TechyLife.com

W32.Svich is a worm that spreads through Yahoo! Messenger and by copying itself to all drives. It also downloads potentially malicious files and lowers security settings on the compromised computer. Symantec classifies the infection as :

The spam message that your friends may get will be any one from this set: The url to nhatquanglan1 site may change even though its the most recurring one. The 0catch may change to xlphp

* E may, vao day coi co con nho nay ngon lam http:// nhatquanglan1 . 0catch . com

* Vao day nghe bai nay di ban http:// nhatquanglan1 . 0catch . com

* Vao day nghe bai nay di ban http:// nhatquanglan1 . 0catch . com

* Biet tin gi chua, vao day coi di http:// nhatquanglan1 . 0catch . com

* Trang Web nay coi cung hay, vao coi thu di http:// nhatquanglan1 . 0catch . com

* Toi di lang thang lan trong bong toi buot gia, ve dau khi da mat em roi? Ve dau khi bao nhieu mo mong gio da vo tan… Ve dau toi biet di ve dau? ” & http:// nhatquanglan1 . 0catch . com &”

* Khoc cho nho thuong voi trong long, khoc cho noi sau nhe nhu khong. Bao nhieu yeu thuong nhung ngay qua da tan theo khoi may bay that xa… http:// nhatquanglan1 . 0catch . com

* Tha nguoi dung noi se yeu minh toi mai thoi thi gio day toi se vui hon. Gio nguoi lac loi buoc chan ve noi xa xoi, cay dang chi rieng minh toi… http:// nhatquanglan1 . 0catch . com

* Loi em noi cho tinh chung ta, nhu doan cuoi trong cuon phim buon. Nguoi da den nhu la giac mo roi ra di cho anh bat ngo… http:// nhatquanglan1 . 0catch . com

* Tra lai em niem vui khi duoc gan ben em, tra lai em loi yeu thuong em dem, tra lai em niem tin thang nam qua ta dap xay. Gio day chi la nhung ky niem buon… http:// nhatquanglan1 . 0catch . com

Fix for W32.Svich : 

1. Disable System Restore temporarily.

2. Reboot in Safe Mode and perform a complete virus scan and remove infected files with a good Antivirus. 

3. Open Registry Editor (Start> Run > regedit).

4. Clear the following reg entries.  

HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Run

\”Yahoo Messengger” = “C:\WINDOWS\system32\SSVICHOSST.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

\”Shell” = “Explorer.exe SSVICHOSST.exe”

5. If task manager was disabled after the infection fix it by adding these values (in bold) to the registry.

HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Policies\System

\”DisableTaskMgr” = “1“

HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Policies\System

\”DisableRegistryTools” = “1“

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

\”NofolderOptions” = “1“

6. Exit registry and restart the system . 

7. Enable System Restore again.

  If you were infected, chances are high that many of your friends may got infected from your system. So ask them to check it before they spreading to more people.