Msn Virus

OttoDestructOttoDestruct Join Date: 2002-11-08 Member: 7790Members
edited March 2005 in Off-Topic
Don't click any link saying something around the lines of 'hehe this is funny'.... nuff said... though I'm sure you guys are smart enough to not do it

*edit*

by msn i mean messenger
Off Topic Disagree Agree Awesome

Comments

  • RuByRuBy Join Date: 2002-12-12 Member: 10732Members
    I have a friend who just got a nasty virus through MSN, I'm wondering if this is the same one. It disables practically everything, Spyware removers, Antiviruses even ctrl+alt+del.

    Have you found a solution?
    Off Topic Disagree Agree Awesome
  • im_lostim_lost TWG Rule Guru Join Date: 2003-04-26 Member: 15861Members
    I saw a virus sent around through AIM about a year ago in a similar fashion. I actually got the virus, but luckily it didn't seem to do anything harmful, and was easy to remove. It did send a message to everyone on the infected person's messenger list, but that part only worked for the people running AOL's software for using AIM.

    Basically, don't click on any links from people without knowing what they are.
    Off Topic Disagree Agree Awesome
  • NEO_PhyteNEO_Phyte We need shirtgons! Join Date: 2003-12-16 Member: 24453Members, Constellation
    <!--QuoteBegin-im lost+Mar 7 2005, 08:04 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (im lost @ Mar 7 2005, 08:04 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Basically, don't click on any links from people without knowing what they are. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    and this is why i am virus/spyware free with IE
    Off Topic Disagree Agree Awesome
  • DaedalusDaedalus Join Date: 2003-04-02 Member: 15152Members
    In short. Don't click .pif files. It's surprising the number of "smart" people on my contact list actually clicked this file.
    Off Topic Disagree Agree Awesome
  • OttoDestructOttoDestruct Join Date: 2002-11-08 Member: 7790Members
    Links for all the viruses

    <a href='http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.a.html' target='_blank'>http://securityresponse.symantec.com/avcen...2.kelvir.a.html</a>

    <a href='http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.b.html' target='_blank'>http://securityresponse.symantec.com/avcen...2.kelvir.b.html</a>

    <a href='http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.c.html' target='_blank'>http://securityresponse.symantec.com/avcen...2.kelvir.c.html</a>

    <a href='http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.d.html' target='_blank'>http://securityresponse.symantec.com/avcen...2.kelvir.d.html</a>
    Off Topic Disagree Agree Awesome
  • SoulSkorpionSoulSkorpion Join Date: 2002-04-12 Member: 423Members
    A friend of mine has this virus, I know because his MSN tried to pass it on to me. It was a dead giveaway because he doesn't talk like an AOL 'tard online <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->
    Off Topic Disagree Agree Awesome
  • ZaggyZaggy NullPointerException The Netherlands Join Date: 2003-12-10 Member: 24214Forum Moderators, NS2 Playtester, Reinforced - Onos, Subnautica Playtester
    My lil' bro had the same, pretty tough virus <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin-fix.gif' border='0' style='vertical-align:middle' alt='biggrin-fix.gif' /><!--endemo-->

    What I did:

    1: Boot in Safe Mode
    2: type msconfig in Run, then disable ALL startup items, thats right all of em.
    3: search your harddisk for the latest files made (on your OS partition, probably C:)
    4: 3 files are (were at mine at least) at top, something with sys in it, something with msnwb and another one.
    5: type in Run: "killtask /f /im name.exe" the sys one
    (heck I wish I remembered those names)
    6: Now you can actually delete the files
    7: type regedit in Run, and search for all instances with for the sys file thing, and you'll find it in about 4 locations, delete them.
    8 reboot, make sure it won't appear again and fix your startup items.
    9 I did a scan with Hitmanpro, Windows Antispyware Beta and my Virusscanner to be sure. <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile-fix.gif' border='0' style='vertical-align:middle' alt='smile-fix.gif' /><!--endemo-->
    10 ( I had to make ten) The End

    I did fix the problem, but my lil' bro got pretty **** at his WinXP to screw up again and started leeching Debian, and installing it -.- .
    He changes OS every few weeks.
    Off Topic Disagree Agree Awesome
  • panda_de_malheureuxpanda_de_malheureux Join Date: 2003-12-26 Member: 24775Members
    luckily i dont have any friends who say hehe this is funny. and if they did they wouldnt be my friends anymore.
    Off Topic Disagree Agree Awesome
  • Private_ColemanPrivate_Coleman PhD in Video Games Join Date: 2002-11-07 Member: 7510Members
    anyone who says "Hehehe This Is Funny" and gives a link deserves to be shot.
    Off Topic Disagree Agree Awesome
  • Lt_PatchLt_Patch Join Date: 2005-02-07 Member: 40286Members
    I think the most recent one for MSN hits is W32/Bropia.

