trojan virus spreading via MSN chat, it points to URL in photobucket !


Status
Not open for further replies.

Francis247

Moderator
Staff member
Jul 10, 2005
6,627
0
36
Hougang, Punggol
forums.clubsnap.com
#2
if u encounter this during msn chat, do not open it !;(
I think it is more like send a zip file by your friend.

Something like this

"wanna see the pics from my vacation? :D
XXX sends imag091307.zip
Check out my nice photo album. :D
XXX sends imag091307.zip"

Source: [img091307-www.photoshop.com] inside of [c:\documents and settings\owner\my documents\my received files\imag091307.zip]
Risk category: Virus
Overall Risk Impact: High
Click for more information about this risk : W32.Scrimge!gen
Action taken: Fully removed
 

aeskywan

New Member
Feb 13, 2007
104
1
0
#3
Another variant is

"Hey this guy says he knows you! Is it true??" Followed by

Picture to download
 

night86mare

Deregistered
Aug 25, 2006
25,541
0
0
www.pbase.com
#4
i keep getting random friends sending me damn weird messages on msn
so irritating, i just blocked them after a while =D =D =D
 

blazer_workz

Senior Member
May 8, 2006
3,118
0
0
ClubSNAP Community
#5
Sometimes the file name comes like -> xxxxxx.jpg.com
When u tot it looks like a jpeg image file, and u double click on it, u have actually started a worm/spam program..
 

raincool2005

Senior Member
Sep 10, 2005
1,808
0
0
Raffles Place
#6
chia lak.. wat should i do ? :think:

norton actually deleted it but seems like i cannot kill the worm
 

Francis247

Moderator
Staff member
Jul 10, 2005
6,627
0
36
Hougang, Punggol
forums.clubsnap.com
#8
chia lak.. wat should i do ? :think:

norton actually deleted it but seems like i cannot kill the worm
Do a full system scan and check if you have been sending weird messages to you friends on MSN. My system is still ok even though I download the zip. My Norton Antivirus managed to kill it.
 

blazer_workz

Senior Member
May 8, 2006
3,118
0
0
ClubSNAP Community
#9
a worm program usually unpack another program for keeping it alive.
For instance, worm1.exe unpack wormClone.exe..and will usually write a registry setting to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run..by adding a key to this registry, they will be able to re-run themselves on every next boot..
worm1.exe will usually be the one creating havoc, and yet monitoring whether wormClone.exe is started..
wormClone.exe is usually monitoring worm1.exe started a not, if not it will try starting it, if fail to start it will unpack another worm1.exe and start it..
some worm programs even check the availabilty of registry keys to make sure they continue to live on the next boot..
 

raincool2005

Senior Member
Sep 10, 2005
1,808
0
0
Raffles Place
#10
a worm program usually unpack another program for keeping it alive.
For instance, worm1.exe unpack wormClone.exe..and will usually write a registry setting to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run..by adding a key to this registry, they will be able to re-run themselves on every next boot..
worm1.exe will usually be the one creating havoc, and yet monitoring whether wormClone.exe is started..
wormClone.exe is usually monitoring worm1.exe started a not, if not it will try starting it, if fail to start it will unpack another worm1.exe and start it..
some worm programs even check the availabilty of registry keys to make sure they continue to live on the next boot..
how to remove this worm ? :cry:
 

eikin

Senior Member
Apr 27, 2004
10,193
0
0
東京 Tokyo
#11
how to remove this worm ? :cry:
think there are at least 2 places to check

1. My Computer > C Drive > Documents and Settings > (Your Name) > Local Settings > clear everything in temporary internet files ... usually i clean up the temp folder as well

2. check My Documents, My Received Files, Downloads etc. and see if there are any trace of the worm
 

raincool2005

Senior Member
Sep 10, 2005
1,808
0
0
Raffles Place
#12
i had uninstalled MSN 8.1 and go back to MSN 4.1 for the time being

seems like the worm is very active in MSN 8.1 version

:sweat:
 

raincool2005

Senior Member
Sep 10, 2005
1,808
0
0
Raffles Place
#14
second attempt of attack again !

this time i just close the chat window. It says something like "does this photo look nice on myspace "

clearly, the virus is spreading fast via msn chats :sweat:
 

eikin

Senior Member
Apr 27, 2004
10,193
0
0
東京 Tokyo
#15
second attempt of attack again !

this time i just close the chat window. It says something like "does this photo look nice on myspace "

clearly, the virus is spreading fast via msn chats :sweat:
have you checked the folders i mentioned? if you don't purge the worm it'll surface no matter what version of msn messenger you are using. you should do a scan on your entire system and then go to those folders to delete the worm files.
 

ExplorerZ

Senior Member
Jan 9, 2006
7,752
0
36
West Legion
hkchew03.deviantart.com
#16
second attempt of attack again !

this time i just close the chat window. It says something like "does this photo look nice on myspace "

clearly, the virus is spreading fast via msn chats :sweat:
if everything fail, do a system restore to the time before you got it... most of the time it works on suchs worms/virus... etc
 

ricohflex

Senior Member
Feb 24, 2005
3,353
8
38
sing
#17
Trojan Remover from Simply Super Software.
Spyware Doctor from PC Tools.
Norton Security Suite.
Kapersky Anti Virus.
 

raincool2005

Senior Member
Sep 10, 2005
1,808
0
0
Raffles Place
#18
a worm program usually unpack another program for keeping it alive.
For instance, worm1.exe unpack wormClone.exe..and will usually write a registry setting to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run..by adding a key to this registry, they will be able to re-run themselves on every next boot..
worm1.exe will usually be the one creating havoc, and yet monitoring whether wormClone.exe is started..
wormClone.exe is usually monitoring worm1.exe started a not, if not it will try starting it, if fail to start it will unpack another worm1.exe and start it..
some worm programs even check the availabilty of registry keys to make sure they continue to live on the next boot..
yes, i had tired almost the whole day, finally did a SYSTEM RESTORE on my laptop :sweat:

WORM confirmed died ! :devil:
 

raincool2005

Senior Member
Sep 10, 2005
1,808
0
0
Raffles Place
#20
here's what i experienced.

the anti-virus software can detect and remove (found to be trojan) it but this virus or worm created a backdoor for another worm during a reboot. Your windows (which is protected by Updates) will prompt u to run this msn program and guess what ? the "publisher" is an unknown. By right the publisher should be Microsoft.

despite running it or not, even u cancel it, it still runs ! auto-sending out ugly presents to your fellow msn friends without your permission.


;(
 

Status
Not open for further replies.
Top Bottom