Fooled by the nsl-school virus
Today I was fooled by a virus...
I got an offline msg from one of my friends saying "have you ever seen such a silly man like this ? h**p:// nsl-school.org/ ?id=stories"
I happened to click this link and voila, before I could know my machine was infected
Possible symptoms
1) The internet explorer home page changes to h**p:// nsl - school. org/
2) Your yahoo messenger displays a stupid status messsage and sends out similar messages to all your friends
3) Your regedit is disabled
4) Your task manager is disabled
.....
Incase you happen to be one of the unlucky ones who got a similar message from me or any other source and happened to have clicked the link here are steps to clean the virus from your machine (courtesy online search)
So how to remove this manually from your computer ?
1: Close the IE browser. Log out messenger / Remove Internet Cable.
2: To enable RegeditClick Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
3: To enable task manager : (To kill the process we need to enable task manager)Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
4: Now we need to change the default page of IE though regedit.Start>Run>RegeditFrom the below locations in Regedit chage your default home page to google.com or other.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_USERS\Default\Software\Microsoft\Internet Explorer\MainJust
replace the attacker site with google.com or set it to blank page.
5: Now we need to kill the process from back end. Press Ctrl + Alt + DelKill the process svhost32.exe . ( may be more than one process is running.. check properly)
6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
7: Go to regedit search for svhost and delete all the results you get.Start menu > Run > Regedit
8: Restart the computer. That’s it now you are virus free.
I hope this serves the purpose
Sorry for the trouble guys
Till the next blog
adios
-Tejas
I got an offline msg from one of my friends saying "have you ever seen such a silly man like this ? h**p:// nsl-school.org/ ?id=stories"
I happened to click this link and voila, before I could know my machine was infected
Possible symptoms
1) The internet explorer home page changes to h**p:// nsl - school. org/
2) Your yahoo messenger displays a stupid status messsage and sends out similar messages to all your friends
3) Your regedit is disabled
4) Your task manager is disabled
.....
Incase you happen to be one of the unlucky ones who got a similar message from me or any other source and happened to have clicked the link here are steps to clean the virus from your machine (courtesy online search)
So how to remove this manually from your computer ?
1: Close the IE browser. Log out messenger / Remove Internet Cable.
2: To enable RegeditClick Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
3: To enable task manager : (To kill the process we need to enable task manager)Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
4: Now we need to change the default page of IE though regedit.Start>Run>RegeditFrom the below locations in Regedit chage your default home page to google.com or other.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_USERS\Default\Software\Microsoft\Internet Explorer\MainJust
replace the attacker site with google.com or set it to blank page.
5: Now we need to kill the process from back end. Press Ctrl + Alt + DelKill the process svhost32.exe . ( may be more than one process is running.. check properly)
6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
7: Go to regedit search for svhost and delete all the results you get.Start menu > Run > Regedit
8: Restart the computer. That’s it now you are virus free.
I hope this serves the purpose
Sorry for the trouble guys
Till the next blog
adios
-Tejas
posted by Tejas | 4:06 PM
|
1 comments
