Yahoo Messenger virus/trojan/worm

2006-10-04T02:53:00.000-07:00

Last day, a link appeared on an instant messenger window that seemed to be sent by one of my friend. I clicked on it. The link read, "A new virus has been found, click the link to know more and remove it".

After clicking the link, another web page loaded and suddenly my firewall (Sygate Personal firewall, free edition, really recommendable) shown that an applicaiton (somename.exe) is trying to access a remote system. The application name was not familiar for me and I blocked its access. This was the starting of my two day mess.

As soon as I blocked the access, my yahoo messenger's menu automatically activated and
{it performed sending the link which I have got earlier to all in my messenger list.
I found it as an malware activity and I suddenly typed and sent another message not to click on that link.
I loggged off
When I later logged-in, this activity again happened.

I tried with Norton Anti-Virus, but no use.
Then, I tried with ad-aware se personal, it found some errors.
The most interesting tool I have found accidently was SpyWare removal tool at Netscape browser. It detected all the worm and removed it.

I restarted the machine, and on taking the IE, the homepage was again found hijacked. I again run Ad-Aware SE and then, Netscapte spyware removal tool.

The entried I got were, 1. svchost32.exe
2. svhost.exe
3. manina~1.exe

I searched the registry, and the system, and removed all entries found with this name.

I have neither restarted my system nor logged in to Yahoo messenger. After that i will update this.

I m sorry for writing this blog in a very short manner. But time constraint. I will soon update.
}

Regards,
Sajin Kokkad

Words I can say I own...

Yahoo Messenger virus/trojan/worm