MSN Virus.

Sully

Hey,

A friend of mine has got infected with the same / similar virus. Im pretty good with PC's and have given him a set of instructions on how to remove it, all to no avail.

He has ran in normal mood; AVG Virus Scan, Housecall (the virus scanner on the web), Spybot, Ad-Aware and MS AntiSpyware. All came clean and didnt find anything suspicious. There also all up-to-date. He ran each of these in safe mood also, but no look.

Here is some of the stuff the virus sends to people on his list:

WARNING: DO NOT CLICK ANY OF THOSE LINKS BELOW. THEY LINK TO THE VIRUS. YOU HAVE BEEN WARNED!

check out this laser

w*w.multilaser.com.br/IMG000583.php

WOW

w*w.tvroggwil.ch/IMG000583.php

NOTE: DO NOT CLICK ANY OF THOSE LINKS ABOVE. THEY LINK TO THE VIRUS. YOU HAVE BEEN WARNED!

Iv put the "*" in the "www" so people cant click them, and in case they ignore/dont see the warnings

Anybody know what virus this is and how to remove it??

beller b

You say you have run the antivirus in normal mode >... Do you mean safe mode?

Sully

beller b wrote:

You say you have run the antivirus in normal mode >... Do you mean safe mode?

He ran it in both Safe Mode and Normal Mode. However, im just after receiving a message and he said he updated AVG (apparently an update became available today?) and re-ran it - it detected a virus and removed it. However on re-booting the PC it was still there.

I think a manual remove is needed here so we get rid of ALL files assosciated with the virus. But I need to find out what the virus is first as there are many different types, some sending ".pif" files. Any ideas?

Berger

Did he disable System Restore and then remove the virus? If you dont it's removed but is backed-up in the restore thing so it'll keep being detected. Right click on My Computer and try disabling it and then scan again.

formatman

advise taking the Drive out , slaving it on a machine with with Norton and scanning and removing from there , this bypassed the system restore issus once norton is set to scan compressed files

Spyhunter is also very good free trial on

www.enigmasoftwaregroup.com

McClane

www.ubuntulinux.org

smeggle

have you tried panda active scan? free online scan system. I use it as a back up to AVG and it'll catch spyware that adaware/spybot miss

google panda anti virus for the link and look for online active scan (You need to use I.E. and disable any pop up blockers).

Laguna

Why do linux users always do that?

Post a link to a linux site and say nothing, Is that supposed to create mystique?

Dinner

Laguna wrote:

Why do linux users always do that?

Post a link to a linux site and say nothing, Is that supposed to create mystique?

Well, thats what happens when people dont read the charter.....

Unhelpful comments (e.g. "switch to linux" when encountering a windows problem) will result in a one day ban.

McClane

Why do linux users always do that?

Why bother writing a few paragraphs about the downfalls of Windows security and the ease of writing virus's for that system when most people will listen to and probably agree with you and still continue to use windows anyways ?

1. The reason you get viruses is because you use windows, a closed source system with little/no security (privileges for users) making it easy for anyone who has taken 5 minutes to read a programming book able to write a virus. Windows is inherently insecure and because of its integrated nature (lots of people use windows + msn messenger + outlook + ie) it makes it simple for virus writers to write them for windows.

2. An anti-virus is a piece of software which is basically protecting you from flaws in Windows. Your paying a third party company to develop software to protect badly written software full of security holes that you also paid for.
Even if you use a free anti-virus, your using software which will always be behind the virus writers to protect badly written insecure software.

Sully

Linux is a new operating system. I didnt request suggestions for a new operating system. All I asked was info on how to remove the virus, and before you say it, installing Linux will not help for several reasons. So lets just keep that issue shut. Im looking for solutions to fixing the problem whilst still using Windows (ie not chaning OS).

Iv asked him to try doing it with system restore disabled and in safe mood. He has also tried that housecall web-scan and several anti-spyware tools

McClane

Unhelpful comments (e.g. "switch to linux" when encountering a windows problem) will result in a one day ban.

