Reprinted Articles

Last month my computer got infected by a virus. There is really no formal name for the virus since most of the anti-virus makers up to know have still not identified it. In fact when you search for a “remover” for this virus in google you cannot find any. (Correct me if I am wrong) There are only instructions on how to remove it and only a few websites are giving such instructions. The reason for this is because this virus is local, that is made in the Philippines.

Before giving you instructions on how to remove it, let us first check if your computer is infected by determining the symptoms.

SYMPTOMS: 1.) Your internet explorer title bar has the message “TTMS NAA NA DIRE! DONT WORRY IM NOT A CORRUPT LIKE YOU!!” 2.) If you go to “Start” > “Run” and type “regedit.” A message will pop up that says “Registry editing is disabled by your administrator.” 3.) In windows explorer you can see a file or several files called “TTMS???.vbs.dll” (The question mark stands for numbers, like TTMS123.vbs.dll) This file is also present in your c:\windows directory)

REMOVING IT FROM YOUR COMPUTER Step 1 - Eradicate the virus in the registry

a.) You must first try to enable the registry. You can achieve this by going to Doug Knox’s page. There, download a Registry enable/disable tool. (The tool requires you to reboot in order that you could access the registry) b.) After the reboot and once you get inside windows, press CTRL+ALT+DEL to bring up the task manager. Select “Processes Select “WSCRIPT.EXE” and click “End Process” c.) Activate the registry editor by pressing START > RUN > then type “Regedit” d.) The moment you are inside the registry editor go to EDIT > FIND type “TTMS.*” This will take you to all the files with the word “TTMS.” Click on these and press delete. Do this repeatedly until you have deleted everything related to the TTMS virus. (However be careful in doing this there might be legitimate programs with the word “TTMS”)

e.) To remove the annoying message in your Internet explorer title bar do the following in the registry editor: 1.) In the left panel, go to: HKEY_CURRENT_USERS>SOFTWARE>Microsoft>Internet Explorer>Main 2.) In the right panel, locate and modify the entry: From Window Title = “TTMS IS IN YOUR PC, DON’T WORRY I’M NOT CORRUPT AS YOU!” 3.) Change the value to Window title = “Microsoft Internet Explorer” 4.) In the left panel, locate the following: HKEY_USERS>%USERID%>SOFTWARE>Microsoft>Internet Explorer>Main NOTE: %USERID% is the current user ID in the registry. 5.) In the right panel, locate and modify the entry: From Window Title = “TTMS IS IN YOUR PC, DON’T WORRY I’M NOT CORRUPT AS YOU!”, Change the value to Window title = “Microsoft Internet Explorer”

STEP 2 - Make sure you disable “System Restore” in case you go back to a restore point, you might reactivate the virus. You can do this by going to START > SETTINGS > CONTROL PANEL > SYSTEM > SYSTEM RESTORE and check “Turn of system restore in all hard drives”

STEP 3 - Delete all virus strains a.) Set windows explorer to show hidden files. Do this by going to WINDOWS EXPLORER > TOOLS > FOLDER OPTIONS > VIEW > HIDDEN FILES AND FOLDERS Click on “Show hidden files and folders” b.) In your windows explorer, go to drive C right click and select Open. (Do not double click to prevent the virus from activating. ) c.) You must DELETE all files starting with “TTMS” it is there are usually 1 to 4 files. d.) Check to see if there is an “autorun.inf” in the drive. Using notepad, open the file. Once you see this link ‘[autorun]shellexecute=wscript.exe TTMS831.dll.vbs’. DELETE the file. e.) Repeat all the other steps for all hard disk. and for the C:\Windows folder.

Last 5 posts by Zigfred Diaz

• How to make money online by counting cards - June 6th, 2008
• Knowing what "buy term, invest the difference" means - June 5th, 2008
• This is one good keyword to exploit - "Pinay Scandal - March 25th, 2008
• Here are two good key words to optimize - March 25th, 2008
• Some tips on how to save money - March 22nd, 2008

Tags: Software