Coutsonif.A virus attacks that threaten the user's Yahoo Messenger and Skype should pay attention. This virus spreads by sending itself to all contacts in the address of the application from the infected computer.
Message at a glance like a message in general. But do not click the link to a given, though sent by your friend. The message was not sent by your colleagues, but by viruses that have been successful partners with your computer system.
Well, if already infected, then it will automatically create a random file name with the extension .Tmp and .Exe that will be stored in the directory [C: \ Documents and Settings \% username% \ Local Settings \ Temp] with the name of the different .
If you are like this, the user can only calm and not on the internet again. Moreover, can do reputation is damaged because of allegedly spreading the virus as well. For the friends of the recipient of a suspect who deliberately harm themselves with spent virus.
So, before the incident occurred. There are 6 well you see how right to eradicate destructive virus that attacks the good name of a chat application such as this tell Vaksincom:
1. Disable 'System Restore' during the cleaning process.
2. Disable Windows autorun, so the virus can not be activated automatically when the access to the drive / flash disk.
- Click the 'start'
- Click 'run'
- Type 'GPEDIT.MSC', without quotes. Then the screen will display 'Group Policy'
- In the 'Computer Configuration and User Configuration,' click 'Administrative templates'
- Click the 'System'
- Right click on 'Turn On Autoplay', select 'Properties'. Then the screen will appear 'on Tun Autoplay propeties'
- In the tabulation 'Settings', select' Enabled '
- In the 'Tun off Autoplay on' select 'All drives'
- Click 'Ok'
3. Turn off the virus, use the tools' security task manager 'and delete the file [sysmgr.exe, vshost.exe, winservices.exe, *. tmp]
Just a note,. Tmp files that have indicated an extension TMP [example: 5755.tmp]. Right-click on the file and select 'Remove', select the option 'Move files to Quarantine'.
4. Repair registry that has been modified by the virus. To speed up the process of elimination, please copy the script below on the notepad program and save it with the name repair.inf. Run the file in the following manner: repair.inf Right-click, and select install.
Just a note,. Tmp files that have indicated an extension TMP [example: 5755.tmp]. Right-click on the file and select 'Remove', select the option 'Move files to Quarantine'.
4. Repair registry that has been modified by the virus. To speed up the process of elimination, please copy the script below on the notepad program and save it with the name repair.inf. Run the file in the following manner: repair.inf Right-click, and select install.
[Version]
Signature = "$ Chicago $"
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
HKCU, SessionInformation, ProgramCount, 0x00010001, 3
HKCU, AppEvents \ schemes \ Apps \ Explorer \ BlockedPopup \. Current,,, "C: \ WINDOWS \ media \ Windows XP Pop-up Blocked.wav"
HKCU, AppEvents \ schemes \ Apps \ Explorer \ EmptyRecycleBin \. Current,,, "C: \ Windows \ media \ Windows XP Recycle.wav"
HKCU, AppEvents \ schemes \ Apps \ Explorer \ Navigating \. Current,,, "C: \ Windows \ media \ Windows XP Start.wav"
HKCU, AppEvents \ schemes \ Apps \ Explorer \ SecurityBand \. Current,,, "C: \ WINDOWS \ media \ Windows XP Information Bar.wav"
[del]
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Microsoft (R) System Manager
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Run, help bMaxUserPortWindows Service
HKLM, SYSTEM \ CurrentControlSet \ Services \ TCPIP \ Parameters, MaxUserPort
5. Remove virus file below:
6. For optimal cleaning and prevent re-infection, please use the antivirus can detect and eradicate this virus up to date. You can also download tools in Norman Malware Cleaner here..Signature = "$ Chicago $"
Provider = Vaksincom Oyee
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKLM, Software \ CLASSES \ batfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ comfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ exefile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ piffile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, Software \ CLASSES \ regfile \ shell \ open \ command,,, "regedit.exe"% 1 ""
HKLM, Software \ CLASSES \ scrfile \ shell \ open \ command ,,,"""% 1 ""% * "
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, "Explorer.exe"
HKCU, SessionInformation, ProgramCount, 0x00010001, 3
HKCU, AppEvents \ schemes \ Apps \ Explorer \ BlockedPopup \. Current,,, "C: \ WINDOWS \ media \ Windows XP Pop-up Blocked.wav"
HKCU, AppEvents \ schemes \ Apps \ Explorer \ EmptyRecycleBin \. Current,,, "C: \ Windows \ media \ Windows XP Recycle.wav"
HKCU, AppEvents \ schemes \ Apps \ Explorer \ Navigating \. Current,,, "C: \ Windows \ media \ Windows XP Start.wav"
HKCU, AppEvents \ schemes \ Apps \ Explorer \ SecurityBand \. Current,,, "C: \ WINDOWS \ media \ Windows XP Information Bar.wav"
[del]
HKLM, SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, Microsoft (R) System Manager
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Run, help bMaxUserPortWindows Service
HKLM, SYSTEM \ CurrentControlSet \ Services \ TCPIP \ Parameters, MaxUserPort
5. Remove virus file below:
- C: \ vshost.exe [all drives]
- C: \ autorun.inf [all drives]
- C: \ RECYCLER \ S-1-5-21-9949614401-9544371273-983011715-7040 \ winservices.exe
- C: \ Documents and Settings \% username% \ Local Settings \ Temp
- A415.tmp [random]
- 034.exe [random]
- Lady_Eats_Her_Shit - www.youtube.com
- C: \ WINDOWS \ system32 \ sysmgr.exe
- C: \ WINDOWS \ Temp \ 5755.tmp
- C: \ windows \ system32 \ crypts.dll
- C: \ windows \ system32 \ msvcrt2.dll
Source: http://worldlightinformation.blogspot.com
3 comments:
thank you for your help ;)
Hello, thanks for posting this information, I was trying to find information on this topic –this was very helpful.
This blog post is very helpful. Thanks for sharing the article.
Post a Comment
Please, give your comment about this antivirus here!