Yahoo Messenger Virus............. Help !!!!!

Discussion in 'Software Q&A' started by coolendra, Oct 30, 2006.

Thread Status:
Not open for further replies.
  1. coolendra

    coolendra Neil is Here...

    Joined:
    Jun 18, 2005
    Messages:
    392
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    LALA LAND
    Hi guys.... ye all gotta help me....

    i am using yahoo msngr 7 nd recently i recieved a link frm a trusted frnd of mine stating i got 2000 usd... it seemed like he was telling me this... but as fate wud hav it ... i clicked it nd even now my PC is affected.....

    my msngr snds msgs to ne1 whoz online without my consent....

    msgs like " school girl kidnapped..... "
    " give me a ****..... "..... etc.....

    its creating a nuisense among my frnds...... plz help me remove it... my mcafee cant remove it.. i hav the latest updates......

    also there is a static webaddress "mytermx.com" on my internet explorer.... plz help me remove it...

    hlp needed urgently...............................

    thanx in advance....
     
  2. Tech Geek

    Tech Geek Wise Old Owl

    Joined:
    Sep 21, 2006
    Messages:
    1,602
    Likes Received:
    18
    Trophy Points:
    0
    Location:
    Cyber Hell
    Right click on IE >Properties>Clear History to remove mytermx.com

    NOTE:List of all the sites u ever logged in from IE will be DELETED
    __________
    :razz:
     
    Last edited: Oct 30, 2006
  3. subhajitmaji

    subhajitmaji New Member

    Joined:
    Oct 13, 2006
    Messages:
    54
    Likes Received:
    1
    Trophy Points:
    0
    The same thing happened to me. Additionaly, the virus also disabled access to registry and the task manager.
    I scanned with NAV 2006. It deleted the virus but couldnt repair the problems.
    So I created a new user account and deleted the older one. It works fine now.
     
  4. OP
    OP
    coolendra

    coolendra Neil is Here...

    Joined:
    Jun 18, 2005
    Messages:
    392
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    LALA LAND
    the problem is that i am using admin account... he he...
     
  5. Tech Geek

    Tech Geek Wise Old Owl

    Joined:
    Sep 21, 2006
    Messages:
    1,602
    Likes Received:
    18
    Trophy Points:
    0
    Location:
    Cyber Hell
    Try this

    uninstall the messenger>scan with an antivirus(try to repair it up or delete the virus)> install th messenger again
     
  6. Kiran.dks

    Kiran.dks New Member

    Joined:
    Apr 3, 2006
    Messages:
    2,494
    Likes Received:
    91
    Trophy Points:
    0
    Location:
    Pune, India
  7. subhajitmaji

    subhajitmaji New Member

    Joined:
    Oct 13, 2006
    Messages:
    54
    Likes Received:
    1
    Trophy Points:
    0
    @coolendra
    Create another account with administrative priviledge.
     
  8. sridatta

    sridatta An Esoteric Geek

    Joined:
    Mar 28, 2006
    Messages:
    283
    Likes Received:
    15
    Trophy Points:
    0
    Location:
    Bangalore
    Guys, my frend has faced a similar problem with yahoo...

    If the symptoms are

    1. Regedit is disabled
    2. Task Manager is disabled
    3. Yahoo messenger is sending messages automatically to your buddy list
    4. Internet explorer is set to some default webpage


    then the following solution works

    Close the IE browser. Log out your yahoo messenger. Remove the cable if u use LAN.

    To enable regedit remotely, type the following in a single line in start->run

    REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

    To enable Task Manager, either you can do it in regedit now or use the following key and follow the same procedure above

    REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

    Now, to change the default page of Internet Explorer, Do this

    Run Regedit and navigate to

    For current user:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    For entire machine:
    HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
    For all local users:
    HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main

    Now Replace the corresponding keys where u find the worm site with Blank or to your default search engine.

    The automatic sending of messages is due to some unknown processes running behind... So we gotta remove them

    Now, run task manager

    Kill the process svhost32.exe
    [ Note : not svchost.exe coz that is a critical system process ;)]

    Delete svhost32.exe , svhost.exe files from Windows/ & temp/
    directories. If you cant find them, search for files and folders.

    You can also remove the following keys in the registry that contains this filename..
    [Note : This filename is one which i found in my frenz system suspicious. It may vary with your system ]

    Finally Restart the system

    Note :
    For people who cannot even run the "run command" window from start menu can enable in group policy. Follow the steps

    open My computer , navigate to c:\windows\system32
    (if u could not find the system32 folder in the widows folder, type the path in the address bar)

    double click gpedit.msc and navigate to
    User Configuration -> Administrative Templates -> Start Menu and Taskbar

    Find the key Remove Run command from start menu and disable it.


    Please inform me if this solution works or i will try to find a better solution.
     
    Last edited: Nov 22, 2006
    it_waaznt_me likes this.
  9. subhajitmaji

    subhajitmaji New Member

    Joined:
    Oct 13, 2006
    Messages:
    54
    Likes Received:
    1
    Trophy Points:
    0
    Thanks 4 the solution. I think It will work, since, I also repaired my PC with almost da same process.
    Except one....
    Instead of trying to fix the HKCU branch, I created a new user and deleted the original.
    Now if someone is using admin account, he must follow ur solution.
    Simply Great......
     
  10. sridatta

    sridatta An Esoteric Geek

    Joined:
    Mar 28, 2006
    Messages:
    283
    Likes Received:
    15
    Trophy Points:
    0
    Location:
    Bangalore
    Thanks for ur response :)
     
Thread Status:
Not open for further replies.

Share This Page