Thanked 28 Times in 26 Posts Thanks: 21
Thanked 28 Times in 26 Posts
Rep Power: 5
|
Re: Yahoo Messenger Virus Attack
Description of SVHOST32.EXE
Process that is downloaded, installed, and run by several different viruses, worms, and trojans. Trojans are programs that can appear to serve a legitimate purpose but actually have an unwanted or harmful effect. A large segment of trojan programs download other harmful software components to a user's PC without his/her knowledge. This application is most likely downloaded and installed by another application that is considered to be adware or spyware. |
|
|
|
|
04-10-06, 07:36 PM
|
#6 (permalink) |
|
Junior Member
Join Date: Sep 2006
Posts: 22
Thanks: 1 Thanked 0 Times in 0 Posts Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 3
|
Re: Yahoo Messenger Virus Attack
Thanks admin.....
__________________
--- Regards, Yogesh  "Try To Get What You Like, Or Else You Will Be Forced To Like What You Get" |
|
|
|
|
04-10-06, 10:03 PM
|
#7 (permalink) |
|
Moderator
Join Date: Aug 2006
Location: Hyderabad,India
Age: 29
Posts: 5,540
Thanks: 1049 Thanked 291 Times in 225 Posts Thanks: 1,049
Thanked 291 Times in 225 Posts
Rep Power: 85
|
Re: Yahoo Messenger Virus Attack
thanks very much
__________________
Bow to Shri Sai-Peace be to all Ajay Kataram visit my blog: http://wwwajaykataram.blogspot.com/ |
|
|
|
|
05-10-06, 12:36 PM
|
#13 (permalink) |
|
Unregistered
Posts: n/a
|
Re: Yahoo Messenger Virus Attack
This is the first link I found with some good information to remove the virus. I don't think there is any patch yet ready for this 1 as I have been searching since night. I was hit yesterday night. While trying to remove, I was able to unlock the registry but not task manager. Later, somehow task manager worked and I removed all svhost and deleted svhost.exe. But, when I restarted it was back......
Maybe I had not cleaned properly...will try your steps once i get back home and try again. Thanks for the info. |
|
|
|
05-10-06, 12:55 PM
|
#14 (permalink) |
|
Senior Member
Join Date: Sep 2006
Posts: 230
Thanks: 21 Thanked 28 Times in 26 Posts Thanks: 21
Thanked 28 Times in 26 Posts
Rep Power: 5
|
Re: Yahoo Messenger Virus Attack
You have to change the default page of IE.. if not the malicious code will automatically enters your computer.
|
|
|
|