Hardly a fair rule for the "Computers" section.

I see the problem. i.e > Windows.

I suggest a solution. i.e > Linux.

That rule would be perfectly legitimate in the Operating Systems -> Windows section. But we're talking about Computers, not "How to fix problems with computers that run windows" section.

In case anyone hasn't realised, windows isn't an irremovable part of a computer.

Do we now have 2 Windows sections then ?

McClane

Windows suggestion.

Turn off system restore and try every AV/anti spyware you have until you at least find out the name of the virus/trojan/spyware.

When you have the name google and you should find any other instructions as to how to get rid of it. (i.e > If its installed itself elsewhere & instructions on how to delete completely.)

Sully

McClane; You are the most un-helpfull chap. I do not see "switch to Linux" as a solution at all. Most people look for Windows based suggestions/solutions when they post about a problem. And im affraid, thats what I am asking for here. I completley agree with the charter, as your first post (just the URL) would baffle most people. It was a remark - "Linux is better then Windows. Use Linux and all your virus and crashing problems will be solved".

Now, your other soltuion about System Restore - im awaiting to see how that goes. As for trying every VS Scanner that could take a LONG time. Ill get him to try the most popular tho. As for Google - been there done that and guess what? There are many different variations of the virus going around, and my problem is trying to pin-point what one my friend has - that Google cant answer.

Now if you have any worth while, non smart arse pathetic suggestions, feel free to post

mukki

back on topic, everyone please


i good way to spot a virus is to run msconfig, untick everything in the startup tab, then okay it, don't rebot, just run msconfig and see is any (new) ticked boxes have arrived, (virus will replace itself) and then google the name of the "?whatever?.exe" file


if nothing is re ticked, then reboot the pc and check msconfig again, if its still clear the virus will not be running, (but you still wont know what it is called)

oh by the way those links dont work :eek:

Khannie

What you read:

McClane wrote:

www.ubuntulinux.org

What was really said:

McClane wrote:

I don't like reading charters, but I do like being banned.

Edit: McClane: Fair enough, you've tried to justify yourself, but I'm trying to prevent the kind of post that you've just put out and to be fair I've been explicit about it. One day ban.

Sully

Mukki: Thanks for that suggestion, ill pass it on. Thing is, that will only stop it from starting and wont remove all of its files.. Wish I knew the exact virus we were dealing with here!

Khannie: Thanks.

mukki

there is only a slight chance that it will stop it from running, most likely it will re-enter itself and you'll be able to google its name,


if msconfig wont work (a few virus kill it) tell him/her to boot pc in safe mode

slaving the drive in a good pc, with upto date antivirus software, and run a full scan of the disk is your only hope

pickarooney

Just wondering why you titled the post MSN virus and said it s the same/similar virus. Similar to what? Did he get it via MSN or is it related to Messenger?
Or is there a virus called MSN that this one resembles in some way?
If the virus is active at the moment, can you check Task Manager and list any processes you don't recognise?

mukki

i presume he called it an MSN virus becuase its use MSN messeger to send the messages quoted in the OP to people on his friends list


anyway sully?? whats happening since?

Sully

pickarooney; Its an MSN virus because this one is attracted to MSN Messenger (possibly other IM aswel). People get infected through the links sent via IM conversations.And it passes on. It's similar to viruses received in email's - you open the attachment, your infected and its passed onto everyone in your address book. With this, you receive a link in a convo and you open it and your infected. That link is then re-distributed through the infected account to all people in his "Friends" list in Messenger.

As for what this virus is similar to other of its kind - there are many MSN virus working in a similar way (tho some dont send a link, they send you a file and you download it and are infected) and all have different fixes. Tho I cant find an exact fix for this.

mukki; No idea. Last time I spoke to him was yesterday afternoon and I explained what I was told here. He says he thinks it is gone, as when he is online it doesnt send any message anymore. But he is not to sure. Thats the last word I heard from him!

jc94062

Can't you just backup whatever you really need (ie: saved games) and then reformat? Not sure what the virus is actually doing but if Nero etc... is still functioning that would certainly sort it...

