This is one of the most powerful Trojan / virus I have ever seen .. If your computer is infected with this virus "It will send NSL-school.org url to all your friends list in yahoo messenger using your ID So with in few hours many of your friends will get infected with it ..
I do not know the actual target of the idiot who created it. Perhaps to advertise his site or steal very imp data from your computer. I solve the problem manually from the 2 PC is infected. Just go through the steps below carefully.
What is the link?:
NSL-school.org or other (Do not open the url in your browser.)
If you are infected with it what will happen?
- It sets your default IE page for NSL-school.org, you can not even change it back to other pages. If you open IE from your comp some malicious code will automatically generate a run to your computer.
- This will disable the Task manager / reg edit. So you can not kill the Trojan process anymore.
- Files that will be installed by this virus is svhost.exe, svhost32.exe, internat.exe.
- You can find these files in windows / temp / directory.
- This will send the information secured and protected for the attacker
How to manually remove from your computer?
1. Close the IE browser. Log out messenger / Remove Internet Cable.
2. To enable Regedit Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU \ Software \ Microsoft \ Windows \ \ CurrentVersion Policies \ System / v DisableRegistryTools / t REG_DWORD / d 0 / f
3. To enable task manager: (To kill the process we need to enable task manager)
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU \ Software \ Microsoft \ Windows \ \ CurrentVersion Policies \ System / v DisableTaskMgr / t REG_DWORD / d 0 / f
4. Now we need to change the default page of IE though regedit.
Start> Run Regedit>
From below locations in Regedit change your default home page to google.com or other.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ Main
HKEY_ LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Main
HKEY_USERS \ Default \ Software \ Microsoft \ Internet Explorer \ Main
Just replace the attacker site with google.com or set to blank pages.
5. Now we need to kill the process from back end. Press Ctrl + Alt + Del
Killing svhost32.exe process. (Probably more than one process running .. check it right)
6. svhost32.exe Delete, svhost.exe files from the Windows / temp / directory. Or just looking for svhost in your comp .. delete the files.
7. Go to regedit search for svhost and delete all the results you get.
Start Menu> Run> regedit>
8. Restart the computer. That's it now you are virus free.
I do not know if there is a patch that works for the elimination of this trojan / virus. But we can easily remove them manually.
No comments:
Post a Comment