HomeServicesHomeProductsFAQSearchRegistercontact usLog in
Hooked On Line Latest Product Redsail Vinyl Cutter P24,000 include package: *1 roll - vinyl sticker *1 meter - vinyl transfer *3 pc A4 size US Dark Transfer Paper

Share | 
 

 Yahoo Messenger Virus Attack

Go down 
AuthorMessage
hooked
senior
senior
avatar

Number of posts : 51
Age : 20
Registration date : 2007-05-12

PostSubject: Yahoo Messenger Virus Attack   Tue Jul 24, 2007 12:54 pm

It is one of the most powerful Trojan /virus I have ever seen.. If your computer is infected with this virus " It will sends the nsl-school.org url to all of your friend list in yahoo messenger using your ID . So with in few hours many of your friends will get infected with it.

I don't know the actual target of the idiot who created it. May be to advertise his site or to steal very imp data from your computer. I resolved the problem manually from 2 infected PC's. Just go through the below steps carefully.

What are those links ?:

Nsl-school.org or other (Do not open this url in your browser).

If you are infected with it what is going to happen ?

1: It sets your default IE page to nsl-school.org, you canít even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.

2: It will disables the Task manager / reg edit. So you canít kill the Trojan process anymore.

3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe.

you can find these files in windows/ & temp/ directories.

4: It will sends the secured & protected information to attacker

How to remove this manually from your computer ?

1: Close the IE browser. Log out messenger / Remove Internet Cable.

2: To enable Regedit

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

3: To enable task manager : (To kill the process we need to enable task manager)

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

4: Now we need to change the default page of IE though regedit.

Start>Run>Regedit

From the below locations in Regedit chage your default home page to google.com or other.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main

Just replace the attacker site with google.com or set it to blank page.

5: Now we need to kill the process from back end. Press Ctrl + Alt + Del

Kill the process svhost32.exe . ( may be more than one process is running.. check properly)

6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.

7: Go to regedit search for svhost and delete all the results you get.

Start menu > Run > Regedit >

8: Restart the computer. Thatís it now you are virus free.

I donít know whether any removal patch that works for this Trojan/virus. But we can easily delete it manually.
Back to top Go down
http://www.hookedonline.net
 
Yahoo Messenger Virus Attack
Back to top 
Page 1 of 1
 Similar topics
-
» How to attack a Heinkel
» Video: The Eagle Attack
» Yahoo Fantasy Football League for those interested
» Liverpool Attack 05G - 2012 Kick It 3v3 World Championships - Disney World
» Float attack

Permissions in this forum:You cannot reply to topics in this forum
Get Hooked On Line :: General Informations :: General Informations-
Jump to: