Monday, November 06, 2006

Yahoo Messenger nsl school virus

Recently, yahoo messenger is been hit by the W32 Sohanad.B worm. Once it infects a computer, it uses the yahoo messenger of logged in user to send messages to friend list containing a link. Most of these links are for sites nsl-school.org or mytermex.com. If you ever get such a link from any of your friend, don't click on it or your system will be infected too.
As a practice, to safeguard yourself from any of such yahoo messenger viruses, always ask your friend first whether he has sent you any link before clicking on it.
If your system is infected with this virus, you would see frequent sign in/sign off or automatic status change to invisible. I have found few links to help you with removing this.
http://www.geocities.com/avsharath/Removing_W32_Sohana.B_Worm.htm - This seems like the most easy way of removing it. Download and merge the reg file, then delete the offending exe(s).
However, if this does not work for you, you can get a more comprehensive detail for removing it here or here.

P.S. I have found out that these nsl-school links that the virus spreads do not infect your computer if you open them in firefox. Looks like they exploit some IE vulnerability. I have always found it a good idea to make firefox my default browser :-).