hdsk.23
~ Harshdeep ~
Yahoo is so badly attacked by the Virus name "W32.Sality.U"
However they detect it but are fail to clean it.
This virus spreads through itsself through mail with with help of attachments and then replicates itself by sending itself to that user contacts list. You will receive mails having attachments with extension .pif then means it is going to be an virus!!!!!!
Why yahoo scans its whole server to clean or delete mails infected mails!!!!!!
Details of the virus What it does n how to clean it are below:
SUMMARY
Discovered: August 8, 2006
Type: Virus
Infection Length: 20,480 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
W32.Sality.U is a virus that spreads by infecting executable files and drops a copy of W32.HLLP.Sality. It is a variant of W32.Sality.S.
Removal: Easy
When W32.Sality.U is executed, it performs the following actions:
1. Drops the following file:
%System%\vcmgcd32.dll (Detected as W32.HLLP.Sality)
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
2. Appends the following lines to the file %Windir%\System.ini:
[MCIDRV_VER]
DEVICE=[RANDOM_NUMBER]
Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
3. Injects this .dll file into all running processes.
4. Resides in memory and infects all portable executable files it finds.
MANUAL REMOVAL:
1. Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Run a full system scan and delete all infected files.
4. Edit the System.ini file.
a) Click Start > Run.
b) Type the following:
- edit c:\windows\system.ini
and then click OK.
(The MS-DOS Editor opens.)
c) Look for lines similar to the following and delete them:
[MCIDRV_VER]
DEVICE=[RANDOM_NUMBER]
5. Reboot your computer in safe mode. [how to]
6. Run a full scan again to ensure that infected files are gone.
7. In order to make sure that W32.Sality.U is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software.
However they detect it but are fail to clean it.
This virus spreads through itsself through mail with with help of attachments and then replicates itself by sending itself to that user contacts list. You will receive mails having attachments with extension .pif then means it is going to be an virus!!!!!!
Why yahoo scans its whole server to clean or delete mails infected mails!!!!!!
Details of the virus What it does n how to clean it are below:
SUMMARY
Discovered: August 8, 2006
Type: Virus
Infection Length: 20,480 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
W32.Sality.U is a virus that spreads by infecting executable files and drops a copy of W32.HLLP.Sality. It is a variant of W32.Sality.S.
Removal: Easy
When W32.Sality.U is executed, it performs the following actions:
1. Drops the following file:
%System%\vcmgcd32.dll (Detected as W32.HLLP.Sality)
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
2. Appends the following lines to the file %Windir%\System.ini:
[MCIDRV_VER]
DEVICE=[RANDOM_NUMBER]
Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
3. Injects this .dll file into all running processes.
4. Resides in memory and infects all portable executable files it finds.
MANUAL REMOVAL:
1. Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Run a full system scan and delete all infected files.
4. Edit the System.ini file.
a) Click Start > Run.
b) Type the following:
- edit c:\windows\system.ini
and then click OK.
(The MS-DOS Editor opens.)
c) Look for lines similar to the following and delete them:
[MCIDRV_VER]
DEVICE=[RANDOM_NUMBER]
5. Reboot your computer in safe mode. [how to]
6. Run a full scan again to ensure that infected files are gone.
7. In order to make sure that W32.Sality.U is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software.
Yahoo! lover(Indyan) dont get sentimental 
