Virus on MSN - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Skype & Live Messenger (/forumdisplay.php?fid=10)
+----- Thread: Virus on MSN (/showthread.php?tid=39676)
Virus on MSN by vincerooney on 03-06-2005 at 09:02 PM
I went downstairs to watch tv and returned and im being spoken to by 10 people. I suddenly feel popular until i realise they are all saying the same thing to me, its obviously some virus.
DONT CLICK THE LINK- to make sure no one stupid enough does it i've deleted on the 't's in http.
"*) You've g: omg this is funny!
htp://jose.[][][][][][][][][][].att.net/cute.pif"
Anyone know what virus this is? I havent clicked the link yet, im not that daft but i'd like to prepare myself if someone incompetent in my family does.
Plus i could blackmail my friends with the knowledge of the cure.
RE: Virus on MSN by Dempsey on 03-06-2005 at 09:03 PM
its the Bropia virus cure for some variations here
RE: Virus on MSN by vincerooney on 03-06-2005 at 09:04 PM
Thanks dempsey. Any idea what the above one comes under? Thats the only one i've seen in such high numbers so far.
RE: Virus on MSN by King For A Day on 03-06-2005 at 09:09 PM
its been around 4 a while, i just got sent it loads, ive been helping every one get sorted.
use this to check if ur ok,
http://www.mess.be/pafiledb/pafiledb.php?action=d...fbd9ffa3b338afd304
can anyone tell me exactly what it does, aprt from send its self around
RE: Virus on MSN by Dane on 03-06-2005 at 09:15 PM
Omg, I love viruses so much, I had to infect myself with this one. Doesnt seem to do much though except cause Help and Support center to open 
.
RE: Virus on MSN by vincerooney on 03-06-2005 at 09:15 PM
I'm also curious as to that too
RE: Virus on MSN by segosa on 03-06-2005 at 09:50 PM
Meh. It's nothing special. Almost exactly the same as the last. Downloads a 508KB file to C:\patch.exe from home.comcast.net and executes it. Creates a service named hotkeysvc etc. It hasn't changed much at all. They're getting boring, the variant creators need more imagination. 
RE: Virus on MSN by vincerooney on 03-06-2005 at 09:54 PM
Whats the cure for it? Apparently the link given in the second post hasnt cured the virus i described in the first post. Any ideas?
RE: Virus on MSN by albert on 03-06-2005 at 10:03 PM
man I can't understand how ppl fall for this.. I mean .PIF
Ne ways, thx for the symantec link, appreciate it!
RE: Virus on MSN by EvilSeph on 03-06-2005 at 10:39 PM
quote:
Originally posted by Dane
Omg, I love viruses so much, I had to infect myself with this one. Doesnt seem to do much though except cause Help and Support center to open .
ROFL, I wonder why, Dane?
quote:
Originally posted by toddy
quote:
Originally posted by Segosa
Meh. It's nothing special. Almost exactly the same as the last. Downloads a 508KB file to C:\patch.exe from home.comcast.net and executes it. Creates a service named hotkeysvc etc. It hasn't changed much at all. They're getting boring, the variant creators need more imagination.
well why don't u code something, sure it would beat anything anyone else could make
Suggesting someone to make a virus will piss the staff off. It has done so before, just a friendly warning.
quote:
Originally posted by lp15
man I can't understand how ppl fall for this.. I mean .PIF
WHO THE F*** uses that kinda file? I eman seriously its stupid ppl getting it, and then you have to bust your ass finding them ways to get it out, thx for the link btw its rlly helpfull!1
Not everyone is as elite as you, sir. Besides, .PIF files are cool. As are .ES, .EVIL, .SEPH, gotta love them. Unless you'd like to spend your time educating people to not do something (which result in them doing it) then seriously, don't reply to topics like this unless you can offer help.There are for too many posts where someone asks for virus help and then they get put down by posters calling them idiots and such. Please don't be tempted to do this, it doesn't help the situation, really.
RE: Virus on MSN by albert on 03-06-2005 at 10:56 PM
Elite? you gotta be an elite to see a .pif and realize that this is strange.. 
? I don't think so, but you are right, my language was a little exagarated, and for that I apologize, and will edit my post ASAP.
My post was just, to say thx for the Symantec Link
Btw, is there a job such a teaching ppl stuff like that ?
RE: Virus on MSN by EvilSeph on 03-06-2005 at 11:18 PM
quote:
Originally posted by lp15
Elite? you gotta be an elite to see a .pif and realize that this is strange..
My post was just, to say thx for the Symantec Link
Btw, is there a job such a teaching ppl stuff like that ?
I don't really know...there could be..I mean, look how crazy some jobs out there are. But what's the point? People do the exact opposite of what they're told. Need proof? Look at school. They're taught the downside of doing drugs and yet, the majority of the students (the cool ones, mainly) smoke. If I were told not to look at something, quite obviously I'll end up looking at it. Now, it would be a completely different story if no one said a thing about it. I mean, most people wouldn't notice most things unless someone pointed it out to them.
