Saturday, February 28, 2009

How to Remove RVHOST.exe Virus/Worm


Discovered: December 12, 2006
Updated: December 13, 2006 3:26:10 AM
Also Known As: IM-Worm.Win32.Sohanad.t [Kaspersky], W32/Sohana-R [Sophos]
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

W32.Yautoit.N is a worm that spreads through Yahoo! Instant Messenger.

Once executed, the worm downloads a file from the following location:

The worm then saves the downloaded file as the following file:

The worm creates the following file on shared drives:
%System%\new folder.exe

The worm then creates the following Windows job file with settings to execute RVHOST.exe at 9:00am every day:

The worm creates the following registry entries so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "Explorer.exe " RVHOST.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Yahoo Messengger" = "%System%\RVHOST.exe"

The worm also creates the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares\"shared" = "[SHARED DRIVE]\New Folder.exe"

The worm then modifies the following registry entries to disable the Task Manager and the Registry Editor:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableTaskMgr" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableRegistryTools" = "1"

The worm also modifies the following registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NofolderOptions" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\"AtTaskMaxHours" = "0"

The worm then deletes the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\"Run" = "BkavFw"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\"Run" = "IEProtection"

The worm ends the following processes and closes applications if they are running:
Registry Editor
Task Manager
"System Configuration"

Next, the worm sends the following messages through Yahoo! Instant Messenger:
"E may, vao day coi co con nho nay ngon lam [http://]

"Vao day nghe bai nay di ban [http://]"

"Vao day nghe bai nay di ban [http://]"

"Biet tin gi chua, vao day coi di [http://]"

"Trang Web nay coi cung hay, vao coi thu di [http://]"

"Toi di lang thang lan trong bong toi buot gia, ve dau khi da mat em roi? Ve dau khi bao nhieu mo mong gio da vo tan... Ve dau toi biet di ve dau? [http://]"

"Khoc cho nho thuong voi trong long, khoc cho noi sau nhe nhu khong. Bao nhieu yeu thuong nhung ngay qua da tan theo khoi may bay that xa... [http://]"

"Tha nguoi dung noi se yeu minh toi mai thoi thi gio day toi se vui hon. Gio nguoi lac loi buoc chan ve noi xa xoi, cay dang chi rieng minh toi... [http://]"

"Loi em noi cho tinh chung ta, nhu doan cuoi trong cuon phim buon. Nguoi da den nhu la giac mo roi ra di cho anh bat ngo... [http://]"

"Tra lai em niem vui khi duoc gan ben em, tra lai em loi yeu thuong em dem, tra lai em niem tin thang nam qua ta dap xay. Gio day chi la nhung ky niem buon...[http://]"

Info: Thanks to symantec.

Rvhost.exe Removal Tool

To remove this virus/worm automatically
just download the tool here :

Double click it after downloading, and have it running on it's own. Wait for it to finish scanning and removing the malwares and viruses on your pc. You will know when it's done when the text file appear containing the scan results. And your finish.
Make sure to disable any antivirus you have before executing the tool.


Monday, February 16, 2009

Where to Find the Latest Online Games

If you are an online gamer and want to know the latest online games.

You can visit this website portal:

You can find the latest online games with the following genre:

Browser Games
Casual Games
Fantasy Games
Historical Games
MMOFPS - Massive Multiplayer First Person Shooter
Real Life Games
Sci-Fi Games

Categorized by Area:

CN - Canada
EU - Europe
KR - Korea
MY - Malaysia
PH - Philippines
SEA - South East Asia
SG - Singapore
US - United States
WW - WorldWide

and also status of the Game and Fees, most are Free.

How to Find ATM's Nearest You by SMS

Need to withdraw at ATM and don't know where to find one?
Here's what you can do,

Just Text the following:

FIND ATM then send it to 7000.

You will receive a list of ATMs nearest you.

Send Free SMS by Globe Telecom without Load

You can now send Free SMS without Load.

If you don't have a load and need to text somebody.

Now you can, using this service from Globe Telecom, just Register to 2625.

Just Text

FREE REG FirstName/Surname/Location/Age/Gender then send to 2625.

To be able to send your free text type in

FREE [10 digit mobile number] [your message]

Example: FREE 09155967596 This is a free text

Then send to 2625.
Your SMS will be paid by the one you send the message to.

How to Register Globe G-Cash

Globe Gcash is an electronic wallet which you can fund using cash by going to any globe business centers near you. There are many uses of Globe Gcash, for example an OFW can remit money using it, a merchant can receive payments, you can buy prepaid loads using GCash, or buy item at online Auctions such as, you can pay your bills, use online banking, use it on friendster, and lots more!

To Register your Mobile Phone Sim, simply SMS the following :

REG 4-digit PIN/mother’s maiden name/first name/last name/address

then send it to 2882,

or you can also Register to Gcash using your Globe Mobile Sims Menu:

Goto Globe Services > Prepaid Services > GCASH

You will receive verification if your registration has succeeded or not.

Remember! Make sure that your First Name and Last Name match the information that appears in any valid ID of yours. You will need this when you want to encash GCash from Globe Business Centers.

Philippine Lotto Results using SMS

Have you missed today's Philippine Lotto Results?
Well don't worry, do you know that you can have
the latest Philippine Lotto Results by texting:

PCSO ELIS and send it to 2219 For GLOBE
PCSO ELIS and send it to 483 for SMART
PCSO ELIS and send it to 2823 for SUN CELLULAR

Now you know!

How to Download Yahoo Messenger for Mobile

To download yahoo messenger for mobile on your cellphone, Just go to your mobile browser and type the following address :, and click ok! You will be able to download the Yahoo Messenger for mobile and enjoy chatting to all mobile users that has it.


Sunday, February 15, 2009

How to Get Paid Reading Emails


All you need to do is register as a Free Memberships.
Upgraded members will have more features and will be able to cashout early.
All Emails Send to you is Worth $1.00, All ptc worth $0.50
$10 will be deposited upon your signup,
Refer others and you will get $1.00 referral bonus
Redemption page starts from $100, meaning you can use your earnings to pay for advertising!
No downline required for payout! Once you get the minimum payout amount!
Fast Payments For Honest Members
International Members are Welcome
Payments Will be Made Within 48 Hours via PayPal , E-Gold , Alertpay , Libertyreserve !
2 Ref levels of commission under you
Level 1-20% Level 2-13%

How it works?

When you receive an email there is a link inside it.
All you have to do is click it, enter your login details, click the right code and wait for your click to be credited. Usually about 40 - 100 seconds. Then close it.

To get paid on clicks, login to your members area and click on the
Paid to Click Link.

To Register an Account just go to:

Use Globe Gcash on Friendster

Great News! Did you know that you can now use Globe Gcash to send and receive payment from any friendster user? Globe Gcash has now been integrated on your account. There is a send money link on your Friendster homepage, which you can click and process Globe Gcash, you can download the full instructions on this new update by downloading the official document below.

How to Send GCash in Friendster - click to download.