Bahaya Virus sebaran dari Yahoo Messenger - Sohanad.AE

Portal Blog yang mengupas, mengulas dan mengkritik serta berkongsi isu semasa yang Tidak anda ketahui dari Sabah dan Sarawak. Kongsikan pendapat atau apa jua Isu dengan Pembaca disini. ❂ admin@pengerindu.com ❂
"Terbaek. Pengetahuan yg luas dan sungguh menghiburkan para pembaca lagipun dgn brita terkini yg tepat dan padat. " - Jesrim Akok ✌ "macam macam ada..utk di kongsi bersama...nang best juak..teruskan usaha murni anda mr J. " - Habsah Mo C D ✌ "1borneo ba..sporting.. " - Dekmon Alan ✌ "macam2 ada..best!! terbaikkk!!! " - Anastasia Julie Lobert
Mungkin anda diluar sana yang merupakan penguna Yahoo Messenger pernah menerima pesanan yang menyuruh anda mendownload daripada profile ID rakan anda sedangkan itu sebenarnya bukanlah rakan anda dan itu adalah virus yang mengakses Yahoo Messenger rakan anda .

http://i302.photobucket.com/albums/nn86/loveanday/virus-yahoo-messenger.jpg
Contoh serangan di Yahoo Messenger.


Pernah terjadi suatu ketika dahulu pada pengeRindu dimana saya bergaduh dengan rakan YM saya atas atau sebab saya tidak mengetahui Virus tersebut dan memarah rakan saya dengan mengatakan " aper ni bro , hantar benda bukan - bukan " dan dia terus jawap " mana ada aku hantar".

Cara - cara untuk mengelak daripada Virus Sohanad.AE


Sohanad.AE is a worm that enters as a downloaded file through Yahoo Messenger, infects windows. Upon execution it disables the Windows Task Manager and Registry Editor and copies itself as SVCHOST32.EXE and SVHOST.EXE in the Windows folder which is different than the windows system file SVCHOST.EXE

The worm modifies registry and loads itself during each startup.

HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run

It also creates the following registry keys to modify the settings of Yahoo Messenger

HKEY_CURRENT_USER\ Software\ Yahoo\ pager\ View\ YMSGR_buzz HKEY_CURRENT_USER\ Software\ Yahoo\ pager\ View\ YMSGR_Launchcast

It changes the Internet Explorer (IE) home page to coolpics.net

This worm spreads through Yahoo Messenger by sending an instant message to all the contacts of an active user. This message contains a link to a remote copy of itself. When the recipient clicks the link, a copy of this worm is downloaded and executed on the recipients’ system.

(Below are removal instructions. You may print this page for easy reference)

Enable Task Manager and Registry Editor

Open Notepad and copy and paste the following:

On Error Resume Next
Set shl = CreateObject(”WScript.Shell”)
Set fso = CreateObject(”scripting.FileSystemObject”)
shl.RegDelete “HKCU\Software\Microsoft\Windows\CurrentVersion\
Policies\System\DisableRegistryTools”
shl.RegDelete “HKCU\Software\Microsoft\Windows\CurrentVersion\
Policies\System\DisableTaskMgr”

Save this file with .VBS extension.
While saving enter the name in double quotes and select all files from the save as type in notepad.
For the ease of use, save the file on desktop.
for example “filename.vbs”
When the file is saved as a vbs file then the file icon changes as a VBScript script file.
Execute the file. Double click on the file name to execute.

Click Yes at the prompt of the message box.
Click Ok.

Disable system restore

disable System Restore in Windows ME and xp.

Click on start > all programs > Accessories > System Tools > System Restore
Click on System Restore settings.
Check the box to Turn off system restore on all drives.
press apply. press ok.

Delete svhost.exe and svchost32.exe

search and delete files named svhost.exe and svchost32.exe
Your windows system file is svchost.exe, do not delete it.
Observe the difference and the missing c.
The worm creates svhost.exe and svchost32.exe
whereas windows system file is svchost.exe

Remove Autostart Entries from Registry

(If the worm has not executed yet then the entries below will be absent.)

Open Registry Editor. start > run. Type regedit. Press ok.

In the left panel double click on the following entries

HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
Windows>CurrentVersion>Run

In the right panel, locate and delete the following entries

Task Manager = “%Windows%\system\svchost32.exe”
Svchost = “%Windows%\system\svhost.exe”

(%Windows% is the Windows folder, C:\Windows or C:\WINNT

Be careful not to remove svchost.exe which is a windows system file)

Remove Keys and Entries

In the left panel double click on the following entries
HKEY_CURRENT_USER>Software>Yahoo>pager>View

in the left panel locate and delete the following keys:
YMSGR_buzz
YMSGR_Launchcast

In the left panel double click on the following entry

HKEY_CURRENT_USER>Software>Policies>Microsoft>
Internet Explorer>Control Panel

In the right panel locate and delete the entry
Homepage = “1″

In the left panel double click on the following entries
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Policies>Explorer

In the right panel locate and delete the entry
NoRun = “1″

Close Registry Editor.

Reset IE Home Page and Search Page

Close all browser (IE) windows.
Click Start>Settings>Control Panel.
Double click on Internet Options.
In the Internet Properties window click the Programs tab.
Click the Reset Web Settings button.
Select “Also reset my home page”.
Click Yes.
Click OK.

soucre : hackers-diary



Salam ceria ,
Mr. J
http://www.pengerindu.com/
http://jacky.pengerindu.com/
(Blog Bahasa Iban)
Subscribe untuk mendapatkan 10 ebook Percuma.


Link Adv RM10 Monthly :Berani Tengok-Ejen Prepaid-Radio IkonFM
Translate This Blog : English * Chinese * German * Japan * Korea * Arabic * Filipino * Thai * Hindi *

Bookmark and Share Jom! Tonton Tv Online: [Tv1] [Tv2] [Tv3] @ Belajar Bahasa Iban?
Download Mp3 Sarawak , Malay Mp3 , Techno Mp3 . [#Blog Trick & Tips]

Dapatkan Artikel terbaru dan 10 ebook Percuma daripada www.pengeRindu.com serta artikel terbaru terus ke email anda. Sila masukkan email anda dibawah:

Penghantaran ditaja oleh FeedBurner

Related Posts Plugin for WordPress, Blogger...
 SABAHSARAWAK
Bila Mr J Menaip
 ARTIKEL KIRIMAN EMEL PEMBACA ► Sila Hantar ke admin@pengerindu.com
+PENDAPAT  +KOMEN WWW.PENGERINDU.COM► server ↑ 97%  
Stastitik

PENGERINDU.COM. Dikuasakan oleh Blogger.
 
Copyright © 2009 - 2015 www.pengeRindu.com - Bukan Sekadar Weblog Biasa | Voice of The People Sabah / Sarawak | Rise of DAYAK- All Rights Reserved ©