How to Clean Ym Virus From Your PC

how do i get rid of the virus in yahoo messenger? it always
Removing the Yahoo / AOL / MSN Messenger Virus Virus Name: W32 Sohanad.B or W32 Sohanad.C This is a worm that spreads itself by sending links to your contacts in
Source: http://answers.yahoo.com/question/index?qid=20061021063508AAck9bc

how to uninstall yahoo messenger at instant registry fixes
How to Uninstall Yahoo Messenger. Filed Under: PC Help & Fixes are frequently facing problems with your Yahoo Messenger and want to remove it from your
Source: http://www.instant-registry-fixes.org/how-to-uninstall-yahoo-messenger/

how to clean msn aol yahoo messenger viruses and worms
MSN Virus Cleaner is a tool that enables you to remove any MSN threats including worms and viruses from your MSN or Windows Live Messenger, AOL, and Yahoo.
Source: http://mytechquest.com/internet/how-to-clean-remove-msn-virus/

clean up virus using trial antivirus jauhari
Lately, I have a problem with local Virus that I just can't remove it directly using Free Antivirus like, Avira, AVG, or Rising Antivirus.
Source: http://www.jauhari.net/clean-up-virus-using-trial-antivirus.jsp

cleaning laptop keyboard
Proper cleaning and lubrication as described here will restore your Do this from all 4 sides to assure penetration and coverage into the small and
Source: http://www.computing.net/howto/simple/keyboard/

Yahoo Messenger virus can update your antivirus program like by downloading some files from websites that have been determined. No doubt, to remove him was somewhat difficult.

Check out 9 steps to clean the most vicious viruses and most disturbing in the beginning of the year 2010 according to analysts viruses from Vaksincom, Adang Jauhar Taufik:

  1. Decide who will clean your computer from the network or internet
  2. Change the name of the file [C: \ Windws \ system32 \ msvbvm60.dll] to [xmsvbvm60.dll] to prevent the virus reactivation during the cleaning process.
  3. Should do the cleaning by using the Tools Windows Live CD Mini PE this is due to some master files and file rootkits masquerading as services and drivers difficult to delete these files will be hidden by the virus. Then boot the computer using software Mini PE Live CD. After that deleting some files iduk virus by:
  • Click the [Mini PE2XT]
  • Click the [Programs]
  • Click the [File Management]
  • Click the [Windows Explorer]
  • Then delete the following files:
    • C: \ Windows \ System32
    • WMI% xxx.exe, where xxx indicate karater random (example: wmispqd.exe, wmisrwt.exe, wmistpl.exe, atu wmisfpj.exe) with file sizes vary depending on the variant that infects the target computer.
    • % xxx%. exe @, where the% xxx% showing random characters (example: qxzv85.exe @) with sizes varying depending on the variant that infects.
    • secupdat.dat
    • C: \ Documents and Settings \% user% \% xx%. Exe, where xx is a random character (example: rllx.exe) with a file size of about 6 kb or 16 kb (depending on the variant that infects).
    • C: \ Windows \ System32 \ drivers
    • Kernelx86.sys
    • % xx%. sys, where xx is a random character who has a size of about 40 KB (example: mojbtjlt.sys or cvxqvksf.sys)
    • Ndisvvan.sys
    • krndrv32.sys
    • C: \ Documents and Settings \% user% \ secupdat.dat
    • C: \ Windows \ INF
    • netsf.inf
    • netsf_m.inf

    4. Remove dubah registry created by the virus, by using the “Avas! Registry Editor”, how:

    • Click the [Mini PE2XT]
    • Click the [Programs]
    • Click the [Registry Tools]
    • Click [Avast! Registry Editor]
    • If the confirmation screen appears Kelik button “Load …..”
    • The delete the registry:

LOCAL_MACHINE_SOFTWARE ü \ microsoft \ windows \ currentverson \ Run \ \ ctfmon.exe
LOCAL_MACHINE_SYSTEM ü \ ControlSet001 \ Services \ \ kernelx86
LOCAL_MACHINE_SYSTEM ü \ CurrentControlSet \ Services \ \ kernelx86
LOCAL_MACHINE_SYSTEM ü \ CurrentControlSet \ Services \ \ passthru
LOCAL_MACHINE_SOFTWARE ü \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ ctfmon.exe
LOCAL_MACHINE_SOFTWARE ü \ microsoft \ Windows NT \ CurrentVersion \ winlogon
§ Change the string value to be Userinit = userinit.exe,
LOCAL_MACHINE_SOFTWARE ü \ microsoft \ Windows NT \ CurrentVersion \ winlogon
§ Change the string value Shell = Explorer.exe becomes
LOCAL_MACHINE_SYSTEM ü \ ControlSet001 \ Services \ \% xx%
LOCAL_MACHINE_SYSTEM ü \ CurrentControlSet \ Services \ \% xx%
LOCAL_MACHINE_SYSTEM ü \ ControlSet002 \ Services \ SharedAccess \ Parameters \ FirewallPolicy \ DomainProfile \ AuthorizedApplications \ List \ \ C: \ windows \ system32 \% file_induk_virus%. exe (example: wmistpl.exe)
LOCAL_MACHINE_SYSTEM ü \ ControlSet002 \ Services \ SharedAccess \ Parameters \ FirewallPolicy \ StandardProfile \ AuthorizedApplications \ List \ \ C: \ windows \ system32 \% file_induk_virus%. exe (example: wmistpl.exe)

