My Personal Blog

Sohanad Worm Removal Tool

Sohanad is a worm that spreads itself by sending links to your contacts in messengers like Yahoo, AOL and Windows Live messengers. It changes the Internet Explorer (IE) home page and doesn’t let you change the homepage address. It also disables Registry Editor, Task Manager and the Run option in Start-menu.

It tries to download some files:

– The location is the following:
• http://st83.startlogic.com/**********/Gallery/albums/data/YMworm.exe
It is saved on the local hard drive under: %SYSDIR%\svchost.exe Furthermore this file gets executed after it was fully downloaded. At the time of writing this file was not online for further investigation.

– The location is the following:
• http://st83.startlogic.com/**********/Gallery/albums/data/worm2007.exe
It is saved on the local hard drive under: %SYSDIR%\svchost32.exe Furthermore this file gets executed after it was fully downloaded. At the time of writing this file was not online for further investigation.

The details of the message sent out by this worm are;

Do you realize who is in this image: http://{BLOCKED}coolpics.net/who.jpg . Just think for a moment and tell me soon ;))
who is beside you in this pic http://thecoolpics.net/friendpic1.jpg so good-looking
the page cannot be displayed http://{BLOCKED}coolpics.net/error.jpg Something was wrong !!! Check it again and tell me later. THanks
Images shot in Iraq _ The war will never end http://{BLOCKED}coolpics.net/Iraqwar.jpg << Miss World 2006: http://{BLOCKED}coolpics.net/MissWorld.jpg !! <<
oh my god , i’ve won a 20000 usd lottery :O http://{BLOCKED}coolpics.net/mylottery.jpg <<

It also attempts to connect to the following website to download and execute some malicious files.

http://{BLOCKED}vey-sales.com/ipn/transactions/en.exe
http://{BLOCKED}vey-sales.com/ipn/transactions/link-en.exe

How to Remove Sohanad Virus from your computer/laptop?

i. Download the filder.rar Virus Removal Tool.
ii. Extract the filder.rar.
iii. Run the filder.exe.
iv. Remove virus from hard disk.
v. Now virus is removed from you computer.

Kinza.exe Virus Removal Tool

Kinza.exe Virus Removal Tool

What does Kinza.exe does?

i. It make Computer too Slow.
ii. It makes stop response or restrict Task Manager, Regedit, CMD, Msconfig, Group
iii. Policies. Some Windows tools like Like Task Manager, Regedit suddenly gets closed or open for few second Like Task Manager, Regedit, etc.
iv. Folder Options is Disable from Windows Explorer
v. It hide the hidden files.
vi. It extract itself and create lot of exe, dll, boot.vbs files

Source
i. Main source is Internet.
ii. Pen Drive which have Kinza.exe infected.
iii. CD which have Kinza.exe infected.

How to Remove Kinza.exe from your computer/laptop?

i. Download the Kinza.exe Virus Removal Tool.
ii. Turn off the System Restore point.
iii. Restart the computer the computer in Safemode.
iv. double click kinza.bat from the extracted file.
v. Delete temp file and internet temp file.
vi. Restart the computer.

Now your PC is free from kinza.exe

Finally +3396003964(HATI HATI SMS VIRUS) Removed

Finally I am able to remove the +3396003964(HATI HATI SMS VIRUS). I will tell you how to remove the virus.

Well I got to know that “Hati Hati virus” comes from MMC Memory card, so I thought let clean the virus from windows. So I get card reader and I scanned the memory card using Kaspersky Antivirus, Finally Kaspersky shows Memory card was infected from the virus, so I deleted those files. Thought the virus is removed completely. Nahh!!! still can’t remove the virus completely, the virus was reside at Mobile Memory and virus tries to send sms automatically to +3396003964.

After that I tried to install mobile antivirus in my Nokia N70, and I scanned it, can’t detect the virus. Actually I don’t have internet access in my mobile system, If I do have I could update the virus database and remove that virus. I am not able to use that option, so I have to use another option.

Then after I followed up the following steps,

1. Create backup the address book, calendar and settings using “Nokia PC Suite”
2. Format the MMC card from my computer using card reader
3. Use Deep Reset using code (*#7370#)
4. then it will ask for lock code
5. use 12345 as lock code and press OK
6. Now Mobile will be restart and it will back to previous settings

Hmmm!! now my mobile is very much faster that previous. Virus were removed completely. Only I have to install all application again, and have to restore all from the previous backup file.

Now my mobile is free from the virus, my mobile is very much faster than previous. Hope if guys have problem with the HatiHati virus, this post will help you to remove.

You can use reset code *#7780″ instead of *#7370#.

Different between the code is :

Normal Reset (*#7780#) : Restores ini files from rom but preserves user data (photos, 3rd party apps etc)

Deep Reset (*#7370#) : This reformats completely the C: drive. All applications and files stored on this drive will be lost and clean default files will be rewritten.

Finally I am able to remove the +3396003964 (HATI HATI SMS VIRUS).

My Mobile is sending SMS to 3396003964, help me out !!!

Today I was checking the logs in my Nokia N70, and I noticed that my mobile is sending sms to 3396003964 frequently. Really don’t know whats wrong with my mobile. I tried to google it and got to know that its a “HATI HATI SMS VIRUS SMS” which tries to send sms on international number +339600396 frequently. So I got to know why my balance is getting low. I got to know that the virus spread from the MMC card.

I tried to scan using symantec mobile anti virus and f-secure but both can’t detect the virus. I need help to remove that. If you guys have any idea on removing virus plz let me know.

Waiting for helpful comments.