Friday, September 10, 2010

YM Virus

In case you are not aware of the "IQ Virus" as I call it. Here;s what you need to know to avoid being attacked or being hacked by this malware. Basically, you will receive a greeting from a contact saying either "Hi" or "Hey" or "Hello". Once you reply, you will automatically get a message saying "I just took an IQ quiz here" blah blah. It really annoys me because in a few minutes of being online I receive as much as five messages. Whatever you do, Don't click on the link the malware might send you. To check if you're infected, do what I do. Ask a contact if they've been receiving the messages from you. If you are infected follow the instructions below.

Note: You might be infected without you knowing it.


Source:http://www.nackvision.com/talk/showthread.php?t=3837
There is a very bad virus attack on Yahoo Messenger where it will take control of your messenger and without your knowledge sends some messages with a website links which contains the virus, to your friends list..So within a few hours many of your friends will get infected with it.
It is one of the most powerful Trojan /virus I have ever seen.. (I don't know the actual target of the idiot who created it. May be to advertise his site or to steal very imp data from your computer. )
If you are infected with it what is going to happen? :
1: It sets your default IE page to nsl-school.org, you can’t even change it back to other page. If you open IE from your comp some malicious code will automatically be executed into your computer.
2: It will disable the Task manager / reg edit. So you can’t kill the Trojan process anymore.

3: Files that are gonna be installed by this virus are svhost.exe , svhost32.exe , internat.exe.
you can find these files in windows/ & temp/ directories.
4: It will send the secured & protected information to attacker

How to remove this manually from your computer ?
1: Close the IE browser. Log out messenger / Remove Internet Cable.
2: To enable Regedit
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
3: To enable task manager : (To kill the process we need to enable task manager)
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

4: Now we need to change the default page of IE though regedit.
Start>Run>Regedit
From the below locations in Regedit chage your default home page to google.com or other.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main
Just replace the attacker site with google.com or set it to blank page.

5: Now we need to kill the process from back end. Press Ctrl + Alt + Del
Kill the process svhost32.exe . ( may be more than one process is running.. check properly)
6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
7: Go to regedit search for svhost and delete all the results you get.
Start menu > Run > Regedit >
8: Restart the computer. That’s it now you are virus free.

1 comment:

  1. hey buddy! i'm glad i bumped to this blog entry! hahaha

    ReplyDelete