Ankit_Add

Friday, May 22, 2015

A post on how to be secure on social networking sites and instant messengers and recovering your system from a virus

Stop computer virusToday, everyone is hooked to social networking sites like Facebook and Twitter and also to instant messengers like Yahoo Messenger, Gtalk and Skype. But what do you do when somebody hacks into your account? How do you prevent your account from being hacked?

Facebook_logo
What to do when your Facebook account gets hacked ?
  1.  Change your password and email address on which the Facebook account is registered. To do this   simply go here https://register.facebook.com/editaccount.php. This is the most important step.
  2.  Disable all the applications that have access to your account. Please see this post.
How does a Facebook account gets hacked?
A Facebook gets hacked when a user clicks on a malicious link posted by an already hacked account. Also if the user uses a malicious application, the account gets hacked.
Hacked Account

You can easily identify a hacked account, when you see the user has posted the same malicious link on his / her friend's wall.

Skype and Yahoo Messenger Virus
The virus is actually a worm in this case, which spreads rapidly to other contacts. It uses the same modus operandi of posting a fraudulent link.
windows_live_messenger


How to be safe on Facebook, Yahoo Messenger or Skype?
 It is important not to click any suspicious links which are posted to your wall on Facebook. In Facebook, if the link is genuine it will have a picture associated with it  For example a link pointed to a YouTube video, has a thumbnail of the video associated with it.

What to do after the Skype, Yahoo Messenger or Windows Messenger virus affects your PC?
The steps are as follows:

  1. Disable System Restore. To do that simply go to this Microsoft link that tells you how to disable System Restore.
  2. Update your anti-virus software and run a full system scan.
Additional steps for Advanced users for recovering from or deleting the Skype Virus on Windows:
  1. There is a possibility of malicious files in the system32 directory of your windows installation (windrivs(d)32.exe, mshtmldat32.exe, mshtmlsh32.exe), kill those processes (including Skype + Explorer to get rid of the file locks) and delete any of those 4 files if found.
  2. Also delete this entry in your system registry: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Service Start2
  3.  Edit the hosts by going to Start > Run... and entering the following:  notepad "C:\Windows\System32\drivers\etc\hosts"
  4.  Scroll down a little ways and delete everything at the bottom.  It's going to be a bunch of garbled text.  After deleting, then save the changes.  
  5. NOTE:  If you're not comfortable with this, you can try HostXpert, but you'll have to download it on another computer and transfer it to the infected computer before you can use it.  Just run it and click "Restore MS Hosts File"
  6.  The above steps get rid of the Google Error pages, so now you're free to download any tool you wish to fight this thing.  I used ComboFix to get rid of this thing.  Download it to your desktop and rename it to "nothing.exe" -- otherwise the virus will recognize it and close it automatically.
  7. Run "nothing.exe" and accept everything it wishes to do and you'll be virus-free soon.  It may require a restart.
References:

No comments:

Post a Comment