Removal of WORM_SOHAND.MY

As this is the worm that auto-executes and comes from different means we may need to be cautious while clicking on any link on the internet and in instant messaging. Removal Steps:  Disable System Restore Use process explorer to find the files loaded by WORM_SOHAND.MY that are running as processes kill their processes. Enable registry Editor, Task Manager, and Folder options  Delete the registry value HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run   ...

Read More

Facebook Threat Feasibility

Facebook's advanced search feature has brought some of the vulnerabilities in it to the lime light. If some one sets up a habit as smoking and chooses the option only friends should see it, that profile is being displayed when it is searched by advanced search. It is not blocking unless their profile is being excluded from searches...

Read More

Facebook Threats

Facebook is the most used social networking website now a days which has attracted the hackers and attackers to pay interest on this most famous site. They have attacked in different ways...

Read More

Removal of Worm.TDSS.TX

The Trojan has Drops files, Lowers Internet Explorer(IE) security settings, Modifies the Internet Explorer Zone Settings as the payload. It might have occurred by user visiting a malicious website.  The removal of it will have the following steps : Disable System Restore Deletes the files dropped by the worm that is EXPL_CPLNK.SMA. Restart the computer in Safe mode Check mark Search Hidden Files and Folders checkbox in the More advanced options option to include all hidden files in the search result\ Delete the registry values In HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\international acceptlanguage=en-us In HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION...

Read More

WORM_TDSS.TX

This is a very dangerous threat. It attacks the known vulnerability to drop the EXPL_CPLNK.SMA which drops the routines in to the affected system. It lowers the system security and allows access to malicious sites automatically. Effects: It basically exploits the Zeroday exploit  It also lowers Internet Explorer(IE) security settings, allowing auto access to sites with malicious code to run. To propagate, it drops copies of itself into network shares, thus, making itself available to other users This worm may be unknowingly downloaded by a user while visiting malicious websites It executes then deletes itself afterward It drops an AUTORUN.INF file to automatically execute the copies...

Read More