how do i stop my yahoo msg from popping msgs to contacts? this often contains silly sites more or less like a virus do i have to format my system to get it off?help!

Ooops! Dearie, you've been hit by a virus! It spreads itself as links to all your contacts that are online. I guess you got infected when you clicked on a similar unsolicited link sent to you. Advice: Avoid clicking on suspicious links that friends might forward, it could be a virus!

Well, I have been receiving this kind of links for a while but never did click on any.

It has been reported to do some or all of this:

1: It sets your default IE page to the virus name (nsl-school.org ,coolpics.net), you can’t even change it back to other pages. If you open IE on your computer, some malicious code will automatically be executed.

2: It disables the Task manager / registry editor. So you can’t kill the Trojan process anymore. Smart move!!!

3: Files that are gonna be installed by this virus are svhost.exe , svhost32.exe , internat.exe. You can find these files in %\windows & temp\ directories.

4: It will send secured & protected information on your system to attacker!!! Watch out!

There are so many variations of these malware out there but the most common ones are nsl-school.org , lottery-news.info and coolpics.net malwares. Can you post a copy of the link your contacts get? This would help us provide a solution.

To Remove This:

Sign out of yahoo, make sure you exit the program totally, not just sign out. Then run a total scan of your system using a good AVP like Kaspersky, AVG.

thanks, the silly thing shows cool pictures website and it set itself as my homepage,and that i've already blocked.but it keeps sending stuf like check my cool pics and guess whose image,  and stuff like that. i use symantec antivirus and it does not seem to be working.its gettin quite embarraasing.so do i need to really format my system?how do i get it off?

Funny your symantec AVP can't fix it.
well, there's another option:

I have attached a file to this post. It contains 2 files:
- BFU.exe
- coolpics.bfu   (contains a script to remove the malware(alters some registry settings, deletes some files and kills some processes).


Now, unzip the file BFU.zip to the "c:" root directory or anywhere. Click on it. In the field that requests which scriptfile to execute, browse to the location of the coolpics.bfu file.
Next, click on the EXECUTE button.

Wait for it to finish its bizness, and then restart the system! You should be on a home run from there on wit no virus!.

@ Maleeq,
is there any online source of bfu scripts?
i had the coolpics once
viruscan enterprise couldn't do anything bc one of the files lsass.exe was running

I dont really know any online source for *.bfu files but there's not big deal to it. You can write yours! that;s if you know what you are going to delete, modify or processes to kill.

You have to be careful there's a virus that runs a process "isass.exe". I have never used virusscan so I can say much about it's efficiency.

Is your system free of the virus now?

yep
i cleaned it the day i got it.I actaully put up a post on its removal.i had to use regtoy(to restore regedit), process explorer since taskmanager was disabled(not that it matters, i've set process explorer to default)the only fly in the ointment is that I was unable to restore my folder options.

maleeq thanks alot, 'preciate it really

but the problem is i really dont know where the cool pics is located in the files where do you think it may likely be located coz i can't seem to find it.

google newfolder.exe
you should find instructions on any number of tech forums.

@jiddah

It's in the zipped file I attached to my previous post. Check for the post that has "BFU.zip" attached to it. The "coolpics" file is in it.

@jiddar,
Thanks gal for that post, I almost got embarrassed when a colleague in sales compained to me on such problem. I scanned the entire system with my AVG but it didn't work.
@ Malleq,
Thanks for providing the solution by answering Jiddar questions.
Thanks man

@maleeq

thanks alot.my system is actually virus free now.

Guy dont worry it only takes a little while it would gn off by itself dont worry just be patient it is a temporary virus and it would leave within a short time.

Guy dont worry it only takes a little while it would gn off by itself dont worry just be patient it is a temporary virus and it would leave within a short time.

it took too long for the frigging thing to leave,had to brutally remove the damn thing-courtesy maleeq.
and that saved me all the embarrassment.