Skip to main content

Evading Yahoo! Messenger worms

Dealing with worm-infected Yahoo! Messengers in Windows XP is fun. Just apply the fix. Do not reformat because it is the lazy way of fixing things!


In file fix.reg



REGEDIT4
	
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000 
	
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000 
	
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
	
[HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_buzz]
"content url"=-
	
[HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_Launchcast]
"content url"=-
	
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://eradicus.blogsome.com" 
	
[-HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\Homepage]
	
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Task Manager"=-
	
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svchost"=-

If the worm disabled the Registry, Task Manager, and Run command, fire up a command prompt and do the following.


1. To reactivate the Registry



REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
/v DisableRegistryTools /t REG_DWORD /d 0 /f

2. To reactivate the Task Manager



REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
/v DisableTaskMgr /t REG_DWORD /d 0 /f

Search for svchost.exe and delete the macro equivalent. Be careful! Make sure that it is the macro equivalent, not the system file!

Labels:

Comments

Post a Comment

Popular posts from this blog

Architecture Complexity

Here are the items to consider: Coding to an interface Service Oriented Architecture Automated Testing Domain Driven Design Custom Data Access Layer Layered architecture Complexity is relatively equal the number of lines of code. Note that complexity is not bad. It must be justified.
Post a Comment
Read more

Repair Windows 7 System Files

8 out of 10 average PC users have their box’s system files altered by malwares, viruses, etc. We usually reinstall the OS if the antivirus and anti malware software did not perform their job well. Here’s one way to fix the corrupted system files without the need of restarting your Windows 7 box. 1. Run the Command Prompt as Administrator 2. Type the following command C:\Windows\system32\> sfc /scannow 3. After the verification phase, you will receive a message about your system files’ integrity Windows Resource Protection did not find any integrity violations.
Post a Comment
Read more

Android Studio:Unknown Host Error

After installing Android Studio, I got the following error: Unknown host 'services.gradle.org'. Please ensure the host name is correct. If you are behind an HTTP proxy, please configure the proxy settings either in Android Studio or Gradle. Consult IDE log for more details (Help | Show Log) Solution File --> Settings --> HTTP Proxy --> Auto-detect proxy settings
Post a Comment
Read more