Tweet
New Yahoo! Messenger Virus Attack, how to prevent it if effected
This Yahoo messenger virus attack is one of the most powerful Trojan/virus.. If your computer is infected with this virus; It will sends the nsl-school.org url to all of your friend list in yahoo messenger using your ID . So with in few hours many of your friends will get infected with it.
To solve this problem, Just go through the below steps carefully.
What are those links ?:
Nsl-school.org or other (Do not open this url in your browser).
IPB Image
If you are infected with it what is going to happen ?
1: It sets your default IE page to nsl-school.org, you can't even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.
2: It will disables the Task manager / reg edit. So you can't kill the Trojan process anymore.
3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe.
You can find these files in windows/ & temp/ directories.
4: It will sends the secured & protected information to attacker
How to remove this manually from your computer ?
1: Close the IE browser. Log out messenger / Remove Internet Cable.
2: To enable Regedit
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
Code: REG add HKCU\Software\Mic*ft\Windows\CurrentVersion\Polici es\System /v DisableRegistryTools /t REG_DWORD /d 0 /f 3: To enable task manager : (To kill the process we need to enable task manager)
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
Code: REG add HKCU\Software\Mic*ft\Windows\CurrentVersion\Polici es\System /v DisableTaskMgr /t REG_DWORD /d 0 /f 4: Now we need to change the default page of IE though regedit.
Start>Run>Regedit
From the below locations in Regedit chage your default home page to google.com or other
Code: HKEY_CURRENT_USER\SOFTWARE\Mic*ft\Internet Explorer\Main
HKEY_ LOCAL_MACHINE\SOFTWARE\Mic*ft\Internet Explorer\Main
HKEY_USERS\Default\Software\Mic*ft\Internet Explorer\Main Just replace the attacker site with google.com or set it to blank page.
5: Now we need to kill the process from back end. Press Ctrl + Alt + Del
Kill the process svhost32.exe . ( may be more than one process is running.. check properly)
6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
7: Go to regedit search for svhost and delete all the results you get
Code: Start>Run>Regedit 8: Restart the computer. That's it now you are virus free
This Yahoo messenger virus attack is one of the most powerful Trojan/virus.. If your computer is infected with this virus; It will sends the nsl-school.org url to all of your friend list in yahoo messenger using your ID . So with in few hours many of your friends will get infected with it.
To solve this problem, Just go through the below steps carefully.
What are those links ?:
Nsl-school.org or other (Do not open this url in your browser).
IPB Image
If you are infected with it what is going to happen ?
1: It sets your default IE page to nsl-school.org, you can't even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.
2: It will disables the Task manager / reg edit. So you can't kill the Trojan process anymore.
3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe.
You can find these files in windows/ & temp/ directories.
4: It will sends the secured & protected information to attacker
How to remove this manually from your computer ?
1: Close the IE browser. Log out messenger / Remove Internet Cable.
2: To enable Regedit
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
Code: REG add HKCU\Software\Mic*ft\Windows\CurrentVersion\Polici es\System /v DisableRegistryTools /t REG_DWORD /d 0 /f 3: To enable task manager : (To kill the process we need to enable task manager)
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
Code: REG add HKCU\Software\Mic*ft\Windows\CurrentVersion\Polici es\System /v DisableTaskMgr /t REG_DWORD /d 0 /f 4: Now we need to change the default page of IE though regedit.
Start>Run>Regedit
From the below locations in Regedit chage your default home page to google.com or other
Code: HKEY_CURRENT_USER\SOFTWARE\Mic*ft\Internet Explorer\Main
HKEY_ LOCAL_MACHINE\SOFTWARE\Mic*ft\Internet Explorer\Main
HKEY_USERS\Default\Software\Mic*ft\Internet Explorer\Main Just replace the attacker site with google.com or set it to blank page.
5: Now we need to kill the process from back end. Press Ctrl + Alt + Del
Kill the process svhost32.exe . ( may be more than one process is running.. check properly)
6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
7: Go to regedit search for svhost and delete all the results you get
Code: Start>Run>Regedit 8: Restart the computer. That's it now you are virus free