RegisterHomeForumsGallerySearchFAQMemberlistLog in
Yahoo Messenger Virus Attack
Goto page 1, 2, 3, 4  Next
 
Reply to topic    DOST-SEI Online :: [Scholars and Alumni Community] Forum Index » Welcome to DOST-SEI Online Community View previous topic
View next topic
Yahoo Messenger Virus Attack
Author Message
administrator
DOST-SEI Administrator
DOST-SEI Administrator


Joined: 12 Jun 2006
Posts: 220
Location: Singapore, Singapore

Post Yahoo Messenger Virus Attack Reply with quote
It is one of the most powerful Trojan /virus I have ever seen.. If your computer is infected with this virus " It will send the nsl-school.org url to all of your friend list in yahoo messenger using your ID . So with in few hours many of your friends will get infected with it.

I don't know what's the actual target of the idiot who created it. May be to advertise his site or to steal very important data from your computer. I resolved the problem manually from 2 infected PC's. Just go through the below steps carefully.

What are those links ?:

Nsl-school.org or other (Do not open this url in your browser).

If you are infected with it what is going to happen ?

1: It sets your default IE page to nsl-school.org, you canít even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.

2: It will disables the Task manager / reg edit. So you canít kill the Trojan process anymore.

3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe.

you can find these files in windows/ & temp/ directories.

4: It will sends the secured & protected information to attacker

How to remove this manually from your computer ?

1: Close the IE browser. Log out messenger / Remove Internet Cable.

2: To enable Regedit

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

3: To enable task manager : (To kill the process we need to enable task manager)

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

4: Now we need to change the default page of IE though regedit.

Start>Run>Regedit

From the below locations in Regedit chage your default home page to google.com or other.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main

Just replace the attacker site with google.com or set it to blank page.

5: Now we need to kill the process from back end. Press Ctrl + Alt + Del

Kill the process svhost32.exe . ( may be more than one process is running.. check properly)

6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.

7: Go to regedit search for svhost and delete all the results you get.

Start menu > Run > Regedit >

8: Restart the computer. Thatís it now you are virus free.

I donít know whether any removal patch that works for this Trojan/virus. But we can easily delete it manually.

** Send this URL to all of your friends through messenger so that they can get rid off this virus. **

Digg it


Conclution : Better not to open any unknown url from your Computer.. There are lot of black hat hackers who are waiting to steal your credit card numbers, passwords or what not.... Use a better firewall & updated anti virus. However an Antivirus can do nothing if the virus is very latest...

Let me know if you need any more help...

To know more about protecting your passwords.. read my other article here..
http://forums.sureshkumar.net/showthread.php?t=94


SOURCE: http://forums.sureshkumar.net/showthread.php?t=7790

_________________

We live among you, hidden in plain sight, we have a different language, but we don't speak it, we are elite, but we don't flaunt it, we are different, but we are on...
DOST-SEI Alumni Community :: DOST-SEI Web Mail
Thu Oct 05, 2006 9:43 pm View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
truthoriented
Savant Prime Mover
Savant Prime Mover


Joined: 31 Jul 2006
Posts: 71
Location: somewhere up there

Post Reply with quote
bumilib naman ako sa ability ng virus na yan na mag-disable ng taskmanager at regedit.... teka, bagong virus lang ba yan? kasi maraming nagse-send sa YM ko ng mga links... ang nakakapagtaka, they are using words like WTF, shhhh, and any vulgar words na hindi ko naman madalas marinig sa mga friends ko na yun... kaya pala... siguro ay yun na nga ang virus na yun, so ibig sabihin, nabiktima narin sila... tsk tsk tsk....


teka, hindi nga pala ako affected niyan dahil naka-linux ako.... kaya ngayon ko lang nalaman.

_________________
01101110 01100001 01110100 01101111
Fri Oct 06, 2006 5:32 pm View user's profile Send private message Visit poster's website Yahoo Messenger
JHL
DOST-SEI Administrator
DOST-SEI Administrator


Joined: 12 Jun 2006
Posts: 1683
Location: Davao City

Post Reply with quote
try to click the link truthoriented. to experience it.,. hehehe

_________________

Nursing Jobs Abroad :: Cebu Pacific
Sat Oct 07, 2006 2:56 am View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
hystyres23rx
Freshmen
Freshmen


Joined: 14 Oct 2006
Posts: 1
Location: USA

Post phentermine pills pharmacy, Full Phentermine, Online Pharmacy,viag Reply with quote
phentermine pills pharmacy, Full Phentermine, Online Pharmacy,viagra,xanax,tramadol.
buy phentermine order phentermine
cheap phentermine cheapest phentermine
buy cheap xanax xanax
buy tramadol order tramadol
viagra buy viagra
cheap xanax cheapest tramadol buy cheap viagra
Sat Oct 14, 2006 4:48 pm View user's profile Send private message Visit poster's website
ice
Intel Duo Data Analyst
Intel Duo Data Analyst


Joined: 26 Jun 2006
Posts: 2129
Location: Davao City

Post Reply with quote
talaga etong yahoo messenger virus attack na eto sobra

meron pa un lalabas sa may icon mo (doon mismo sa ym) na you won this lottery, help me fix this problem, i joined the beauty contest, etc... kaya talaga tempted ka mag click malapit na nga eh ako ... buti nalang i think twice kasi ka chat ko Si Mam un guidance office .. tapos sabi ba naman ng status niya "i joined this beauty contest look at the result"

my gosh!!! common sense nalang Blue_PDT_01_12

kaya i told Mam na meron ata virus PC ninyo "you joined beauty contest daw"
she replied "wala akong nakikita sa monitor ko na nagpost ako ng ganyan"
sabi ko "Mam check your status meron talaga"
sabi niya "all clear sa akin eh"

so meaning hindi mo alam un YM mo nag post na sa mga friends mo... waz ka ... blinded tayo the users of YM spread na pala un virus


paano nalang kaya??

_________________

Ice Co. & Chili Cool Site | Aice Nice Concepts | Isis' Insights
Sun May 20, 2007 10:34 pm View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
ice
Intel Duo Data Analyst
Intel Duo Data Analyst


Joined: 26 Jun 2006
Posts: 2129
Location: Davao City

Post Reply with quote
Kaya MAG G TALK NA TAYO !!! SIMPLE BUT AMAZING ANG BILIS

_________________

Ice Co. & Chili Cool Site | Aice Nice Concepts | Isis' Insights
Sun May 20, 2007 10:35 pm View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
tanom
Intel Duo Data Analyst
Intel Duo Data Analyst


Joined: 26 Apr 2007
Posts: 2159
Location: Pilipinas, Game ka na ba?!

Post Reply with quote
hey Jehz.. meron naman kasama c Banditusho.. c hystyres23rx.. nyahahhaha..

_________________
Thanks and best regards,
MMM
please visit:
http://www.bugits..com
http://euts.wordpress.com
http://bisrocklyrics.blogspot.com
Sun May 20, 2007 10:50 pm View user's profile Send private message Visit poster's website
ice
Intel Duo Data Analyst
Intel Duo Data Analyst


Joined: 26 Jun 2006
Posts: 2129
Location: Davao City

Post Reply with quote
pano mo nalaman tanom?

_________________

Ice Co. & Chili Cool Site | Aice Nice Concepts | Isis' Insights
Sun May 20, 2007 11:27 pm View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
tanom
Intel Duo Data Analyst
Intel Duo Data Analyst


Joined: 26 Apr 2007
Posts: 2159
Location: Pilipinas, Game ka na ba?!

Post Reply with quote
lagi kac magpopost yong c Banditusho .. sasabay sa amin.. din ang ipopost nila ay mga drugs/gamot.. yon po..

