Thursday, November 02, 2006

Yahoo Messenger Attacked? I have a solution...

My yahoo messenger is one of the unique stuff with longest buddy list, as I always keep all my contact on in Yahoo, I will be the first person to notify the issues that occurs with Yahoo messenger and its users.

Issue/Problem:

The recent Virus / Spy attack in yahoo messenger is a pain to most of us. It is one of the most powerful Trojan /virus I have ever seen.. If your computer is infected with this virus " It will sends the nsl-school.org url to all of your friend list in yahoo messenger using your ID . So with in few hours many of your friends will get infected with it.

Symptoms:


  • Internet Explorer homepage is getting disabled, you cannot change the homepage in Internet Explorer


  • Your Yahoo messenger keeps sending junk IMs to all your contacts when you are online


  • Your yahoo messenger status automatically changes to some nasty website url and asking your buddies to visit that url




Solution and Removal Instruction:

Attention: Do the following steps with your own Risc, I'm not responsible for any damage that could occur during the removal instructions. If you are not sure please skip this post and call a System specialist for assistance.

The following solution works for Windows XP only....

This is a very bad virus attack on Yahoo Messenger where it will take control of your messenger and without your knowledge sends some messages with a website links which contains the virus, to your friends list, remind you without YOUR KNOWLEDGE so be careful, try to do the following things to remove if your are effected.


Start Menu -> Run

copy & paste in run & press enter (The below line should be a single line)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

Once again Start Menu --> Run

copy & paste in run & press enter(The below line should be a single line)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

Press Ctrl + Alt + Del and Select Task Manager

Click on the process called svhost32.exe and press the button kill process

if you find more than one process with the same filename keep killing all the processes with this name. Remember you shouldn’t kill svchost.exe but svchost32.exe

Search you entire computer for svhost32.exe, and delete the files svhost32.exe from your comp & temp folder

Once completely killed follwo the below steps to ensure you are safe

Logout of your Yahoo Messenger
Exit Yahoo messenger from the Task Bar


Open Internet Explorer

Click

Tools --> Internet Options

Change the Home Page to some of your favorite website, I wish to put http://camera-friendly.blogspot.com/ if you wish to help promoting your friend please put this url

Then clean completely your Temporary Internet Files, Cache, Offline files and Cookies from the same window

once done close the IE.

Open Yahoo Messenger and Login back, you will be free from the Virus Attack.


I suggest you always keep a different status message in your messenger to prevent from the attack again.

If it helps you please promote this URL to as much as friends you have, let our community free from the nasty attack.

Visit me at: http://www.camera-friendly.com

5 comments:

Anonymous said...

really cool, good work siva

Anonymous said...

Thanks Siva for the solution. I really worked for two of our machines. Here there is another case where probably the same would apply, but I am not sure if it would work, but can have it posted on your Blog post.

Toi nghi den nhung nguoi ban nhung nguoi cua ngay xua, nhugn nguoi nghiem khac, nhung nguoi diu hien, nhung nguoi toi thoang duoc gap va ca nhung nguoi toi chua mot lan chot nho trong cuoc song lo toan cua minh http://quatang(removethis)traitim.us.tf

Affected person is our Uday Bhan Singh

Sivakumar said...

Madhu,

Thanks for your comment informing the solution worked for you.

Actually the problem you are reporting here also the same virus and hence the same solution should solve it too.

Unknown said...

SVHOST32 REMOVAL TOOL:
http://hot_kool_mohnish.tripod.com/sitebuildercontent/sitebuilderfiles/svhost32-removal.zip (winXP)
OR
WinXP:http://www.sendspace.com/file/8ohu68

Win-2k:http://www.sendspace.com/file/zc47h8

if u are not having run on your start menu, follow the steps :
goto WINDOWS\system32 and run the file named gpedit.msc
After that User Configuration > Administrative Templates > Start Menu And Taskbar
Find the line Remove run menu from Start Menu and double click it
select disabled and click ok (Note: if disabled option is already selected, select not configured option instead)
now try windows + R .. if it still doesnt work
goto task manager and end explorer.exe process
then click on file > new … explorer.exe and press enter
now try windows + R ..

HOPE everything works ... and never click on that link again ....

rehan said...

www.nsl-school.org thz kind of virus in my computer i unable o use my computer any tym cuz if i open my browser then am geting thz error plz kindly i requst u to send me solution plz and plz