Monday, November 06, 2006

Yahoo Messenger nsl school virus

Recently, yahoo messenger is been hit by the W32 Sohanad.B worm. Once it infects a computer, it uses the yahoo messenger of logged in user to send messages to friend list containing a link. Most of these links are for sites or If you ever get such a link from any of your friend, don't click on it or your system will be infected too.
As a practice, to safeguard yourself from any of such yahoo messenger viruses, always ask your friend first whether he has sent you any link before clicking on it.
If your system is infected with this virus, you would see frequent sign in/sign off or automatic status change to invisible. I have found few links to help you with removing this. - This seems like the most easy way of removing it. Download and merge the reg file, then delete the offending exe(s).
However, if this does not work for you, you can get a more comprehensive detail for removing it here or here.

P.S. I have found out that these nsl-school links that the virus spreads do not infect your computer if you open them in firefox. Looks like they exploit some IE vulnerability. I have always found it a good idea to make firefox my default browser :-).


  1. Max,
    I agree that it is better to post the fix here. However, the geocities link I have mentioned contains to .reg file to automatically fix the registry which is much easier and safer than fixing it manually as the other links have suggested.
    Putting that .reg file here would be copyright infringement.

  2. Shakti, I'm the one who created that registry fix, I have no problem with anybody copying it and publishing elsewhere, its not copyrighted.

    By the way, there's an alternative method using the VBScript for users who have no admin rights and have regedit disabled in their system. You can find it in my new blog: