Posted by Rio S.
I’m writing this on Windows safe mode, and if you’ve ever been hit by a computer virus, you’d know what I’m doing right now – scanning my PC.
I had fired up my PC again after a couple of hours of trying to sleep (insomnia attack) and logged on to my usual haunts. Gmail, Yahoo Messenger!, Cabal, and Multiply, among others. A few minutes later, a contact from YM sent me gibberish and a link. After sending me the message, the contact immediately went offline. (Hit and run messages that contain links should ring the bells in your head.)
Now folks, here’s something you need to know about YM. Its security system consists of nothing but a potato and some pieces of tape (read: absolutely useless or totally nonexistent). So if you don’t want to get icky viruses, trojans, or worms running around in your computer (or if you don’t want to get rick rolled), here’s a piece of advice: Do not be click trigger happy. It’s good to be curious, but at least be careful. Before opening anything, do a quick search in Google.
Here’s the message I got:
Tha nguoi dung noi se yeu minh toi mai thoi thi gio day toi se vui hon. Gio nguoi lac loi buoc chan ve noi xa xoi, cay dang chi rieng minh toi… [link]
At first glance, I thought the message was in Thai, but a couple of searches in Google later, I found that it was in Vietnamese. Oooh, useless information. Another curious thing that I found in the Google search results (more than 300k search results for an entire sentence verbatim is another indicator that something is wrong) is that the said message is the harbinger of W32.Svich, a worm.
W32.Svich is a low threat level worm, but as we all know, those things can get annoying. Annoying how? Well, here are the removal instructions:
1. Temporarily Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Reboot computer in SafeMode.
4. Run a full system scan and clean/delete all infected files.
5. Delete/Modify any values added to the registry.
6. Exit registry editor and restart the computer.<<Selection in Document>>
7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.
(I’m sure Ma. Monte’s nose would be bleeding by step number 5.) Note that I did not click the link, but I’m double checking anyway since my PC is my beast/thing of burden. (No PC = Chiyo starves.) Lesson for the day: Better safe than sorry.
How do you accomplish step number one??!?
Right click My Computer, Properties, System Restore Tab. Check “Turn off System Restore” or something to that effect.