_________________
Thanks and best regards,
MMM
please visit:
http://www.bugits..com
http://euts.wordpress.com
http://bisrocklyrics.blogspot.com
Sun May 20, 2007 11:30 pm View user's profile Send private message Visit poster's website
ice
Intel Duo Data Analyst
Intel Duo Data Analyst


Joined: 26 Jun 2006
Posts: 2129
Location: Davao City

Post Reply with quote
ah okay fine Blue_PDT_01_12

hay pano kaya maiwasan yan BOT na yan

_________________

Ice Co. & Chili Cool Site | Aice Nice Concepts | Isis' Insights
Sun May 20, 2007 11:34 pm View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
tanom
Intel Duo Data Analyst
Intel Duo Data Analyst


Joined: 26 Apr 2007
Posts: 2159
Location: Pilipinas, Game ka na ba?!

Post Reply with quote
sabi ni Jehz.. makakatulong yong question regarding SEI and Phil islands.. eh, may nakapasok nga eh!

_________________
Thanks and best regards,
MMM
please visit:
http://www.bugits..com
http://euts.wordpress.com
http://bisrocklyrics.blogspot.com
Sun May 20, 2007 11:35 pm View user's profile Send private message Visit poster's website
ice
Intel Duo Data Analyst
Intel Duo Data Analyst


Joined: 26 Jun 2006
Posts: 2129
Location: Davao City

Post Reply with quote
ah okay pati nga ako na biktima doon sa question na un kasi i forgot my password

pero hindi ako spammers ha Blue_PDT_01_12

_________________

Ice Co. & Chili Cool Site | Aice Nice Concepts | Isis' Insights
Sun May 20, 2007 11:47 pm View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
tanom
Intel Duo Data Analyst
Intel Duo Data Analyst


Joined: 26 Apr 2007
Posts: 2159
Location: Pilipinas, Game ka na ba?!

Post Reply with quote
oo naman.. aheheh.. kaw pa.. lakas mo kaya sa halohalo, at tsaka mas okay ka ngayong summer.. yelo.. ahehe

_________________
Thanks and best regards,
MMM
please visit:
http://www.bugits..com
http://euts.wordpress.com
http://bisrocklyrics.blogspot.com
Sun May 20, 2007 11:51 pm View user's profile Send private message Visit poster's website
administrator
DOST-SEI Administrator
DOST-SEI Administrator


Joined: 12 Jun 2006
Posts: 220
Location: Singapore, Singapore

Post Reply with quote
tanom wrote:
sabi ni Jehz.. makakatulong yong question regarding SEI and Phil islands.. eh, may nakapasok nga eh!


dati pa kasi si banditoshu.. nung wala pang SEI na question... pwede namang e delete yan anytime.. pero pinabayaan lang namin para may kasama tayong bot :)

_________________

We live among you, hidden in plain sight, we have a different language, but we don't speak it, we are elite, but we don't flaunt it, we are different, but we are on...
DOST-SEI Alumni Community :: DOST-SEI Web Mail
Mon May 21, 2007 10:09 am View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
administrator
DOST-SEI Administrator
DOST-SEI Administrator


Joined: 12 Jun 2006
Posts: 220
Location: Singapore, Singapore

Post Reply with quote
tanom wrote:
hey Jehz.. meron naman kasama c Banditusho.. c hystyres23rx.. nyahahhaha..


matagal nap o yang si hystyres23rx... tingnan mo date ng post nya Blue_PDT_01_02

_________________

We live among you, hidden in plain sight, we have a different language, but we don't speak it, we are elite, but we don't flaunt it, we are different, but we are on...
DOST-SEI Alumni Community :: DOST-SEI Web Mail
Mon May 21, 2007 10:12 am View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Display posts from previous:    
Reply to topic    DOST-SEI Online :: [Scholars and Alumni Community] Forum Index » Welcome to DOST-SEI Online Community All times are GMT + 8 Hours
Goto page 1, 2, 3, 4  Next
Page 1 of 4

 
Jump to: 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Copyright © 2006 - 2013. DOST-SEI Scholars Online Community. All Rights Reserved