I'd rather spend 2 hours dumping to a DVD R and reformating than spending days trying to hunt for every last shred of a virus...

Skud

switching to trillian is a safer option or using webmessenger in future, msn is a hot bed for trouble

aidan_walsh

Sully's right, whats happening here is that the virus is using MSN messenger to propegate. Its fairly safe to assume that unless you clicked on the link, you're in no danger.

Skud, as its using the MSN protocol to spread, switching messanger apps will likely do no good. As long as you use a client that can read the MSNM protocol, then you are at risk of getting the message, but unless you click the link, you're fine.

Sully

The virus roaming around the MSN Messenger community has been seen around Trillian, AIM, gaim and lots of other IM communitys.

As much as id love to say "format and be done with it" id rather try and figure out where the files are, and how to remove them. Mainly for experience, but then I could aid others when they get the problem and they simply cant A) Switch to Linux or Format. Thats why programmers created Virus Scanners

Sully

Ok an update. The guy who I am talking about has not got rid of the virus, but the person who sent him the virus is having a lot more trouble. Apparently, AVG is not detecting viruses on any of the two PC's but on the worse off PC Norton (a very old definition file) was finding 100's of viruses which seemingly the MSN virus is letting in. The owner of that PC swares his PC was clean before the MSN Virus arrived. Also he is saying that the virus is slowly eating away his PC - it has also affected system files, the Internet, cant visit some sites or download security updates/virus definition files/use MSN Messenger etc. He got a cousin - a computer technican apparently - to examine his PC and he came to the conlusion that the virus was spreading and letting in trojans which eventually brought the system to a halt, affected system files, safe mode, firefox etc. He also found one of its base files which apparently has a txt file showing everything the virus has done since its arrival (something iv never heard of before now). His solution? Buy Norton AV and run a full virus scan. However that failed as the PC owner cant get Norton updates. When I suggested someone download them to a CD for him he kept changing the topic and saying it wouldnt work or something. Also System Restore was disabled yet the files were still being re-created.

A summary: The person I posted this thread about just has the MSN virus posting dangerous links every few hours. No scanner he has tried can remove it fully. The person he got the virus from however, has a different story. He hired a tech guy (a cousin) to examine it. Results of that were: System Files are infected. The MSN virus is bringing in more viruses (lots of trojans on a Norton scan) and causing the PC to stop working (Internet wont work - most sites wont load, updates refuse to download, hosts file was checked and is OK) and also infected FireFox (I never knew there were such viruses yet for FF?). Base file has a txt file showing everything the virus has done to the PC since its arrival. Safe Mode is no longer "safe" and is infected also! System Restore is not re-creating the files, as its off.

Any comments? I dont really believe his story..

Sully

I think thats wat we are going to do. But I answered your suggestion earlier;

Sully wrote:

As much as id love to say "format and be done with it" id rather try and figure out where the files are, and how to remove them. Mainly for experience, but then I could aid others when they get the problem and they simply cant A) Switch to Linux or Format. Thats why programmers created Virus Scanners

Sully

I can confirm that the guy who I posted about:
Did a VScan (AVG) and Spyware Scan (Ad-Aware) in Safe Mode with System Resotre disabled and removed the files. However they re-appeared hours later.

Some of the file names which he reports suspicous are;
ppps, 33n, bbbccd, gggg, hhhs, dzz1, ffkd (those are .exe files located in C:\)
c:\documents and setings\gilbert\localsettings\temp\11.temp.exe 1 28129 (startup)

Searched Google, came back with nothing. He says he found a site which listed some of those files created by a company called G-Star which were listed as suspicous.

Sully

Also rant.exe is a file on startup.. thats a trojan. Gonna suggest he uses Panda AV to remove it