“resolved” New YaHoo! MeSseNger ViRus Attack!!
I tell u all by dis virus in my older post i found bout dat virus on 1 post in abhishek web..
..!!
so guy if u got fucked wd dis virus no problem let’s try 2 resolve by “registry game”
all u have 2 manupulate ur registry file..
follow:-
* 1: It sets your default IE/browser page to nsl-school.org, you can’t even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.
2: It will disables the Task manager / reg edit. So you can’t kill the Trojan process anymore.
3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe.
You can find these files in windows/ & temp/ directories.
4: It will sends the secured & protected information to attacker
How to remove this manually from your computer ?
1: Close the browser n Log out messenger / Remove Internet Cable.
2: To enable Regedit
Click Start, Run and type this command exactly as given below: (better – Copy and paste)
Quote:
REG add HKCUSoftwareMic*ftWindowsCurrentVersionPolici esSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f
3: To enable task manager : (To kill the process we need to enable task manager)
Click Start, Run and type this command exactly as given below: (better – Copy and paste)
Quote:
REG add HKCUSoftwareMic*ftWindowsCurrentVersionPolici esSystem /v DisableTaskMgr /t REG_DWORD /d 0 /f
4: Now we need to change the default page of IE though regedit.
Start>Run>Regedit
From the below locations in Regedit chage your default home page to google.com or other.
Quote:
HKEY_CURRENT_USERSOFTWAREMic*ftInternet ExplorerMain
HKEY_ LOCAL_MACHINESOFTWAREMic*ftInternet ExplorerMain
HKEY_USERSDefaultSoftwareMic*ftInternet ExplorerMain
Just replace the attacker site with google.com or set it to blank page.
5: Now we need to kill the process from back end. Press Ctrl + Alt + Del
Kill the process svhost32.exe . ( may be more than one process is running.. check properly)
6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
7: Go to regedit search for svhost and delete all the results you get.
Quote:
Start>Run>Regedit
8: Restart the computer. That’s it now you are virus free.
if u don’t wanna restart just open task-manager & delete explorer.exe process
go in file option of task manager n type C:/
click ok
hey now u r free from shit..
enjoy..!
source :-Drhack.net
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
April 29th, 2008 at 12:50 am
I have been chatting on YM but there some people bboted me with bunch of pm’s.is there a way or learning how to boot someone of the chatline?
November 23rd, 2009 at 12:52 pm
Which Abhishekweb.
Http://abhishekweb.in or http://abhishekwebin.blogspot.com
.-= Abhishek´s last blog ..Where is ‘Run’ in Windows Vista ? =-.
July 14th, 2010 at 5:28 am
hye,
i got the yahoo messenger virus in windows 7 os, and i tried several time ur steps on how to remove the virus/trojan, but it always fail to open the regedit. i thought this a new version of the ym virus…please help me.