Yahoo! Messenger virus

For last few days, I am getting lot of messages from my friends added in my Yahoo Messenger list. Even after informing them about it, they are unable to help it out. Even I dont know if same thing is happening from my login.

 

It is a worm W32/Sohanad.B which is also known as WORM_SOHANAD.B. So you need to remove this worm. After getting infected, your messenger starts sending links to your contacts automatically.

This worm propagates via Yahoo! Messenger, AIM, Windows Live Messenger or Windows Messenger by sending an instant message to all the contacts of an active user. This message contains a link to a remote copy of itself. When the recipient clicks the link, a copy of this worm is executed on the recipients’ system.

Here are the guidelines for detecting and removing this worm –

 

The examples of the messages sent out by this worm are:

Download free MP3s :
http://{BLOCKED}ncerto4.net?id=music

damn, she is so cute 😡
http://{BLOCKED}ncerto4.net?id=miss_world :x:x:x:x:x

Just check out my new personal website :
http://{BLOCKED}ncerto4.net c0ol !!!

have you ever seen such a sillyman like this ?
http://{BLOCKED}ncerto4.net?id=stories =))

making money online never be easier :
http://{BLOCKED}ncerto4.net?id=tips

Let’s vote for Vietnam’s beauty – Mai Phuong Thuy – for the upcoming Miss World competition : http://{BLOCKED}ncerto4.net?id=vote 😡 !!

Now you can avoid some critical online viruses by updating Windows . Click here to know how to Update your Windows :
http://{BLOCKED}ncerto4.net?id=update_windows

oh my god , i’ve won a 20000 usd lottery :O
http://{BLOCKED}ncerto4.net /?id=winning_list . Come to my house tonight for a party !!

check this link for me :
http://{BLOCKED}ncerto4.net?id=forum . Why I cannot surf this site ???

A new dangerous computer virus that can destroys all your data has just been released . Click here to know how to avoid it :
http://{BLOCKED}ncerto4.net?id=pc_protector

wtf is this ? wanna give me a shit ?
http://{BLOCKED}ncerto4.net /?id=news X-(

you are virus infected . Use this tool to remove viruses from your PC : http://{BLOCKED}ncerto4.net /?id=virus_shield

the only way to clean some online viruses that may lead you into troubles : http://{BLOCKED}ncerto4.net?id=ie_protector <<

They are some examples. The better way is don’t click on suspicious links coming through yahoo messenger.

More info:

http://de.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName

 

Removal Instructions:

 

Here are simple steps following which you can get the worm removed from your system:

Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers.

1) Download this file: http://www.netgautam.com/downloads/apps/S_ad.reg
2) Double click on that downloaded registry file, click yes.
3) Restart your system in safe mode.
4) Delete the file svhost32.exe from your Windows folder( If it is present).
5) Delete the file svhost.exe from your Windows folder( If it is present).
6) Search for: ENET.EXE and delete it if found.
7) Restart your machine
8) Check whether the files said in step 4,5,6 still exists or not.

also check the folloeing link from trendmicro
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FSOHANAD%2EB&VSect=Sn

 

That’s it. Keep updating your antivirus regularly. You can get free antiviruses from:

1) Avast – http://www.avast.com/i_kat_207.php?lang=ENG
2) AVG – http://free.grisoft.com

Leave a Reply

Your email address will not be published.