Sohanad is a worm that spreads by sending links to their contacts as messengers such as Yahoo, AOL and Windows Live Messenger. The changes in Internet Explorer (IE) and the page does not allow the address of the homepage. Also, disable the Registry Editor, Task Manager and select Run from the Start menu. Flaw in Internet Explorer is the origin of these virus attacks. Firefox users are from a growing attack against the virus, so if you want to stay away from such sohanad worm and virus removal prevention and attacks, you have the Firefox browser.

Then Brontok copies itself under the following names

%UserProfile%\Local Settings\Application Data\br<random number>on.exe
%UserProfile%\Local Settings\Application Data\csrss.exe
%UserProfile%\Local Settings\Application Data\inetinfo.exe
%UserProfile%\Local Settings\Application Data\lsass.exe
%UserProfile%\Local Settings\Application Data\services.exe
%UserProfile%\Local Settings\Application Data\smss.exe
%UserProfile%\Local Settings\Application Data\svchost.exe
%UserProfile%\Local Settings\Application Data\winlogon.exe

The Emails sent may contain the following attachments with the Brontok Worm:

• ccapps.exe
• jangan dibuka.exe
• kangen.exe
• my heart.exe
• myheart.exe
• syslove.exe
• untukmu.exe
• winword.exe

Disguised as a anti-virus, this software calls itself Drive Cleaner 2006 and claims to remove all the viruses in your system. How ironic since this itself is a adware trojan and specifically a virus! Here is how the installation click looks like.

If your computer has files like

C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe

C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe

C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe

C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe

To remove Drive Cleaner 2006, it is fairly simple process and to remove this virus, just uninstall it from the control panel (There will be a entry called DriveCleaner) and use Hijack This and remove the above named entries for DriveCleane. Hopefully you are clean now!!!