Vaish called me last evening to figure out if ‘I’ was sending her those messages on Yahoo messenger. I had no idea what she was talking about. Nothing made sense initially, till I figured there was a ‘bad worm’ that had attacked my Yahoo Messenger and had taken complete control of it without my knowledge.
It was sending random messages to everyone on my list with a link embedded in the message. Kinda self sustaining parasite, which multiplied itself and infected everyones comp. The damage it was causing was extremely large in amount.
I tried to find the root cause of the worm and kill it, but darn the smart thing had disabled/restricted my access to Registry Editor and Task Manager. It also had modified the default URL of my home page on IE to some “un-ethical sites” and had left no option for me to change it. So any one who tries to access IE on my comp wud be greeted by sites like :
What are those links ?:
Now don’t try opening these sites, even if you choose to, its at your own risk you’d be inviting trouble.
How to get rid of ‘mytermex(dot)com’,’Nsl-school(dot)org’ Yahoo messenger Virus ?
Now here’s how you can get rid of this ‘worm’ if your system.
1> Download this Registry file on to your system. This is recommended for computer dummies, if you are a veteran I have some steps laid down for you as well, scroll down for ’em.
2> Double click on that downloaded registry file, you will be asked wheather you’re sure to add this to registry, click yes.
3> Restart your system.
4> Delete the file svhost32.exe from your Windows folder, if found.
5> Delete the file svhost.exe from your Windows folder, if found.
6> Lastly, search for: ENET.EXE and delete it if found.
Editing registry manually
1> Close all the browsers. Log out of Yahoo Messenger.
2> Click Start, Run and type this command exactly as given below: (Just copy and paste it as it makes it easier)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
3> To enable task manager : (To kill the process we need to enable task manager)
Click Start, Run and type this command exactly as given below: (Just copy and paste it as it makes it easier)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
4> Now we need to change the default page of IE though regedit.
From the below locations in Regedit chage your default home page to http://arunmvishnu.siteburg.com or other.
HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Replace the foul url with blank page.
5> Now we need to kill the process from back end. Press Ctrl + Alt + Del
Kill the process svhost32.exe . ( may be more than one process is running.. check properly)
6> Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
7> Go to regedit search for svhost and delete all the results you get.
8> Restart the computer.
If you still have problems, in some rare cases you might have, do leave a comment, we can try and find a solution.
my virus was something about facebook. the instant message received was “is that you on this pic? ” and the link. i clicked on it and then something like 01234…facebook downloaded and suddenly yahoo messenger started to send instant messages to my entire list. i keep scanning the computer, but it still works slowly :-s should i follow the same steps ? it’s not the same virus, but does it count? reply as soon as posible, please! thanks!
Gautam H N says
@Miki – Follow the same procedure again. Once you are done with the restart – uninstall yahoo messenger completely and re-install it. that should solve the problem.
Let me know if you still have problems, I’ll try to figure out a solution.
hi. I had the virus before and I followed your instructions and it worked, but it came back like 2 days later. I haven’t clicked on any of the links my virus-ridden friends have sent me. How can I permanently delete this virus and protect myself from it?