Friday, September 10, 2010

YM Virus

In case you are not aware of the "IQ Virus" as I call it. Here;s what you need to know to avoid being attacked or being hacked by this malware. Basically, you will receive a greeting from a contact saying either "Hi" or "Hey" or "Hello". Once you reply, you will automatically get a message saying "I just took an IQ quiz here" blah blah. It really annoys me because in a few minutes of being online I receive as much as five messages. Whatever you do, Don't click on the link the malware might send you. To check if you're infected, do what I do. Ask a contact if they've been receiving the messages from you. If you are infected follow the instructions below.

Note: You might be infected without you knowing it.

There is a very bad virus attack on Yahoo Messenger where it will take control of your messenger and without your knowledge sends some messages with a website links which contains the virus, to your friends list..So within a few hours many of your friends will get infected with it.
It is one of the most powerful Trojan /virus I have ever seen.. (I don't know the actual target of the idiot who created it. May be to advertise his site or to steal very imp data from your computer. )
If you are infected with it what is going to happen? :
1: It sets your default IE page to, you can’t even change it back to other page. If you open IE from your comp some malicious code will automatically be executed into your computer.
2: It will disable the Task manager / reg edit. So you can’t kill the Trojan process anymore.

3: Files that are gonna be installed by this virus are svhost.exe , svhost32.exe , internat.exe.
you can find these files in windows/ & temp/ directories.
4: It will send the secured & protected information to attacker

How to remove this manually from your computer ?
1: Close the IE browser. Log out messenger / Remove Internet Cable.
2: To enable Regedit
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
3: To enable task manager : (To kill the process we need to enable task manager)
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

4: Now we need to change the default page of IE though regedit.
From the below locations in Regedit chage your default home page to or other.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main
Just replace the attacker site with or set it to blank page.

5: Now we need to kill the process from back end. Press Ctrl + Alt + Del
Kill the process svhost32.exe . ( may be more than one process is running.. check properly)
6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
7: Go to regedit search for svhost and delete all the results you get.
Start menu > Run > Regedit >
8: Restart the computer. That’s it now you are virus free.

1 comment:

  1. hey buddy! i'm glad i bumped to this blog entry! hahaha