About Yahoo Messenger Viruses

The first time I encountered this problem was two weeks ago. I was using my PC when an instant message from my niece suddenly popped up. To my surprise, the message with some clickable link in it was written in Thai! Right there, I knew it didn't come from my niece. Ignoring the message, I closed the YM window. After a few minutes, another message popped up. Then followed by another, and another, and another... Annoyed, I removed my niece from my YM's contact list.

After a week, I received a similar instant message from my sister-in-law. This time, the message was an invitation to view some photos in some website by clicking the provided link. Since there was no other note included, I suspected that the message was not from her. My suspicion was confirmed when after a few seconds, another message was sent. Hmm, another compromised messenger account, I thought. I sent a message back and advised her to change her messenger password ASAP.

I initially thought that this was some kind of an instant messaging spam. After running a search in Google, I realized that it is even worse. There seems to be two forms of attack, one is an actual virus/worm that spreads via instant messaging and the other is a phishing attack launched against YM users. For the latter, the attack usually starts with an instant message from the user's contact list. The message usually includes a link to a Yahoo-looking site requiring visitors to login and thus revealing their yahoo id and password. The phisher then uses this information to trick other YM users in the contact list of the compromised account. Worse, the phisher also gains access to all personal information in the user's other Yahoo accounts such as emails, photos, groups, etc.

The virus/worm version is reported to take control of your messenger, and send messages with website links to your contact list without your knowledge. When the link is clicked, the virus downloads a copy of itself to the user's PC, disables the registry editor and task manager, hijacks Internet Explorer homepage, and leads users to sites that automatically install malicious softwares on their PCs. Moreover, there seems to be several variants of this virus/worm out there: Yh032.explr, w32.KMeth, Worm_Sohanad.B, etc.

Y! Messenger viruses take advantage of the program's vulnerabilities that come with Java script and VBS. You can be infected simply by clicking a link to a picture (.JPG). When the page presenting that picture loads, java scripting run's a VBS (visual basic script - works on any Windows machine) that rewrites data on your harddisk. After you get infected, the virus starts sending mass messages to all contacts in your list asking them to follow a link, like in the example bellow. The messages vary, being generated randomly from different keywords from the virus's database.

If you are already infected, the easiest way to remove the virus/worm is to use system restore if you are using Windows XP. See Microsoft Help for details. Be sure to choose a restore point before you got the virus/worm and then scan your system for any signs of the virus/worm after the restore.  Update your PC regularly and use an up-to-date antivirus program. If this doesn't work, you can try to do the next steps:


1: Close the IE browser. Log out messenger / Remove Internet Cable.

2: To enable Regedit

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

3: To enable task manager : (To kill the process we need to enable task manager)

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

4: Now we need to change the default page of IE though regedit.

Start>Run>Regedit

From the below locations in Regedit chage your default home page to google.com or other.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main

Just replace the attacker site with google.com or set it to blank page.

5: Now we need to kill the process from back end. Press Ctrl + Alt + Del

Kill the process svhost32.exe . ( may be more than one process is running.. check properly)

6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.

7: Go to regedit search for svhost and delete all the results you get.

Start menu > Run > Regedit >

8: Restart the computer. That’s it now you are virus free.

I don’t know whether any removal patch that works for such Trojans/viruses. But we can easily delete them manually.

How to Record&Save Yahoo Messenger Webcam Video

Do you want to record webcam video of video chat done through Yahoo Messenger? EatCam Webcam recorder software makes this process real easy and allows you to record video chat webcam videos also from MSN, ICQ, and AIM. You can save the output in AVI, FLV, WMV video format and play recorded videos anytime you like.

Besides the video, it also records audio stream giving complete video experience. Audio can be recorded from any source including: microphone, line-in or speakers. Free edition has few limitation but works well recording video from any one messenger client among Yahoo, AIM, ICQ, MSN.

For example, if you use Yahoo Messenger, you can download free EatCam webcam recorder software for Yahoo messenger to record videos in AVI format. Download EatCame Webcam recorder to record webcam videos on the fly in few simple clicks.

Yahoo Messenger and alternate chat solutions

Did you ever been in a situation when you really have to chat with your friends and you are reaching at a computer with internet but which didn't have the Yahoo Messenger installed? Well I was in such situation and I was really mad, but luckily I discovered alternative solutions: the web based (browser) Messenger services.Just Open Internet Explorer/FF, type in the username/password for the IM services you want to stay connected and start having fun… I mean chatting. Here is list of such wonderful services:

1. Meebo - It tops the list beacause personally I love it. Nice clean interface and one service that never lets you down. No registeration is required and can be used to connect to Gtalk, Yahoo, AIM, Msn. Also you can Meebo widget to embed chat service on your website/blog.

2. Mabber - Besides the web based chat interface you can also embed its widget on a website/blog. You can also use this service on your mobile phone and stay upto date with instant alerts.

3. Easy Messenger - A free instant messenger service that runs entirely from your web browser. Combine your MSN, ICQ, AIM, Yahoo! and Jabber contacts into one solution. With the build-in RSS reader you can also stay up-to-date with your favorite RSS feeds.

4. Kool IM - Another Web based messenger comes with cool interface. It provides Firefox add on to use this service in browser sidebar and supports AIM, ICQ, MSN, Yahoo, Google Talk.

5. All New Chikka - Besides web based IM access for AIM, ICQ, MSN, Google Talk and Yahoo, it also offer Free two way PC-to-mobile messaging.. yes it is free.

Out of above, Meebo is my sure shot favorites. Besides these, there are so many other website that offer similar service like: IMunitive, imo.im, Snimer, ebuddy.  Enjoy and happy chatting!