This Yahoo messenger virus attack is one of the most powerful Trojan/virus.. If your computer is infected with this virus; It will sends the nsl-school.org url to all of your friend list in yahoo messenger using your ID . So with in few hours many of your friends will get infected with it.

To solve this problem, Just go through the below steps carefully.

What are those links ?:
Nsl-school.org or other (Do not open this url in your browser).

IPB Image

If you are infected with it what is going to happen ?

1:
It sets your default IE page to nsl-school.org, you can’t even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.

2: It will disables the Task manager / reg edit. So you can’t kill the Trojan process anymore.

3:
Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe.
You can find these files in windows/ & temp/ directories.

4: It will sends the secured & protected information to attacker

How to remove this manually from your computer ?

1: Close the IE browser. Log out messenger / Remove Internet Cable.

2: To enable Regedit

Click Start, Run and type this command exactly as given below: (better – Copy and paste)

Code: REG add HKCUSoftwareMic*ftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f

3: To enable task manager : (To kill the process we need to enable task manager)

Click Start, Run and type this command exactly as given below: (better – Copy and paste)

Code: REG add HKCUSoftwareMic*ftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 0 /f

4: Now we need to change the default page of IE though regedit.

Start>Run>Regedit

From the below locations in Regedit chage your default home page to hackgyan.com or other

Code: HKEY_CURRENT_USERSOFTWAREMic*ftInternet ExplorerMain
HKEY_ LOCAL_MACHINESOFTWAREMic*ftInternet ExplorerMain
HKEY_USERSDefaultSoftwareMic*ftInternet ExplorerMain

Just replace the attacker site with hackgyan.com or set it to blank page.

5:
Now we need to kill the process from back end. For this, Press “Ctrl + Alt + Del”
Kill the process svhost32.exe . ( may be more than one process is running.. check properly)

6:
Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.

7: Go to regedit search for svhost and delete all the results you get
Code: Start>Run>Regedit

8: Restart the computer. That’s it now your system is virus free

Do you like this post?

Last Updated on April 17, 2014

Comments:
  1. Detector Hi5

    I remember there it was a tool for this but I cant find it anymore, still.. this is a good trick

  2. umesh verma

    just download the one month free pack of symantech norton antivirus 2010 eddition and get the solution of all viruses.

  3. Security Tool

    I got infected with a similar virus on Hotmail and Facebook. This virus is an adware that sends spam to your contacts. Have you heard of it? If so could you please tell me where to find it on my c: the .exe file name would be nice.

    Thanks

  4. Shy

    thanks dude.. it really help.. hehe… this viruses been nagging me..my friend keep spammming the link will go n try to clean it..

  5. C. T. Gunn

    I still believe the best trick to preventing problems like this is having adequate anti-virus and anti-spyware applications. Avast doesn’t get the job done and AVG-free only gets the jobs done most of the time. However, if you’re heavily involve in online networking, You’re best option is to pay for your protection. Not trying to spam you, but a company that’s been making solid products lately is ParetoLogic Inc. This company offers software that covers almost any problem you’re going to have. I left a link to a list of their products as my website in this post. Check it out.

  6. Facebook Virus

    Someone sent me a Facebook message with a link to a photo yesterday, i clicked on it and some of my friends on facebook started complaining about me sending them the same message, anyway i had a virus and i found http://howtogetridofthefacebookvirus.com/ and got rid of it.

Copyright © 2008-2014 Comptalks - All Rights Reserved.