Yahoo Messenger Trojan “http://clip24h.com/”

See something like this on your Yahoo Messenger?

😦 the page cannot be displayed http://clip24h.com/error.jpg Something was wrong !!! Check it again and tell me later. THanks

hot pics this week http://clip24h.com/hot.jpg 😡

😉 1 of my vacation pictures http://clip24h.com/vacation2.jpg <:-P

Do you realize who is in this image: http://clip24h.com/who.jpg. Just think for a moment and tell me soon ;))

* please do not follow/click the links

This is a trojan that can harm your PC. Be carefull! How to fix it? use hijackthis, this great tool often use to fix/repair your infected system. One of my friend already try it and it works.

Related Links:
http://www.routertech.org/viewtopic.php?p=12822
find clip24h.com at answers.yahoo.com


NOTE! DO NOT FOLLOW/CLICK ANY LINKS on Your IM Client, confirm to the sender first !
If you’re Indonesian: jangan sekali-kali klik link di YM Anda, apalagi pesannya tidak jelas, dan biasanya pake bhs. inggris, konfirmasi terlebih dahulu kepada pengirimnya.

Technorati Tags: , , ,

3 responses to “Yahoo Messenger Trojan “http://clip24h.com/”

  1. Solution of Such a virus ot Torjan
    *****************************************************************************
    0. Search all IExporer.exe and Explorer.exe if it’s in temp directory Delete it and Restart your Computer
    *****************************************************************************

    *****************************************************************************
    1. Copy the following code in a file and save as getregbk.inf
    *****************************************************************************

    [Version]
    Signature=”$OS-Control$”
    Provider=SP

    [DefaultInstall]
    AddReg=UnhookRegKey

    [UnhookRegKey]
    HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
    HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
    HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
    HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
    HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “”%1″””
    HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0

    *****************************************************************************

    2. Install the right click the getregbk.inf and selecting Install from popup
    *****************************************************************************

    *****************************************************************************
    3. Copy the following code in a file and save as getregbk.reg
    *****************************************************************************
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    “DisableTaskMgr”=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    “DisableTaskMgr”=dword:00000000

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    “DisableRegistryTools”=dword:00000000

    [HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_buzz]
    “content url”=-

    [HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_Launchcast]
    “content url”=-

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    “Start Page” = “http://www.yahoo.com”

    [-HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\Homepage]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    “Task Manager”=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    “Svchost”=-

    *****************************************************************************

    *****************************************************************************

    4. Right click the getregbk.reg and selecting mearge from popup
    *****************************************************************************

    *****************************************************************************
    5. Enable Run in start
    ****************************************************************************
    Open command prompt type regedit to open registry editor.
    Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    Double-click NoRun on the right pane and change it to from 1 to 0.
    To restore the Run command, reverse the steps by changing 0 to 1.

    *****************************************************************************
    6. Get Default Page in internet explorer
    *****************************************************************************

    HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
    Double-click Homepage on the right pane and change it to from 1 to 0.
    Open any local stored .html or other web page or turn internet off and then open internet explorer
    set the default page as blank or page of your choice

    *****************************************************************************

    Suka

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s