Facebook has appeared in the new version of Virus Spam via Messenger. Persons who get stuck will send friends in Friendlist files named Videomp4.zip. The victims do not prevent download this file and then extract will immediately lose Account.


How to Remove Spam Virus via New Messenger


Dangerous people should be careful! Below is a tutorial that I just found on BKAV to treat this virus.

First, you will need PChunter software. Link: https://forum.bkav.com.vn/forum/may-tinh/kinh-nghiem-thu-thuat/13603-update-64bit-cong-cu-ho- Trojan-virus-bang-antivirus-rootkit-virus-rootkit 13191-Update-64bit-Virus-bang-hand-virus-XueTr- Anti

Type 1: mediafire. com / ******* / img **. jip. exe or. pif
This type of feature, they will create fake svchosts.exe file in appdata directory (vista +7) or application data (XP).
Look at the tool, you can see the svchosts are printed in blue, it is the fake svchosts. So what now? Right-click it, select delete file after termination and then right-click again, select force kill as done.
Well, that’s not finished yet. You press R to enter the run dialog box, type regedit and then enter. Access by path:

HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Run

HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Run 

HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Terminal Server Install Software Microsoft Windows CurrentV ersion Run

HKEY_USERS S-1-5-21-1292428093-436374069-854245398-1003 Software Microsoft Windows CurrentVersion Run

– Delete microsoft corp key (with virus path).

Type 2: k22. Rubber, file picture format + month + date + number (Example: April20Picture36-JPG)

This type is slightly different, it will create iqs.exe file at C: windows
virus microsoft impersonation should not print in color as in Figure, but not escape. Some cases are still blue.
Kill is similar to type 1, right-click iqs, select delete file after termination and then right click again, select force kill.
Also fix the registry again. You press R to enter the run dialog box, type regedit and then enter. Access by path: 

HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Run

HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Run

HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Terminal Server Install Software Microsoft Windows CurrentV ersion Run

HKEY_USERS S-1-5-21-1292428093-436374069-854245398-1003 Software Microsoft Windows CurrentVersion Run


Delete key microsoft firevall engine (path virus)
Path

HKEY_LOCAL_MACHINE SYSTEM

CurrentControlSet Servic es SharedAccess Parameters FirewallPolicy Standard Profiles AuthorizedApplications List


Delete: C: windows iqs.exe

* Note: To open the appdata folder, select RUN and type:% APPDATA% Then hit Enter.

5 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here