6 Steps to Kill Yahoo Messenger Virus

Posted: December 30, 2009 in Uncategorized
Tags: , , , , , , ,

Virus attacks that threaten Coutsonif.A Yahoo Messenger and Skype should be wary of. This virus spreads by sending itself to all contacts in the application address of infected computers.
These messages look like the message in general. But don’t click on the link provided, though sent by your friend. The reason is, the message was not sent by someone you know, but by a virus that has managed to infect your computer partner.
Well, if it is infected, then it will automatically create a random file name extension. Tmp and. Exe which will be stored in the directory [C:\Documents and Settings\%user%\Local Settings\Temp] with a different.
If you have this, the user can simply let go and did not calm activity on the internet again. In fact, might even damaged his reputation for allegedly spreading the virus, too. Therefore, the recipient of a suspect who deliberately harm others by sending him a virus.
Therefore, before the incident happened. There’s a good idea to refer to 6 surefire way to eradicate the destructive virus that attacks the good name of this chat application as Vaksincom Reporting:
1. Disable ‘System Restore’ during the cleaning process.
2. Disable autorun Windows, so viruses can not be automatically activated when access to the drive/flash disk.
* Click the ’start’
* Click ‘run’
* Type ‘gpedit.msc’ without the quotes. This will bring up the screen ‘Group Policy’
* On the menu ‘Computer Configuration and User Configuration’, click ‘Administrative templates’
* Click the ‘System’
* Right click on ‘Turn On Autoplay’, select ‘Properties’. This will bring up the screen ‘Tun on propeties Autoplay’
* In the tabulation ‘Settings’, select ‘Enabled’
* In the column ‘Tun off Autoplay on “select” All drives ”
* Click ‘Ok’
3. Turn off the virus, use the tools ’security task manager’ and then delete the file [sysmgr.exe, vshost.exe, winservices.exe,*.tmp]
Just a note, .Tmp files that have showed TMP extension [example: 5755.tmp]. Right-click on the file and select ‘Remove’, then select the option ‘Move files to Quarantine’.
4. Repair registry that has been changed by the virus. To speed up the removal process please copy this script in notepad and save it with the name repair.inf. Execute the following manner: repair.inf Right-click and select install.
Provider=Vaksincom Oyee
HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKCU, SessionInformation, ProgramCount, 0×00010001,3
HKCU, AppEvents\Schemes\Apps\Explorer\BlockedPopup\.current,,,”C:\WINDOWS\media\Windows XP Pop-up Blocked.wav”
HKCU, AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Current,,,”C:\Windows\media\Windows XP Recycle.wav”
HKCU, AppEvents\Schemes\Apps\Explorer\Navigating\.Current,,,”C:\Windows\media\Windows XP Start.wav”
HKCU, AppEvents\Schemes\Apps\Explorer\SecurityBand\.current,,,”C:\WINDOWS\media\Windows XP Information Bar.wav”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft(R) System Manager
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, bMaxUserPortWindows Service help
HKLM, SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, MaxUserPort
5. Delete the following viruses:
exe [all drive]
C:\autorun.inf [all drive]
C:\Documents and Settings\%user%\Local Settings\Temp
A415.tmp [acak]
034.exe [acak]
6. For optimal cleaning and prevent reinfection please use the antivirus which can detect and eradicate this virus up to date. You can also download the tools in Norman Malware Cleaner. Just search in google.

  1. […] 6 Steps to Kill Yahoo Messenger Virus « *____* […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s