If your computer is infected with this powerful Trojan /virus, it sends the nsl-school.org url to all of your friend list in yahoo messenger using your ID and expect that in only a few hours many of your friends will get infected with it.
So how to remove this manually from your computer ?
- Close the IE browser. Log out messenger / Remove Internet Cable.
- To enable Regedit
- Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f - To enable task manager : (To kill the process we need to enable task manager)
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f - Now we need to change the default page of IE though regedit.
Start>Run>Regedit
From the below locations in Regedit chage your default home page to google.com or other.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main
Just replace the attacker site with google.com or set it to blank page. - Now we need to kill the process from back end. Press Ctrl + Alt + Del
Kill the process svhost32.exe . ( may be more than one process is running.. check properly) - Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
- Go to regedit search for svhost and delete all the results you get.
Start menu > Run > Regedit > - Restart the computer.
That's it now you are virus free.
No comments:
Post a Comment