Removal Instructions For A Nasty Philippine Made Virus

About a month my computer got hit by a virus. As of now it has not been given a formal name since most of the anti-virus makers still has not identified it. You can see that this is so because when you search for a "remover" for it in google you cannot find any. (Correct me if I am wrong) However, there are instructions on how to remove it manually. But sadly only a few websites are giving such instructions for the reason that this virus is locally created. (Made here in the Philippines)

Ok so before I start telling you how to remove it, let us "know the enemy first":

SYMPTOMS: 1.) When you open your internet explorer you see this annoying message in your title bar "TTMS NAA NA DIRE! DONT WORRY IM NOT A CORRUPT LIKE YOU!!" 2.) Go to "Start" > "Run" and type "regedit." Your computer will tell you that "Registry editing is disabled by your administrator" or something like that. 3.) If you go to windows explorer you can see a file called "TTMS???.vbs.dll" (The question mark stands for numbers, like TTMS123.vbs.dll) If fact you can see this file in all your hard drives, and there are usually from 1 to 4 files in each hard drive. You can also see this file in your c:\windows directory)

ERADICATING IT FROM YOUR COMPUTER Step 1 - Remove the virus from the registry

a.) You must first try to enable the registry. You can achieve this by going to Doug Knox's page. There, download a Registry enable/disable tool. (The tool requires you to reboot in order that you could access the registry) b.) After the reboot and once you get inside windows, press CTRL+ALT+DEL to bring up the task manager. Select "Processes Select "WSCRIPT.EXE" and click "End Process" c.) Activate the registry editor by pressing START > RUN > then type "Regedit" d.) The moment you are inside the registry editor go to EDIT > FIND type "TTMS.*" This will take you to all the files with the word "TTMS." Click on these and press delete. Do this repeatedly until you have deleted everything related to the TTMS virus. (However be careful in doing this there might be legitimate programs with the word "TTMS")

e.) To change the annoying message in your Internet explorer title bar, in the registry editor, do the following: 1.) In the left panel, go to: HKEY_CURRENT_USERS>SOFTWARE>Microsoft>Internet Explorer>Main 2.) In the right panel, locate and modify the entry: From Window Title = "TTMS IS IN YOUR PC, DON'T WORRY I'M NOT CORRUPT AS YOU!" 3.) Change the value to Window title = "Microsoft Internet Explorer" 4.) In the left panel, locate the following: HKEY_USERS>%USERID%>SOFTWARE>Microsoft>Internet Explorer>Main NOTE: %USERID% is the current user ID in the registry. 5.) In the right panel, locate and modify the entry: From Window Title = "TTMS IS IN YOUR PC, DON'T WORRY I'M NOT CORRUPT AS YOU!", Change the value to Window title = "Microsoft Internet Explorer"

STEP 2 - Ensure that you have disabled "System Restore." This is prevent you from going back to a restore point, inadvertently activating the virus. You can accomplish this by going to START > SETTINGS > CONTROL PANEL > SYSTEM > SYSTEM RESTORE and check "Turn of system restore in all hard drives"

STEP 3 - Delete all virus strains a.) Set windows explorer to show hidden files. Do this by going to WINDOWS EXPLORER > TOOLS > FOLDER OPTIONS > VIEW > HIDDEN FILES AND FOLDERS Click on "Show hidden files and folders" b.) In your windows explorer, go to drive C right click and select Open. (Do not double click to prevent the virus from activating. ) c.) You must DELETE all files starting with "TTMS" it is there are usually 1 to 4 files. d.) Check to see if there is an "autorun.inf" in the drive. Using notepad, open the file. Once you see this link '[autorun]shellexecute=wscript.exe TTMS831.dll.vbs'. DELETE the file. e.) Repeat all the other steps for all hard disk. and for the C:\Windows folder.

Article Source: http://www.exclusive-article.com

how to remove TTMS NA NA DIRE is not the only topic that Zigfred Diaz blogs about. He also blogs about several interesting topics including, money management, investments, How to invest in the Philippine stock market entrepreneurship, leadership, etc. Visit his blog today !

Please Rate this Article

Not yet Rated