Informasi Tips Blog Blogger | Seputar Kehidupan Blogger | Software | Games | Gadgets

6 Steps to Heal Yahoo Messenger Attacker Virus

Posted by Herly Deflin 0 komentar
The virus Coutsonif.A attack has threatened most Yahoo Messenger and Skype users. The virus spreads itself to all contacts listed in the address book of that application from infected PC.

At glance, the messages look like in general, but please do not click to the link given although it was sent by your own buddies because that message was not sent by them, but virus which has infected your friend’s computer successfully.

If this problem has been occurred to your PC, it will make a random file name with the extension. Tmp and. Exe which will be stored in the directory" [C:\Documents and Settings\%username%\Local Settings\Temp]" with the the different name. The PC user will give up and will find no comfort again while using internet. Moreover, your friends will blame you because you have spread the virus.

I will tell you 6 steps to exterminate destructive virus which attacks the good name of a Yahoo Messenger chat application:

1. During the cleaning process, disable 'System Restore'.

2. Disable Windows autorun, so that the virus will not be automatically activated when accessing the drive/flash disk.
* Click 'start'
* Click 'run'
* Type 'GPEDIT.MSC', without quotes. The screen will display 'Group Policy'
* In the 'Computer Configuration and User Configuration', click 'Administrative templates'
* Click the 'System'
* Right click on 'Turn On Autoplay', select 'Properties'. Then the screen will appear 'on Tun Autoplay propeties'
* In the tabulation 'Settings', select 'Enabled'
* In the 'Tun off Autoplay on' select 'All drives'
* Click 'Ok'

3. Turn off the virus, use the tools' security task manager 'and delete the file [sysmgr.exe, vshost.exe, winservices.exe, *.tmp].
Just a note,. Tmp files that have indicated an extension TMP [example: 5755.tmp]. Right-click on the file and select 'Remove', select the option 'Move files to Quarantine.

4. Repair registry that has been modified by the virus. To speed up the process of elimination, please copy the script below on the notepad program and save it with the name repair.inf. Run the file in the following manner: right-click repair.inf and select install.
Provider=Vaksincom Oyee



HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKCU, SessionInformation, ProgramCount, 0x00010001,3
HKCU, AppEvents\Schemes\Apps\Explorer\BlockedPopup\.current,,,"C:\WINDOWS\media\Windows XP Pop-up Blocked.wav"
HKCU, AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Current,,,"C:\Windows\media\Windows XP Recycle.wav"
HKCU, AppEvents\Schemes\Apps\Explorer\Navigating\.Current,,,"C:\Windows\media\Windows XP Start.wav"
HKCU, AppEvents\Schemes\Apps\Explorer\SecurityBand\.current,,,"C:\WINDOWS\media\Windows XP Information Bar.wav"


HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft(R) System Manager
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, bMaxUserPortWindows Service help
HKLM, SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, MaxUserPort

5. Hapus file virus berikut:
C:\vshost.exe [all drive]

C:\autorun.inf [all drive]


C:\Documents and Settings\%user%\Local Settings\Temp

A415.tmp [acak]

034.exe [acak]




6. For optimal cleaning and prevent re-infection, please use the antivirus which can detect and exterminate this virus up to date.

0 komentar:

Post a Comment