    Being immersed in the world of retail PC repairs now for a while, here is the disinfection route.

    1. Turn off System Restore (Only under WinMe or later)
    2. Go Start -> Run, and type "msconfig" in the dialog box.
    3. Click on Startup, then find an entry that says "isass.exe" and nerf the tick in the box.
    4. Click OK, but DON'T RESTART THE COMPUTER!
    5. Call Task Manager/ End Program by holding down Ctrl-Alt-Del.
    6. Find the entry that says isass.exe, and click on it. Win98/ME users click End Program.
    7. For 2K/XP, you need to click on Prcesses tab to bring it up, then click on Image Name to sort them, then find isass.exe, click on it, then click End Process. For god sake don't kill the legitimate lsass.exe process, as that will restart the computer (It's part of the RPC locator, i think)
    8. THEN run your up-to-date anti-virus software, which will find Bropia, and disinfect the file, as it's no longer in memory and therefore not read-only anymore.
    9. Then get MSN up to date, with any security releases, and/or the 7.0Beta.
    10. Restart the computer, (WinXP users check the box and dismiss the Sysconfig box that appears)
    11. Run your AV checker again, just to make sure that everything is done.
    12. Failing all that, if Bropia is still on your PC, download and run [URL=http://securityresponse.symantec.com/ avcenter/venc/data/w32.bropia.removal.tool.html]Symantec's Bropia removal tool[/URL]. This will delete any infection of Bropia that is not running in memory, follow the Task Manager/ End Program steps above to remove from memory.
    13. When your AV software reports nothing found, and so does the remover, then make yourself a cup of coffee, and relax. Bropia is now no longer on your PC, but slap yourself for not declining the file transfer.

    And remember kids. The majority of virus infections (Proper virus infections) comes from the, now proven with a survey, 75% of people who <b>will</b> accept the transfer, or will open the email. For god sake, if you didn't ask for it, delete it.
    Off Topic Disagree Agree Awesome
  • Sub_zer0Sub_zer0 Join Date: 2004-05-09 Member: 28569Members
    hehe this is funny.. <a href='http://www.funpic.hu/swf/numanuma.html' target='_blank'>funneh</a>

    oh noes *BANG* aieee

    (relax no virus)

    I also had a friend who contracted this virus he had to fromat <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->
    Off Topic Disagree Agree Awesome
  • Lt_PatchLt_Patch Join Date: 2005-02-07 Member: 40286Members
    Given the gravity of the topic, jokes shouldn't be apprecitaed or even post on these kind of things.
    Off Topic Disagree Agree Awesome
  • Sub_zer0Sub_zer0 Join Date: 2004-05-09 Member: 28569Members
    edited March 2005
    yeah they should people need to lighten up
    Off Topic Disagree Agree Awesome
  • SLizerSLizer Join Date: 2003-11-07 Member: 22363Members, Constellation
    I agree that Isnt funny at all(wont click btw)
    Off Topic Disagree Agree Awesome
  • Sub_zer0Sub_zer0 Join Date: 2004-05-09 Member: 28569Members
    sad sad sad people
    Off Topic Disagree Agree Awesome
  • raz0rraz0r Join Date: 2003-07-24 Member: 18395Members
    I clicked it, assuming .pif was an image file (hey, it looked like .gif at first glance)
    It downloaded the file to my documents, and it said it was an MS Dos executable, so i scanned it with a multitiude of virus/spyware scanners, nothing happened.

    So i clicked it.

    opened up a whole load of windows, but no lasting harm was done.
    Off Topic Disagree Agree Awesome
  • Sub_zer0Sub_zer0 Join Date: 2004-05-09 Member: 28569Members
    not my link mine was to a vid posted about a month ago with some fat bloke singing
    Off Topic Disagree Agree Awesome
  • OttoDestructOttoDestruct Join Date: 2002-11-08 Member: 7790Members
    <!--QuoteBegin-raz0r+Mar 8 2005, 10:28 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (raz0r @ Mar 8 2005, 10:28 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> I clicked it, assuming .pif was an image file (hey, it looked like .gif at first glance)
    It downloaded the file to my documents, and it said it was an MS Dos executable, so i scanned it with a multitiude of virus/spyware scanners, nothing happened.

    So i clicked it.

    opened up a whole load of windows, but no lasting harm was done. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    Except if you go to processes youll notice something named svchotkey or something of that sort. GG youre infected.
    Off Topic Disagree Agree Awesome
  • raz0rraz0r Join Date: 2003-07-24 Member: 18395Members
    <!--QuoteBegin-OttoDestruct+Mar 8 2005, 05:20 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (OttoDestruct @ Mar 8 2005, 05:20 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> <!--QuoteBegin-raz0r+Mar 8 2005, 10:28 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (raz0r @ Mar 8 2005, 10:28 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> I clicked it, assuming .pif was an image file (hey, it looked like .gif at first glance)
    It downloaded the file to my documents, and it said it was an MS Dos executable, so i scanned it with a multitiude of virus/spyware scanners, nothing happened.

