virus attacks that threaten the Yahoo Messenger and Skips users should watch out. This virus spreads by sending itself to all contacts that exist in the application addresses from the infected computer.
Such messages, it looks like the message in general. But not to click on the link provided, though sent by your friend. Section, the message is not actually sent by someone you know, but by a virus that has managed to infect your partner's computer.
Well, if already infected, then it will automatically create a random file name extension. Top and. Exe file will be stored in the directory [C: \ Documents and Settings \% user% \ Local Settings \ Temp] with a different name.
If it this way, users could only calm resignation and not indulge in internet anymore. In fact, might even damage his reputation for allegedly spreading the virus as well. Therefore, the recipient of her friends suspect messages deliberately sent him to harm himself with a virus.
Hence, before it happened. It is better you see the six surefire way to eradicate the destructive virus that attacks the reputation of this chat application as reported :
1. Disable 'System Restore' during the cleaning process.
2. Disable autorun of Windows, so viruses can not be activated automatically when access to the drive / flash disk.
• Click the 'Start'
• Click 'run'
• Type 'gpedit.msc' without the quotes. Then the screen will display 'Group Policy'
• On the menu 'Computer Configuration and User Configuration, click' Administrative Templates'
• Click 'System'
• Right click on 'Turn On Autoplay', select 'Properties'. Then the screen will display 'Tun on Autoplay propeties'
• In tabulating the 'Settings', select 'Enabled'
• In the column 'Tun off Autoplay on "select" All drives "
• Click 'Ok'
3. Switch off the virus, use the tool 'security task manager' and then delete the file [sysmgr.exe, vshost.exe, winservices.exe, *. tmp]
Just for the record,. Tmp files that have extensions shown TMP [eg 5755.tmp]. Right click on the file and select 'Remove', then select the option 'Move files to Quarantine'.
4. Repair registry that has been modified by a virus. To speed up the removal process please copy this script in notepad and then save with name repair.inf. Run the file by: repair.inf Right click and select install.
[Version]
Signature = "$ Chicago $"
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ Command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
HKCU, SessionInformation, ProgramCount, 0x00010001, 3
HKCU, AppEvents \ Schemes \ Apps \ Explorer \ BlockedPopup \. Currents,, "C: \ WINDOWS \ media \ Windows XP Pop-ups Blocked.wav"
HKCU, AppEvents \ Schemes \ Apps \ Explorer \ EmptyRecycleBin \. Current,,, "C: \ Windows \ media \ Windows XP Recycle.wav"
HKCU, AppEvents \ Schemes \ Apps \ Explorer \ Navigating \. Current,,, "C: \ Windows \ media \ Windows XP Start.wav"
HKCU, AppEvents \ Schemes \ Apps \ Explorer \ SecurityBand \. Current,,, "C: \ WINDOWS \ media \ Windows XP Information Bar.wav"
[Del]
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Microsoft (R) System Manager
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Run, bMaxUserPortWindows Service help
HKLM, SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters, MaxUserPort
5. Remove virus file the following:
C: \ vshost.exe [all drives]
C: \ autorun.inf [all drives]
C: \ Recycler \ S-1-5-21-9949614401-9544371273-983011715-7040 \ winservices.exe
C: \ Documents and Settings \% user% \ Local Settings \ Temp
A415.tmp [random]
034.exe [random]
Lady_Eats_Her_Shit - www.youtube.com
C: \ WINDOWS \ system32 \ sysmgr.exe
C: \ WINDOWS \ TEMP \ 5755.tmp
C: \ WINDOWS \ system32 \ crypts.dll
C: \ windows \ system32 \ msvcrt2.dll
6. For optimal cleaning and prevent reinvention please use antivirus that can detect and eradicate this virus up to date. You can also download tools in http://download.norman.no/public/Norman_Malware_Cleaner.exe Norman Malware Cleaner
26 May, 2010
6 Steps Eradicate Yahoo Messenger Virus Attack
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment