Monday, October 23, 2006

Yahoo Messenger nsl-school virus - De vile Messenger




If your computer is infected , this is what you do


  1. Download the file http://www.fundazone.com/antivirus/registry/registry-enable-regedit.reg
  2. Copy these instructions to notepad or word or note it down. Close Internet Explorer ( and Yahoo messenger) . Double click the .reg file and click yes when it asks whether you want to merge the file to the registry. This will enable the regedit and task manager tools and restore your home page and other settings.
  3. Then restart the computer
  4. After restarting Press Ctrl + Alt + Del . Click Processes.
    End the process svhost32.exe . ( may be more than one process is running )
  5. Start> Search > Files and folders. Search for svhost32.exe , svhost.exe and enet.exe
  6. Delete the files found.
  7. Restart for good luck.
Use firefox http://www.fundazone.com/software/firefox/
Firefox is a fast and nice browser with tabs and RSS feeds and cool stuff.


So, the story behind this post ? Once again, another virus spread in all the computers here.
This time, it was a virus using Yahoo Messenger (tm) or MSN messenger to spread itself. (The previous one I wrote about was using a popular social networking site - www.orkut.com . Now this one uses a chatting software (chatting, file sharing, photo album sharing, video conferencing(I even used it for webcasting !), much more) Yahoo Messenger.

Now, How do you know that your computer (or yur friends') has this virus ??

It sends out messages like

(Don't try any of these links !!!)

  • damn, she is so cute http://nsl-school.org?id=miss_world
  • oh my god , i've won a 20000 usd lottery http://nsl-school.org/?id=winning_list . Come to my house tonight for a party !!
  • Just check out my new personal website : http://mytermex.com c0ol !!!
  • check this link for me : http://nsl-school.org?id=forum . Why I cannot surf this site ???

And when you click on these links, it installs the virus in your computer too.



Here's what Suresh Kumar says. ( forums.sureshkumar.net/showthread.php?t=7790 )

I've copied it here for you.

If you are infected with it what is going to happen ?

1: It sets your default IE page to nsl-school.org, you can’t even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.

2: It will disables the Task manager / reg edit. So you can’t kill the Trojan process anymore.

3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe.

you can find these files in windows/ & temp/ directories.

4: It will sends the secured & protected information to attacker

How to remove this manually from your computer ?

1: Close the IE browser.

(IE - Internet Explorer. First copy this article into MS Word or Notepad or something )

Log out messenger / Remove Internet Cable.

2: To enable Regedit

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

3: To enable task manager : (To kill the process we need to enable task manager)

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

4: Now we need to change the default page of IE though regedit. ( regedit is very dangerous if you randomly change stuff in it or delete important setting, so be careful - or make a backup before editing (file -> Export) )

Start>Run>Regedit

From the below locations in Regedit chage your default home page to google.com or other.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main

Just replace the attacker site with google.com or set it to blank page.

5: Now we need to kill the process from back end. Press Ctrl + Alt + Del

Kill the process svhost32.exe . ( may be more than one process is running.. check properly)

6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.

( Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs).( meaning there is an original svchost.exe that is part of Windows - http://support.microsoft.com/kb/314056 )

7: Go to regedit search for svhost and delete all the results you get. ( Be careful )

Start menu > Run > Regedit >

8: Restart the computer. That’s it now you are virus free.


I don’t know whether any removal patch that works for this Trojan/virus. But we can easily delete it manually.


And - use Firefox or something ! Most viruses are written for Internet Explorer ...

Don't open these URLs !!!
Possible Domains Owned by the Developer of this Trojan
http://www.nsl-school.org
http://www.giftshop.vn
http://www.myglobal-news.com
http://www.italiandirectory.com

You can block these URLs in your browser's Security settings.
A good idea for places where many users will use the same computer and inadvertently click the link.

In Internet Explorer , Tools -> Internet Options -> Security -> Restricted Sites -> Sites

Add the above sites in the list !!!

Ah, the tragedy called viruses ...


Use firefox http://www.fundazone.com/software/firefox/
Firefox is a fast and nice browser with tabs and RSS feeds and cool stuff.

Monday, October 02, 2006

The Magic Tap

magictap.JPG


Have you seen a magic tap earlier ?

One that seems to perpetually give water from itself even though it is not connected to any water pipe ?

Take a close look at the picture. It is not a camera trick. Or a computer trick.

Speaking of computer tricks, nowadays, with a good photo editing software (By the way, Google has a good photo organizing software called Picassa, it is there somewhere on my blog sidebar - good to fix up the colurs and brightness and contrast and stuff on photos - automatically too) you can make any sort of unbelievable picture.

Now, about the magic tap, this picture is of a big tap in the middle of a traffic island on the road. I have seen one in a science museum (in Bangalore) which is a normal size tap and I wondered for quite some time how it was done.

The water tap seems to be pouring out water continuously. But where is the water coming from ? There is no other connection to the tap which can carry water. And in the museum tap , the tap was hanging by thin ropes. So that was not a way to let in water either.

But before you go on to theories of spontaneous generation, look at what can be seen . . .

What ? A single place through which water flows. Hmmm ... Heard of co axial tubes or wires ?

Well, that is when one tube is placed inside another. So, if a tube containing water going up is placed inside the stream of water going down, the problem is solved !

So that's how it works. The trick was right in front of our eyes, but didn't see it in the beginning . The eyes do not see waht the mind does not know . . .

How to get N95 Masks in India - कैसे पाएं मास्क? Yellow, White, Blue or Black ?

कैसे पाएं मास्क? पीला, सफेद, नीला या काला? There are many colors of masks available in India of different colors. What is the difference ? W...