There are just some people that have nothing to do in life than to make the lives of other people miserable. To the author of this virus, why don’t you get a life and try blogging instead? You might be able to make some money instead of spreading useless viruses?
Anyway, I’m just venting out my anger. My shrink tells me it’s unhealthy to hold grudges against people. Hehehehehehe
Last week my computer got infected by a virus. There is really no formal name for the virus since most of the anti-virus makers up to know have still not identified it. In fact when you search for a “remover” for this virus in google you cannot find any. (Correct me if I am wrong) There are only instructions on how to remove it and only a few websites are giving such instructions. In fact my onboard antivirus has still not identified it until now. The reason for this is because this virus is local. Yep, you got right, made in the Philippines. Since all of the big anti-virus makers are outside the country, it will probably take some time for them to “discover” this virus. Another probable reason why it seems to be not noticed by the anti-virus makers is because the virus is harmless. Again correct me if I am wrong about this, but I think it’s just someone’s idea of a nasty joke. Perhaps the author is still honing his virus making skills.
Ok so before I start telling you how to remove it, let us “know the enemy first”:
1.) When you open your internet explorer you see this annoying message in your title bar “TTMS NAA NA DIRE! DONT WORRY IM NOT A CORRUPT LIKE YOU!!”
2.) Go to “Start” > “Run” and type “regedit.” Your computer will tell you that “Registry editing is disabled by your administrator” or something like that.
3.) If you go to windows explorer you can see a file called “TTMS???.vbs.dll” (The question mark stands for numbers, like TTMS123.vbs.dll) If fact you can see this file in all your hard drives, and there are usually from 1 to 4 files in each hard drive. You can also see this file in your c:\windows directory)
Most likely Filipino and of Visayan decent. The use of the Visayan words “NAA NA DIRE” which means “Already here” in English confirms his identity. This guy is probably pissed off by the corruption that he sees in his community. I’d say I can’t blame him. But again it does not give him a right to annoy people with his virus. But in all honesty I really don’t understand what message this guy is trying to tell us.
HOW TO REMOVE IT IN YOUR COMPUTER
Step 1 Delete the virus file in the registry
a.) Go to Doug Knox’s page to download a Registry enable/disable tool.
b.) The tool requires you to reboot in order that you could access the registry
(Note: if you are careful about downloading programs you can enable the registry editor without downloading any file by doing the following:1.) Click Start >Run, type GPEDIT.MSC, then press enter.
2.) Go to User Configuration>Administrative Templates then select System.
3.) DISABLE “Prevent access to registry editing tools” then Close Group Policy.This procedure will help you enable the registry even without downloading the Registry enabler tool.)
c.) After you have downloaded Doug’s program, reboot Press CTRL+ALT+DEL it will bring up the task manager. Go to “Processes Select “WSCRIPT.EXE” and click “End Process”
d.) Go to START > RUN > then type “Regedit”
e.) Once you are in the registry editor go to EDIT > FIND type “TTMS*” it will bring you to all files with the words “TTMS” click on the file and press delete. Do this again and again until you have deleted everything related to the TTMS virus. (Take note if you have an important program with a file with the words TTMS0 be careful about doing this but I do no know of any important program that has this)
f.) To change your Internet explorer title bar do the following in the registry editor:
1.) In the left panel, go to:
2.) In the right panel, locate and modify the entry: From Window Title = “TTMS IS IN YOUR PC, DON’T WORRY I’M NOT CORRUPT AS YOU!”
3.) Change the value to Window title = “Microsoft Internet Explorer”
4.) In the left panel, locate the following: HKEY_USERS>%USERID%>SOFTWARE>Microsoft>Internet Explorer>Main NOTE: %USERID% is the current user ID in the registry.
5.) In the right panel, locate and modify the entry: From Window Title = “TTMS IS IN YOUR PC, DON’T WORRY I’M NOT CORRUPT AS YOU!”, Change the value to Window title = “Microsoft Internet Explorer” (Or you can type “I am a handsome guy” or whatever tickles your fancy)
Note: But this may not be very important, just if you want to change the title bar in internet explorer. Why are you still using Internet explorer anyway ? The browser sucks. Use the Opera browser instead.
STEP 2 – Make sure you disable “System Restore” in case you go back to a restore point, you might reactivate the virus. (Most windows experts believe that you would be so much better disabling system restore at all times anyway, this will free up more resources. You can do this by going to START > SETTINGS > CONTROL PANEL > SYSTEM > SYSTEM RESTORE and check “Turn of system restore in all hard drives”
STEP 3 – Delete all strains of the virus.
a.) Make sure you set windows explorer to show hidden files. You can achieve this by going to WINDOWS EXPLORER > TOOLS > FOLDER OPTIONS > VIEW > HIDDEN FILES AND FOLDERS Click on “Show hidden files and folders”
b.) Go to drive C right click and select Open. Do not double click to prevent the virus from activating.
c.) DELETE all files which start with a “TTMS” it is there are usually 1 to 4 files.
Delete all of these.
d.) If there is an “autorun.inf” in the drive. Open the file using notepad. If you see this linke ‘[autorun]shellexecute=wscript.exe TTMS831.dll.vbs’. then DELETE the file.
e.) Go over steps “a to f” for all hard disk. Do this also for the C:\Windows folder
HOW TO REMOVE IT IN YOUR FLASH DRIVE
There is no virus remover for this thing as of now. So I suggest that you format your flash drive. After you have placed your hard drive into the USB port go to windows explorer, Right click on the “Removable disk” (Your flash drive) Click format and then click Start.
If you know of any virus remover for this thing, please comment in this post.