How to remove Yahoo Messenger Worm Krishnan General, Security Is your messenger sending links to your contacts automatically ? Your machine is worm infected.. W32/Sohanad.B Worm -This Worm is also known as WORM_SOHANAD.B . This worm propagates via Yahoo! Messenger, AIM, Windows Live Messenger or Windows Messenger by sending an instant message to all the contacts of an active user. This message contains a link to a remote copy of itself. When the recipient clicks the link, a copy of this worm is executed on the recipients' system. The details of the message sent out by this worm are: (these are some examples but there are few more) Download free MP3s : http://{BLOCKED}ncerto4.net?id=music damn, she is so cute :x http://{BLOCKED}ncerto4.net?id=miss_world :x:x:x:x:x Just check out my new personal website : http://{BLOCKED}ncerto4.net c0ol !!! have you ever seen such a sillyman like this ? http://{BLOCKED}ncerto4.net?id=stories =)) making money online never be easier : http://{BLOCKED}ncerto4.net?id=tips >< Let's vote for Vietnam's beauty - Mai Phuong Thuy - for the upcoming Miss World competition : http://{BLOCKED}ncerto4.net?id=vote :x !! Now you can avoid some critical online viruses by updating Windows . Click here to know how to Update your Windows : http://{BLOCKED}ncerto4.net?id=update_windows oh my god , i've won a 20000 usd lottery :O http://{BLOCKED}ncerto4.net /?id=winning_list . Come to my house tonight for a party !! >< check this link for me : http://{BLOCKED}ncerto4.net?id=forum . Why I cannot surf this site ??? A new dangerous computer virus that can destroys all your data has just been released . Click here to know how to avoid it : http://{BLOCKED}ncerto4.net?id=pc_protector wtf is this ? wanna give me a shit ? http://{BLOCKED}ncerto4.net /?id=news X-( you are virus infected . Use this tool to remove viruses from your PC : http://{BLOCKED}ncerto4.net /?id=virus_shield the only way to clean some online viruses that may lead you into troubles : http://{BLOCKED}ncerto4.net?id=ie_protector << They are some examples. The better way is don't click on suspicious links coming through yahoo messenger. More info: http://de.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=WORM_SOHANAD.B Removing the W32 Sohanad.B Worm Instructions Here are simple steps following which you can get the worm removed from your system: Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers. 1) Download this file: http://files.myopera.com/krishnan/Blog/RepairRegistry.reg 2) Double click on that downloaded registry file, click yes. 3) Restart your system in safe mode. 4) Delete the file svhost32.exe from your Windows folder( If it is present). 5) Delete the file svhost.exe from your Windows folder( If it is present). 6) Search for: ENET.EXE and delete it if found. 7) Restart your machine 8) Check whether the files said in step 4,5,6 still exists or not. also check the folloeing link from trendmicro http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FSOHANAD%2EB&VSect=Sn Thats all.... Update your antivirus regulerly. If you dont have an antivirus you can get it free from 1) Avast - http://www.avast.com/i_kat_207.php?lang=ENG 2) AVG - http://free.grisoft.com They are also very good antivirus programs. If you are using a pirated version or cracked version of Symantec or McAfee using these two will be better than that.