Yahoo Messenger Virus Attack

It is one of the most powerful Trojan /virus I have ever seen… While I was working, one of my friends PMd me and gave me a link http://www.nsl-school.org [Please don’t click this link] If your computer is infected with this virus ” It will send the nsl-school.org url to all of your friend list in yahoo messenger using your ID . So with in few hours many of your friends will get infected with it.

I don’t know what’s the actual target of the idiot who created it. May be to advertise his site or to steal very imp data from your computer. I resolved the problem manually from 2 infected PC’s. Just go through the below steps carefully.

What are those links ?:

Nsl-school.org or other (Do not open this url in your browser).

If you are infected with it what is going to happen ?

1: It sets your default IE page to nsl-school.org, you can’t even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.

2: It will disables the Task manager / reg edit. So you can’t kill the Trojan process anymore.

3: Files that are gonna be installed by this virus are svhost.exe , svhost32.exe , internat.exe.you can find these files in windows/ & temp/ directories.

4: It will sends the secured & protected information to attacker

How to remove this manually from your computer ?

1: Close the IE browser. Log out messenger / Remove Internet Cable.

2: To enable Regedit Click Start, Run and type this command exactly as given below: (better – Copy and paste)REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

3: To enable task manager : (To kill the process we need to enable task manager)Click Start, Run and type this command exactly as given below: (better – Copy and paste)REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

4: Now we need to change the default page of IE though regedit.Start>Run>Regedit From the below locations in Regedit chage your default home page to google.com or other.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MainHKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MainHKEY_USERS\Default\Software\Microsoft\Internet Explorer\MainJust replace the attacker site with google.com or set it to blank page.

5: Now we need to kill the process from back end. Press Ctrl + Alt + Del Kill the process svhost32.exe . ( may be more than one process is running.. check properly)

6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.

7: Go to regedit search for svhost and delete all the results you get.Start menu > Run > Regedit >

8: Restart the computer. That’s it now you are virus free. I don’t know whether any removal patch that works for this Trojan/virus. But we can easily delete it manually.

Warning : Better not to open any unknown url from your Computer. Even its from your friend. There are lot of black hat hackers who are waiting to steal your credit card numbers, passwords or any personal information from you… Use a better firewall & updated anti virus. However an Antivirus can do nothing if the virus is very latest…

Virus Info: http://original.avira.com/en/threats/Tr_Dldr_Qucan_A_details.html

More from my site

  • Increase your Google Page Rank! Edited this post. Removed all the viral tag links because it will greatly affect the deterioration of my blog juice. 🙂 For those who still have this sort of page rank increaser, I dare […]
  • July 18, 2008 Earthquake "1 Year and 10 days from now, a very strong earthquake will hit the Philippines. It will be on the 18th day of July year 2008." - Juseleeno Nobulega […]
  • Nintendo DS (NDS) Games Nintendo DS Games or NDS Games are products of Nintendo. You can purchase Nintendo DS and NDS Games at eBay or Amazon. These games are brand new and sealed. You can also try to download […]
  • Jemme got blogged! Itanong Mo Kay Jemmehttp://www.jemme.netMay mga tanong ka ba? May mga bagay bang gumugulo sa iyong isipan? Huwag nang mag-atubiling itanong kay Jemme! Gaya ng sabi ni Batang Yagit: […]
  • Increase Your Adsense Earnings by Increasing Your Pageviews I have noticed that my Adsense earnings increased as my number of page views increased. Today, I will give you a very short tip of how to increase the number of pageviews from the images […]
  • Commute Tayo Kakapagod pala mag commute from Manila to Alabang! Waaaah! Di ko na to kaya. 5:00AM palang dapat gising na me. Then log in sa Savant, tapos punta ng ADEC naku po 2 hours na byahe everyday! […]

2 thoughts on “Yahoo Messenger Virus Attack

  1. kuya jhez, pahingi code ng instant testi prompt maker! galing! astig! kahit code lang noon! how does it works? please!

Leave a Reply to mcaethen Cancel reply

Your email address will not be published. Required fields are marked *

seventeen − three =

This site uses Akismet to reduce spam. Learn how your comment data is processed.