Bom Sabado! Virus In Orkut – How To Remove / Solve It?

September 25th, 2010

I got a scrap from a friend on Orkut today. It was quite unusual, as this particular friend had not left a scrap in ages.

Just checked my email in GMail and the message said Bom Sabado! ( do you know what Bom Sabado means ? If you don’t read this post)

I was not sure what it meant. The message was neither in English, nor in my mother tongue, and being suspicious I googled around and found that it indeed is a worm (it’s not a virus, no losses have been mentioned from it yet) that is spreading through out Orkut.

Tanmoy Talukdar has left a solution on how to solve this problem at Techie-Buzz.

For everyone whose orkut account has been affected with the ‘bom sabado’ worm ….

The worm injects a hidden iframe containing a malicious javascript http://tptools.org/worm.js [do not click this], which steals the user cookie which contains the password in an encoded form. So the attacker do not get to know your plaintext password but can login using your credentials by impersonating using the cookie to fool the identification system. So a trivial solution is to diable javascript, another solution is to disable iframes or u can take an advanced measure by blocking the domain http://tptools.org/ by editing your hosts file and redirecting it to a safe address, say 127.0.0.1

go to C:\windows\system32\drivers\etc\
There is a file named ‘hosts’. By default it is read-only. Go to it properties and uncheck the tickmark beside read-only
edit it with you favourite editor.

add this line at the end of it

127.0.0.1 tptools.org

save it. and then restart your network interface. ( in simple words, just reconnect your interner connection ) and bingo!! the worm’ll be useless.

Hope this message is really helpful and saves you from Bom Sabado!

Be Sociable, Share!

Author: Categories: Internet Tags: , ,
  1. Tanmoy Talukdar
    September 25th, 2010 at 16:28 | #1

    Thanks for the mention, buddy :)

  2. Harika
    September 25th, 2010 at 16:49 | #2

    Bt in my properties..,there is no tick mark for read-only…Even though i got the scrap ‘bom sabodo’ :(
    is there any problem with this..please suggest me… :(

  3. September 25th, 2010 at 16:52 | #3

    @Harika – There is no problem and nothing to worry about.

  4. Harika
    September 25th, 2010 at 16:53 | #4

    i mean…i couldn’t add that 127.0.0.1 tptools.org at the end..even it is not in read only mode by default.. :(

  5. Harika
    September 25th, 2010 at 16:55 | #5

    ok…then wat to do..???

  6. Pramod
    September 25th, 2010 at 17:16 | #6

    Some Solve :- http://*.tptools.org block a website your internet browsers.

  7. harika
    September 25th, 2010 at 17:40 | #7

    these things will be useful..i jus found out from techie-buzz.com
    thank you.. :):D
    * Switch to the “older version” of Orkut.
    * Log out of Orkut.
    * Clean your browser’s cache
    and cookies.
    * Log in and change your password and security
    question.

  8. September 25th, 2010 at 21:47 | #8

    @Harika – Thanks for the input.

  9. Tanmoy Talukdar
    September 25th, 2010 at 22:17 | #9

    make sure that you are running notepad(or whatever app u use) in admin mode.

  10. Tanmoy Talukdar
    September 25th, 2010 at 23:05 | #10

    bom sabado killed, yet again … http://bit.ly/adhr0V

  11. September 25th, 2010 at 23:19 | #11

    @Tanmoy – Thanks for the update.

  12. BluesM4N
    September 26th, 2010 at 04:10 | #12

    “Bom Sábado” means literally “have a nice Saturday”

  13. Ravi Dora
    September 26th, 2010 at 09:03 | #13

    Thanks buddy for your Information
    It is Useful for all,
    Thanks Again.
    Have A Good Day.

  1. September 28th, 2010 at 22:28 | #1