How to Clean W32 Yahlover Worm
Yahlover is a malicious worm parasite that spreads through Yahoo! Messenger and Autorun.ini files so that it may be automatically executed on your computer when auto-run is enabled. Once it has been executed, it spreads malicious links to all the members in your messenger buddy list. Some of the problems Yahlover worm causes include blocking the registry and rebooting your computer every time you attempt to open the command prompt. To completely remove Yahlover, remove all its registry entries and system files.
Other People Are Reading
Instructions
-
-
1
Click the "Windows "Start" button and click "All Programs." Scroll up and select "Accessories." Scroll down and select "System Tools." Click "System Restore."
-
2
Click the "Create restore point" radio button and click "Next." Type a name for your restore point and click "Create." This will back up your computer system using a restore point you can come back to in case of errors.
-
-
3
Open the Task Manager by pressing "Ctrl," "Alt," and "Delete" together. Click the "Processes" tab. Scroll down and click "csrcs.exe." Click "End Process." Close the Task Manager.
-
4
Click the Windows "Start"button and click "Run" or "Start Search" (Windows Vista users).
-
5
Type "regedit" (without quotes) and press "Enter" to open the registry window. Press "F3" to open the registry search box.
-
6
Search for and delete the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = dword:00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden = dword:00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden = dword:00000002
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue = dword:00000001
HKLM\SOFTWARE\ESET\Nod\CurrentVersion\Modules\AMON\Settings\Config000\Settings\exc = <long hex value>
HKLM\SOFTWARE\ESET\Nod\CurrentVersion\Modules\AMON\Settings\Config000\Settings\exc_num = dword:0000000c
HKLM\SOFTWARE\ESET\Nod\CurrentVersion\Modules\AMON\Settings\Config000\Settings\media_network = dword:00000000
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\csrcs = "%System%\csrcs.exe"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe csrcs.exe"
Exit the registry. -
7
Click the Windows "Start" button and click "Search." Click "All Files and Folders" to open the search box. Click "More Advanced Options" and place a check on all the given options.
-
8
Search for and delete the following files: 21srg698.au3.tb, csrcs.exe
-
9
Empty the recycle bin and restart your computer.
-
1