    So i clicked it.

    opened up a whole load of windows, but no lasting harm was done. <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    Except if you go to processes youll notice something named svchotkey or something of that sort. GG youre infected. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    or not...

    Spybot has this little thing that pops up when a change to the registry has been requested. I told it to den all those changes.

    GG virus
    Off Topic Disagree Agree Awesome
  • Lt_PatchLt_Patch Join Date: 2005-02-07 Member: 40286Members
    The files in My Documents are normally harmless individually, this is to stop things like heuristics from working. Some viruses even download indiviual files, then a master file, containing rebuild instructions. These are the worst type, as if you send them to an AV lab, then they will be returned with a no infected note. Some AV labs even know this, but return the files anyway, as if the heuristic scanner gets updated with a possibility of a rebuilding code structure, then pretty much anything containing raw code gets a false positive. Which is bad news for Windows, as it would try to quarantine all the afftected FP's. Which would screw Windows up. You could get a list of files added to the scanner, which would be immune to quarantining, and heuristic checks, but then that knackers up detection of any viruses that actually infect Windows files, like Explorer, etc.

    Also, Spybot's TeaTimer side is not fool-proof, and can be disabled with a workaround. Don't rely on it. Only thing you can rely on is having 1 retail AV software, up to date, and 1 free one, up to date. And using CWShredder, Ad-Aware, and Spybot all in conjunction. Run one after another. Yes it's a long process, but it will catch something like 99% of all known viruses, and about 95% of all known spyware.
    Off Topic Disagree Agree Awesome
  • AlienCowAlienCow Join Date: 2003-09-20 Member: 21040Members
    I'm intelligent so I clicked it and opened it. It was a right laugh. I was just asking my "friend" who sent it to me "so what's a .pif?" when it all went **** up.

    MSN chat windows from all my contacts appeared and closed randomly and I couldn't access anything. I just restarted and deleted the file, ran some scans and everything seems fine (so far..).

    I didn't have that svchotkey thing in processes
    Off Topic Disagree Agree Awesome
  • ThansalThansal The New Scum Join Date: 2002-08-22 Member: 1215Members, Constellation
    I was gona say IRC FTW

    then I remembered how many viruses and pornbots there are <!--emo&:p--><img src='http://www.unknownworlds.com/forums/html/emoticons/tounge.gif' border='0' style='vertical-align:middle' alt='tounge.gif' /><!--endemo-->
    Off Topic Disagree Agree Awesome
  • Lt_PatchLt_Patch Join Date: 2005-02-07 Member: 40286Members
    AlienCow. That was exactly what happened about a day before I found the Bropia virus on my mum's PC. She said that MSN just kept brining itself on top of anything that was open at the time. What she tried to click on it, it just kept flashing as before, nothing closing it at all, as the system tray icon was screwed as well. One dump of both Explorer, and MSN messenger later, rstore functionality, then email someone I know at Sophos, who suggested a scan, as he's never seen MSN do that without it being infected.
    One scan set later, Bropia removed, MSN worked perfectly after that. Just remember to never accept anything via MSN unless you turn on "Show file extension for all known file types" on. And even then be wary.
    Off Topic Disagree Agree Awesome
  • AlienCowAlienCow Join Date: 2003-09-20 Member: 21040Members
    <!--QuoteBegin-Lt Patch+Mar 8 2005, 05:20 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Lt Patch @ Mar 8 2005, 05:20 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> AlienCow. That was exactly what happened about a day before I found the Bropia virus on my mum's PC. She said that MSN just kept brining itself on top of anything that was open at the time. What she tried to click on it, it just kept flashing as before, nothing closing it at all, as the system tray icon was screwed as well. One dump of both Explorer, and MSN messenger later, rstore functionality, then email someone I know at Sophos, who suggested a scan, as he's never seen MSN do that without it being infected.
    One scan set later, Bropia removed, MSN worked perfectly after that. Just remember to never accept anything via MSN unless you turn on "Show file extension for all known file types" on. And even then be wary. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    Yeh well me and my mates often send stuff to each other or show links on MSN...it really caught me off guard, its quite clever that it makes it seem as though someone you know sent it to you.

    I shall be more wary though lol <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile-fix.gif' border='0' style='vertical-align:middle' alt='smile-fix.gif' /><!--endemo--> Lucky it wasn't anything worse
    Off Topic Disagree Agree Awesome
Sign In or Register to comment.