Note:% xx% showing random characters, this key is made to run the file. SYS which has the size of 40 KB which is in the directory [C: \ Windows \ system32 \ drivers \]

5. Restart the computer, restore the remaining registry that changed by the virus to copy the following script in notepad and then save with the name repair.inf. Execute the following manner: right-click repair.inf | click install

[Version]

Signature = “$ Chicago $”

Provider = Vaksincom Oyee

[DefaultInstall]

AddReg = UnhookRegKey

DelReg = del

[UnhookRegKey]

HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ batfile \ shell \ open \ command ,,,”"”% 1 “”% * “

HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ comfile \ shell \ open \ command ,,,”"”% 1 “”% * “

HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ exefile \ shell \ open \ command ,,,”"”% 1 “”% * “

HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ piffile \ shell \ open \ command ,,,”"”% 1 “”% * “

HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ regfile \ shell \ open \ command,,, “regedit.exe”% 1 “”

HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ scrfile \ shell \ open \ command ,,,”"”% 1 “”% * “

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, Shell, 0, “Explorer.exe”

HKEY_LOCAL_MACHINE \ software \ microsoft \ ole, EnableDCOM, 0, “Y”

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center, AntiVirusDisableNotify, 0×00010001, 0

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center, FirewallDisableNotify, 0×00010001, 0

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center, AntiVirusOverride, 0×00010001, 0

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center, FirewallOverride, 0×00010001, 0

HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ LSA, restrictanonymous, 0×00010001, 0

HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Control \ LSA, restrictanonymous, 0×00010001, 0

HKLM, SYSTEM \ CurrentControlSet \ Control \ LSA, restrictanonymous, 0×00010001, 0

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ SuperHidden, CheckedValue, 0×00010001, 0

SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ SuperHidden, DefaultValue, 0×00010001, 0

SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ SuperHidden, UncheckedValue, 0×00010001, 1

[del]

HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableRegistryTools

HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableCMD

HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, NoFolderOptions

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, ctfmon.exe

HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ kernelx86

HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Services \ kernelx86

HKLM, SYSTEM \ CurrentControlSet \ Services \ kernelx86

HKLM, SYSTEM \ CurrentControlSet \ Services \ mojbtjlt

HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ mojbtjlt

HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Services \ mojbtjlt

HKEY_LOCAL_MACHINE \ System \ ControlSet001 \ Services \ Passthru

HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows NT \ SystemRestore

HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ windowsupdate, DoNotAllowXPSP2

HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ windowsupdate

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ ctfmon.exe

6. Windows registry fix to restore the computer to boot to “safe mode with command prompt” to download the file FixSafeBoot.reg (Windows XP) at the following address and then run the file the following manner:

o Click the [Start]
o Click [Run]
o Type Regedit.exe and click the [OK]
o On the “Registry Editor”, click the menu [File | Import]
o Determine the file. REG you created new
o Click the [Open]

7. Delete temporary files and temporary Internet files. Please use the tools ATF-Cleaner. Download these tools here.

8. Restore back to the host file in Windows that has been changed by the virus. You can use tools Hoster, please download at the following address.

Click the [Restore MS Hosts File], to restore the Windows hosts file.

9. For optimal cleaning and prevent re-infection, anti-virus scan with up-to-date and was able to detect this virus.

  • Share/Bookmark

Related posts:

  1. Avoiding Data Loss – A Guide To The Best Online Data Storage Websites

Video related to How to Clean Ym Virus From Your PC:

Tags: ,
Posted 19 Jan 2010 by admin in Tips & Tricks

Want to share this Article on your blog?


*copy paste this code on this form for your blogpost. Thanks


Top incoming search terms for this post

Tags:

1 Trackbacks/Pingbacks

  1. Tweets that mention How to clean Yahoo Messenger Ym Virus | UK Cop TechNology and InterNet -- Topsy.com 19 01 10
  2. uberVU - social comments 19 01 10

Your Comment