trojan virus spreading via MSN chat, it points to URL in photobucket !
- Thread starter raincool2005
- Start date
- Status
I think it is more like send a zip file by your friend.
Something like this
"wanna see the pics from my vacation?
XXX sends imag091307.zip
Check out my nice photo album.
XXX sends imag091307.zip"
Source: [img091307-www.photoshop.com] inside of [c:\documents and settings\owner\my documents\my received files\imag091307.zip]
Risk category: Virus
Overall Risk Impact: High
Click for more information about this risk : W32.Scrimge!gen
Action taken: Fully removed
i keep getting random friends sending me damn weird messages on msn
so irritating, i just blocked them after a while =D =D =D
so irritating, i just blocked them after a while =D =D =D
Sometimes the file name comes like -> xxxxxx.jpg.com
When u tot it looks like a jpeg image file, and u double click on it, u have actually started a worm/spam program..
When u tot it looks like a jpeg image file, and u double click on it, u have actually started a worm/spam program..
chia lak.. wat should i do ? :think:
norton actually deleted it but seems like i cannot kill the worm
norton actually deleted it but seems like i cannot kill the worm
Do a full system scan and check if you have been sending weird messages to you friends on MSN. My system is still ok even though I download the zip. My Norton Antivirus managed to kill it.
a worm program usually unpack another program for keeping it alive.
For instance, worm1.exe unpack wormClone.exe..and will usually write a registry setting to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run..by adding a key to this registry, they will be able to re-run themselves on every next boot..
worm1.exe will usually be the one creating havoc, and yet monitoring whether wormClone.exe is started..
wormClone.exe is usually monitoring worm1.exe started a not, if not it will try starting it, if fail to start it will unpack another worm1.exe and start it..
some worm programs even check the availabilty of registry keys to make sure they continue to live on the next boot..
For instance, worm1.exe unpack wormClone.exe..and will usually write a registry setting to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run..by adding a key to this registry, they will be able to re-run themselves on every next boot..
worm1.exe will usually be the one creating havoc, and yet monitoring whether wormClone.exe is started..
wormClone.exe is usually monitoring worm1.exe started a not, if not it will try starting it, if fail to start it will unpack another worm1.exe and start it..
some worm programs even check the availabilty of registry keys to make sure they continue to live on the next boot..
think there are at least 2 places to check
1. My Computer > C Drive > Documents and Settings > (Your Name) > Local Settings > clear everything in temporary internet files ... usually i clean up the temp folder as well
2. check My Documents, My Received Files, Downloads etc. and see if there are any trace of the worm
i had uninstalled MSN 8.1 and go back to MSN 4.1 for the time being
seems like the worm is very active in MSN 8.1 version
:sweat:
seems like the worm is very active in MSN 8.1 version
:sweat:
second attempt of attack again !
this time i just close the chat window. It says something like "does this photo look nice on myspace "
clearly, the virus is spreading fast via msn chats :sweat:
this time i just close the chat window. It says something like "does this photo look nice on myspace "
clearly, the virus is spreading fast via msn chats :sweat:
have you checked the folders i mentioned? if you don't purge the worm it'll surface no matter what version of msn messenger you are using. you should do a scan on your entire system and then go to those folders to delete the worm files.
if everything fail, do a system restore to the time before you got it... most of the time it works on suchs worms/virus... etc
yes, i had tired almost the whole day, finally did a SYSTEM RESTORE on my laptop :sweat:
WORM confirmed died ! :devil:
here's what i experienced.
the anti-virus software can detect and remove (found to be trojan) it but this virus or worm created a backdoor for another worm during a reboot. Your windows (which is protected by Updates) will prompt u to run this msn program and guess what ? the "publisher" is an unknown. By right the publisher should be Microsoft.
despite running it or not, even u cancel it, it still runs ! auto-sending out ugly presents to your fellow msn friends without your permission.
;(
the anti-virus software can detect and remove (found to be trojan) it but this virus or worm created a backdoor for another worm during a reboot. Your windows (which is protected by Updates) will prompt u to run this msn program and guess what ? the "publisher" is an unknown. By right the publisher should be Microsoft.
despite running it or not, even u cancel it, it still runs ! auto-sending out ugly presents to your fellow msn friends without your permission.
;(
- Status
Similar threads
