Yahoo Messenger Virus............. Help !!!!!

coolendra · Oct 30, 2006

Hi guys.... ye all gotta help me....

i am using yahoo msngr 7 nd recently i recieved a link frm a trusted frnd of mine stating i got 2000 usd... it seemed like he was telling me this... but as fate wud hav it ... i clicked it nd even now my PC is affected.....

my msngr snds msgs to ne1 whoz online without my consent....

msgs like " school girl kidnapped..... "
" give me a ****..... "..... etc.....

its creating a nuisense among my frnds...... plz help me remove it... my mcafee cant remove it.. i hav the latest updates......

also there is a static webaddress "mytermx.com" on my internet explorer.... plz help me remove it...

hlp needed urgently...............................

thanx in advance....

Tech Geek · Oct 30, 2006

Right click on IE >Properties>Clear History to remove mytermx.com

NOTE:List of all the sites u ever logged in from IE will be DELETED
__________
:razz:

subhajitmaji · Oct 30, 2006

The same thing happened to me. Additionaly, the virus also disabled access to registry and the task manager.
I scanned with NAV 2006. It deleted the virus but couldnt repair the problems.
So I created a new user account and deleted the older one. It works fine now.

coolendra · Oct 31, 2006

the problem is that i am using admin account... he he...

Tech Geek · Oct 31, 2006

Try this

uninstall the messenger>scan with an antivirus(try to repair it up or delete the virus)> install th messenger again

Kiran.dks · Oct 31, 2006

Already a post on this...
follow the link...*www.thinkdigit.com/forum/showthread.php?t=39952

subhajitmaji · Oct 31, 2006

@coolendra
Create another account with administrative priviledge.

sridatta · Nov 1, 2006

Guys, my frend has faced a similar problem with yahoo...

If the symptoms are

1. Regedit is disabled
2. Task Manager is disabled
3. Yahoo messenger is sending messages automatically to your buddy list
4. Internet explorer is set to some default webpage

then the following solution works

Close the IE browser. Log out your yahoo messenger. Remove the cable if u use LAN.

To enable regedit remotely, type the following in a single line in start->run

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

To enable Task Manager, either you can do it in regedit now or use the following key and follow the same procedure above

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

Now, to change the default page of Internet Explorer, Do this

Run Regedit and navigate to

For current user:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
For entire machine:
HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
For all local users:
HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main

Now Replace the corresponding keys where u find the worm site with Blank or to your default search engine.

The automatic sending of messages is due to some unknown processes running behind... So we gotta remove them

Now, run task manager

Kill the process svhost32.exe
[ Note : not svchost.exe coz that is a critical system process

]

Delete svhost32.exe , svhost.exe files from Windows/ & temp/
directories. If you cant find them, search for files and folders.

You can also remove the following keys in the registry that contains this filename..
[Note : This filename is one which i found in my frenz system suspicious. It may vary with your system ]

Finally Restart the system

Note :
For people who cannot even run the "run command" window from start menu can enable in group policy. Follow the steps

open My computer , navigate to c:\windows\system32
(if u could not find the system32 folder in the widows folder, type the path in the address bar)

double click gpedit.msc and navigate to
User Configuration -> Administrative Templates -> Start Menu and Taskbar

Find the key Remove Run command from start menu and disable it.

Please inform me if this solution works or i will try to find a better solution.

subhajitmaji · Nov 1, 2006

Thanks 4 the solution. I think It will work, since, I also repaired my PC with almost da same process.
Except one....
Instead of trying to fix the HKCU branch, I created a new user and deleted the original.
Now if someone is using admin account, he must follow ur solution.
Simply Great......

sridatta · Nov 1, 2006

Thanks for ur response

Yahoo Messenger Virus............. Help !!!!!

coolendra

Neil is Here...

Tech Geek

Wise Old Owl

subhajitmaji

Broken In

coolendra

Neil is Here...

Tech Geek

Wise Old Owl

Kiran.dks

Technomancer

subhajitmaji

Broken In

sridatta

An Esoteric Geek

subhajitmaji

Broken In

sridatta

An Esoteric Geek