Techno-tips

Yahoo Messenger user's beware,a virus infecting yahoo messenger is on the loose.Avoid clicking on suspicious links that friends might forward,it could be a virus.The virus is spreading fast.The virus sends links from a user's id to his friends,when their friends click on it they will get infected.Yahoo messenger being used by million's world over,thus helps virus spread faster.60 million yahoo user's are at risk.that doesn't mean you should panic.I have been receiving this links for about a month now,but luckily i dint open it.

If you are infected with it what is going to happen ?

1: It sets your default IE page to nsl-school.org, you can’t even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.

2: It will disables the Task manager / reg edit. So you can’t kill the Trojan process anymore.

3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe.

you can find these files in windows/ & temp/ directories.

4: It will sends the secured & protected information to attacker


The code for infecting virus is hidden in the html pages,and once you open it your pc will get infected.The virus is known as "nsl-school.org"it is because the url of the virus link ends with it.The virus can be avoided by ignoring all

• "nsl-school.org" links
• "myglobalnews.org"links
• "lottery-news.info" links
• "vnol.org"links
• "ie-protector.com"links

Watch out for these links when you login to your messenger,avoid clicking on them to be safe,because "PREVENTION IS BETTER THAN CURE",you will be receiving these links from your friends,but it is the virus that actually sends it to you.The link comes in the following ways as IM's

• Saying your friend has won a lottery
• "Damn she is so cute"along with link
• saying"Check this link for me"
• Asking to vote for a Vietnam beauty

REMOVING THE VIRUS
--------------------------------------------

1. Close the IE browser. Log out messenger / Remove Internet Cable.
2. enable Regedit
   
   Click Start, Run and type this command exactly as given below: (better - Copy and paste)
   
   REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
3. To enable task manager : (To kill the process we need to enable task manager)
   
   Click Start, Run and type this command exactly as given below: (better - Copy and paste)
   
   REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
4. Now we need to change the default page of IE though regedit.
   
   Start>Run>Regedit
   
   From the below locations in Regedit chage your default home page to google.com or other.
   
   HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
   
   HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
   
   HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main
   
   Just replace the attacker site with google.com or set it to blank page
5. Now we need to kill the process from back end. Press Ctrl + Alt + Del
   
   Kill the process svhost32.exe . ( may be more than one process is running.. check properly)
   
6. Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
7. Go to regedit search for svhost and delete all the results you get.
   
   
   Start menu > Run > Regedit >,
8. RESTART COMPUTER, NOW YOU ARE VIRUS FREE!!
   

The above tips worked for some people,Do it at your own risk.Be careful!!!
So watch out for the bug....
Add comments :D