6 Steps to Encounter a Virus Attack On Yahoo Messenger

6 Steps to Encounter a Virus Attack On Yahoo Messenger



Coutsonif.A virus attacks that threaten the user's Yahoo Messenger and Skype should be wary. This virus spreads by sending itself to all contacts in the address of the application from the infected computer.

The message at a glance like a message in general. But not to click on the link provided, though sent by your friend. Because the message was not sent by your colleagues, but by a virus that has managed to infect your computer partner.

Well, if already infected, then it will automatically create a random file name with the extension. Tmp and. Exe that will be stored in the directory [C: \ Documents and Settings \% username% \ Local Settings \ Temp] with different names .

If you have this, users could only surrender and restless activity on the internet again. In fact, might even damage the good name because of allegedly spreading the virus as well. Therefore, the recipient of a suspect who deliberately harm themselves friends by sending him a virus.

Hence, before the incident occurred. It is better you see the 6 surefire way to eradicate destructive virus that attacks the good name of this chat application as reported Vaksincom:

1. Disable 'System Restore' during the cleaning process.
2. Disable Windows autorun, so the virus can not be activated automatically when access to the drive / flash disk.

* Click the 'start'
* Click 'run'
* Type in 'gpedit.msc' without the quotes. Then the screen will display 'Group Policy'
* On the 'Computer Configuration and User Configuration,' click 'Administrative templates'
* Click the 'System'
* Right click on 'Turn On Autoplay', select 'Properties'. Then the screen will appear 'on Tun Autoplay propeties'
* In the tabulation 'Settings', select 'Enabled'
* In the column 'Tun off Autoplay on' select 'All drives'
* Click 'Ok'


3. Turn off the virus, use the tools 'security task manager' and delete the file [sysmgr.exe, vshost.exe, winservices.exe, *. tmp]

Just for the record,. Tmp files that have extensions shown TMP [example: 5755.tmp]. Right-click on the file and select 'Remove', then select the option 'Move files to Quarantine'.

4. Repair registry that has been altered by the virus. To speed up the process of elimination, please copy the script below on the notepad program and save it as repair.inf. Execute the following ways: repair.inf Right click and select install.

[Version]
Signature = "$ Chicago $"
Provider = Vaksincom Oyee


[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del


[UnhookRegKey]

HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
HKCU, SessionInformation, ProgramCount, 0x00010001, 3
HKCU, AppEvents \ Schemes \ Apps \ Explorer \ BlockedPopup \. Current,,, "C: \ WINDOWS \ media \ Windows XP Pop-up Blocked.wav"
HKCU, AppEvents \ Schemes \ Apps \ Explorer \ EmptyRecycleBin \. Current,,, "C: \ Windows \ media \ Windows XP Recycle.wav"
HKCU, AppEvents \ Schemes \ Apps \ Explorer \ Navigating \. Current,,, "C: \ Windows \ media \ Windows XP Start.wav"
HKCU, AppEvents \ Schemes \ Apps \ Explorer \ SecurityBand \. Current,,, "C: \ WINDOWS \ media \ Windows XP Information Bar.wav"

[Del]

HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Microsoft (R) System Manager
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Run, bMaxUserPortWindows Service Help
HKLM, SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters, MaxUserPort

5. Remove virus file below:
C: \ vshost.exe [all drives]

C: \ autorun.inf [all drives]

C: \ RECYCLER \ S-1-5-21-9949614401-9544371273-983011715-7040 \ winservices.exe

C: \ Documents and Settings \% username% \ Local Settings \ Temp

A415.tmp [random]

034.exe [random]

Lady_Eats_Her_Shit - www.youtube.com

C: \ WINDOWS \ system32 \ sysmgr.exe

C: \ WINDOWS \ TEMP \ 5755.tmp

C: \ windows \ system32 \ crypts.dll

C: \ windows \ system32 \ msvcrt2.dll

6. For optimal cleaning and prevent re-infection, please use the antivirus can detect and eradicate this virus up to date. You also can download the tools in Norman Malware Cleaner http://download.norman.no/public/Norman_Malware_Cleaner.exe.


Category Article

What's on Your Mind...

Powered by Blogger.