Promblem:
If your yahoo messenger is affected by this worm it will send the nsl-school.org url (and other different urls) to all of your friend list in yahoo messenger using your ID . So with in few hours many of your friends will get infected with it if they click on any of these links.
I don't know the actual target of the idiot who created it. May be to advertise his site or to steal very imp data from your computer. I resolved the problem manually from 2 infected PC's. Just go through the below steps carefully.
What are those links ?
Nsl-school.org and other (Do not open this url in your browser).
After effects ?
1: It sets your default IE page to nsl-school.org, you can’t even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.
2: It will disables the Task manager / reg edit. So you can’t kill the malicious processes anymore.
3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe, enet.exe.
you can find these files in windows/ & temp/ directories.
4: It may send the secured & protected information to attacker.
Manual Removal:
1: Close the IE browser. Log out messenger / Remove Internet Cable.
2: To enable Regedit
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
3: To enable task manager : (To kill the process we need to enable task manager)
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
4: Now we need to change the default page of IE though regedit.
Start>Run>Regedit
From the below locations in Regedit chage your default home page to google.com or other.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main
Just replace the attacker site with google.com or set it to blank page.
5: Now we need to kill the process from back end. Press Ctrl + Alt + Del
Kill the process svhost32.exe . ( may be more than one process is running.. check properly)
6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
7: Go to regedit search for svhost and delete all the results you get.
Start menu > Run > Regedit >
8: Restart the computer. That’s it now you are virus free.
Removal Tools:
I did not use these tools. Please make sure that they are appropriate for the purpose.
1. http://hot_kool_mohnish.tripod.com/sitebuildercontent/sitebuilderfiles/svhost32-removal.zip
2. http://www.reloadedlabs.com/ymworm.htm
3. Following steps can be taken to remove worm from your system:
1) Download this file: http://avsharath.googlepages.com/RepairRegistry.reg (repairs your registry which is damaged by the worm)
2) Double click on that downloaded registry file, you will be asked wheather you're sure to add this to registry, click yes.
3) Restart your system.
4) Delete the file svhost32.exe from your Windows folder( If it is present).
5) Delete the file svhost.exe from your Windows folder( If it is present).
6) Lastly, search for: ENET.EXE and delete it if found.
Wednesday, December 06, 2006
Thursday, December 01, 2005
Million Dollar : hoax
I have been receiving variants of the mail below for last few months. It shows how Internet criminals are trying to make people fool. Their first objective is to get account number of targeted person and then he/she will left with nothing in his/her account...
Dear Singh,
I am Barrister Kofo Williams (ESQ) a Solicitor; I am the PersonalAttorney to one Engr. Michael Singh a national of your country, whoUsed to be a contractor with NNPC here in Nigeria.
On the 10th October 2002 my client, his wife and entire family wereinvolved in a car accident along 3rd mainland bridge Express Road LagosIsland. Unfortunately they all lost their lives in the event of theaccident,since then I have made several inquiries to their Embassy tolocate any of my clients extended relatives, this has also provedunsuccessful.
After these several Unsuccessful attempts, I decided to trace hisRelatives, to locate any member of His family but of no avail, hence Icontacted you since you bear the same surname to my late client. Icontact you to assist in repatriating the money in addition, propertyleft behind by my client before they get Confiscated or declaredUnserviceable by the bank where these huge deposits were lodged.
Particularly, the Bank where the deceased had an account valued atabout US$10 million dollars. Consequently, the bank issued me a noticeto provide the next of kin or have the account confiscated within thenext ten official working days. Since I have been Unsuccessful inlocating the relatives for over 2 years now, I seek your consent topresent you as the next of kin of the deceased, regardless of yourcountry, with your name/address; some vitals will be obtained on yourfavor which will back you as the next of kin to the deceased. Theproceeds of this account valued at US$10 Million dollars can be Paid toyou and then you and me can share like this 45% for me and 45% for you,while we will set aside 10% to pay back for any expenses or tax as yourgovernment may require. I have all necessary legal documents that canbe used to back up any claim we may make.
All I require is your honest cooperation to enable us seeing this dealthrough. I guarantee that this will be executed under a legitimatearrangement that will protect you from any breach of the law.
Please Reply urgently to enable us discuss further. Via this E-mailaddress:kofoschamber005@katamail.com
Best Regards,
Barrister Kofo Williams. (ESQ)
Dear Singh,
I am Barrister Kofo Williams (ESQ) a Solicitor; I am the PersonalAttorney to one Engr. Michael Singh a national of your country, whoUsed to be a contractor with NNPC here in Nigeria.
On the 10th October 2002 my client, his wife and entire family wereinvolved in a car accident along 3rd mainland bridge Express Road LagosIsland. Unfortunately they all lost their lives in the event of theaccident,since then I have made several inquiries to their Embassy tolocate any of my clients extended relatives, this has also provedunsuccessful.
After these several Unsuccessful attempts, I decided to trace hisRelatives, to locate any member of His family but of no avail, hence Icontacted you since you bear the same surname to my late client. Icontact you to assist in repatriating the money in addition, propertyleft behind by my client before they get Confiscated or declaredUnserviceable by the bank where these huge deposits were lodged.
Particularly, the Bank where the deceased had an account valued atabout US$10 million dollars. Consequently, the bank issued me a noticeto provide the next of kin or have the account confiscated within thenext ten official working days. Since I have been Unsuccessful inlocating the relatives for over 2 years now, I seek your consent topresent you as the next of kin of the deceased, regardless of yourcountry, with your name/address; some vitals will be obtained on yourfavor which will back you as the next of kin to the deceased. Theproceeds of this account valued at US$10 Million dollars can be Paid toyou and then you and me can share like this 45% for me and 45% for you,while we will set aside 10% to pay back for any expenses or tax as yourgovernment may require. I have all necessary legal documents that canbe used to back up any claim we may make.
All I require is your honest cooperation to enable us seeing this dealthrough. I guarantee that this will be executed under a legitimatearrangement that will protect you from any breach of the law.
Please Reply urgently to enable us discuss further. Via this E-mailaddress:kofoschamber005@katamail.com
Best Regards,
Barrister Kofo Williams. (ESQ)
Subscribe to:
Posts (Atom)
