Reading time: 3 – 5 minutes
The Vietnamese phrase, “Biet tin gi chua, vao day coi di” may not sound familiar to you but once you get this message from one of your Yahoo Messenger contacts, then it would have been right if you’ll inform them that there was a virus sitting on their computer sending you this message automatically without them knowing it.
Yes, you’ve read it right. It was a virus and I got the same message via my messenger client and into my mobile phone as a text message when I was offline.
Biet tin gi chua, vao day coi di through Google Translate in English means, “Know what sour news, the day regarded mobile” although I’m not sure if it was the correct translation, only native Vietnamese speakers can actually make the correction. Whether the translated phrase literally makes sense or not, technically it does because you have to advice your contact that he needs some serious PC disinfecting job to do.
It’s weird that this issue can be traced back 2 years ago yet it still comes back to this day hunting innocent users.
If your ever received this message which normally comes with a link to a certain website, don’t fret because your PC is safe (unless you didn’t click on the link) but your contact’s isn’t.
Let them know that they need some total computer scanning to do but may have to update their antivirus first. If the threat isn’t detected after the scan, they may have to edit the registry although I don’t recommend doing it. If you’re not sure of what you’re doing, you may do it at your own risk so be extra careful.
A certain forum cited some steps however the language is in Malay so I opted to translate the text through Google and here it is:
Firstly to remove the virus: –
»Disable System Restore
»Try to update anti-virus scan online or in www.bitdefender.com (use internet explorer)
»Complete virus scan if still available …then reboot in safe mode computer press F8.
»Go to Start» Run »type regedit» OK
navigate to this value: –
find and delete the value.
HKEY_ALL_USERS »Software» Microsoft »Windows» Current Version »Run [last directory]
see the right value »” Yahoo Messenger “=” C: WINDOWS system32 SSVICHOSST.exe “
HKEY_LOCAL_MACHINE »Software» Microsoft »Windows» Current Version »Winlogon [last directory] see the right value»
“Shell” = “Explorer.exe SSVICHOSST.exe”
note: SSVICHOSST.exe <- worm
then .. restore the default registry value ..
HKEY_ALL_USERS »Software» Microsoft »Windows» Current Version »Policies» System [last dir] »set value” DisableTaskMgr “=” 1 ”
HKEY_ALL_USERS »Software» Microsoft »Windows» Current Version »Policies» System [last dir] »set value” DisableRegistryTools “=” 1 ”
HKEY_CURRENT_USER »Software» Microsoft »Windows NT» Current Version »Policies» Explorer [last dir] »set value” NofolderOptions “=” 1 “
exit regedit .. »Restart PC ..
I already remove this on windows XP… to make it easier for you when you open regedit use ctrl + f then type regedit SSVICHOSST.exe
See if you got this file or not … then follow the instructions.
The above instructions are copy-pasted “as is” with minor word editing for coherence.
Another word of advice, make sure you’re using a separate spyware program other than an antivirus for tougher protection.