RE: Virus on MSN by jren207 on 03-06-2005 at 11:25 PM
hmmm, i just got a link like that from a contact of mine. Poor person, they didn't know they had it or what to do. Other people had got infected as well, either a file (.pif type) was being sent by the infected computer to or a link like that pointing to a .pif file.
sooner of later, i'm gonna fall for accepting a dodgy file or clicking a dodgy link 
RE: Virus on MSN by ~INVASION~ on 03-06-2005 at 11:25 PM
well it finally happened. SOMEONE ON MY LIST GT THE VIRUS. ahhahaha and it was my big sister 
RE: Virus on MSN by Purity on 03-06-2005 at 11:29 PM
I fell for this damn linkage crap! 
RE: Virus on MSN by albert on 03-06-2005 at 11:30 PM
quote:
Look at school. They're taught the downside of doing drugs and yet, the majority of the students (the cool ones, mainly) smoke.
I know what you mean, and it's real they won't listen.. but about that drug thing I don't think it's about teaching or not.. I mean I personally am against drugs.. alchool and smoking.. i hate it.. but.. i mean most of the students n my schol.. lets say about 75 % are on one of these things.. and everytime I ask what I realize is that they just do that because they wana enjoy themself, and without drugs or alchool, they cant
Now don't ask me why! I can have fun at a party without being high.. can't we all? Apparently not..
neways.. we getting out of the subject but hey, Evil Steph I seen your personal msn space, and you were talking about the new msn today, maybe you can help me out with my problem, it's the post named : MSN TODAY : OLD/NEW in the Messenger & Technology/ Msn/Windows Messenger directory, thx a lot!
RE: Virus on MSN by lynsey on 03-07-2005 at 01:31 AM
A friend of mine got a virus this evening through MSN, and we are struggling to get rid of it. The computer has Windows 98SE OS, and Norton Antivirus.
The message sent to her was a link, and said something about a funny picture, and a link to jose.*********/cute.pif. It sends to contacts by typing itself, you can see the cursor move as if there is someone typing it, but can't see the words themself being typed.
We did a search for it, and it appeard to be the bropia worm, and installed the removal tool found at http://securityresponse.symantec.com/avcenter/ven....removal.tool.html. It said it could not find the bropia virus on her computer.
It installed a toolbar, itsbar, which we removed through spybot, although a whole bunch of porn links were not removed at the same time. Since then, the search functionality on the computer has not been functioning, typing in a url causes an illegal operation every 3 or 4 times it is done, excessive pop ups are occuring, for kelkoo, bullseye and casinos, and it will not allow a pop up blocker to be downloaded, nor would it allow anything like spybot to be downloaded, saying that the security settings will not allow it. It has blocked the security settings in Internet explorer from being changed. Norton will not work, it scans as if there is only a few files on the computer, which is the same thing that the search does. From time to time, a random dos screen comes up, although it flashes up so quick we cannot be certain it is not a pop up.
At one point, before it was removed, there was an itsbar.dll error come up, titled fahkpym came up, this term did not appear on google.
This is all I can think of at the moment, is there anyone out there who can shed some light on the subject, nothing seems to be working or helping!
RE: Virus on MSN by Taulin on 03-07-2005 at 02:33 AM
try booting in safe mode and running the cleaners and scans, if you havent tried that already (i believe most of the removal guides say to boot in safe mode to run them)
RE: Virus on MSN by Hank on 03-07-2005 at 02:38 AM
try other free online scanners to see what it finds,, the Virus does it come with a MS-Dos Icon ?
RE: Virus on MSN by Purity on 03-07-2005 at 04:04 AM
This is really annoying i'm getting like spammed with file transfers from some people....
RE: Virus on MSN by Joe on 03-07-2005 at 04:30 AM
quote:
Originally posted by http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.html
Drops a variant of W32.Spybot.Worm
Wild: Damage: Distribution:
Medium Medium Medium
W32.Spybot.Worm is a detection for a family of worms that spreads using KaZaA file sharing and mIRC. This worm can also spread to computers that are infected with common back door Trojan horses and network shares that make use of weak passwords.
![[Image: middle_grid_narrow.jpg]](http://securityresponse.symantec.com/avcenter/graphics/ssrc/writeups/middle_grid_narrow.jpg)
![[Image: medium_bar_red.jpg]](http://securityresponse.symantec.com/avcenter/graphics/ssrc/writeups/medium_bar_red.jpg)
W32.Spybot.Worm can perform different backdoor-type functions by connecting to a configurable IRC server and joining a specific channel to listen for instructions. This worm often includes key logging software as well as performing Denial of Service (DoS) attacks on various websites. Users should immediately change all passwords if this worm is found on their computer.
...
Looks like this COULD cause some problems... COULD
RE: Virus on MSN by Hank on 03-07-2005 at 04:48 AM
Linux R0x0rz ,, email the Virus people about it, Symantec/VET/Trend/ etc
RE: Virus on MSN by haydos on 03-07-2005 at 09:31 AM
hp://home.earthlink.net/gallery10/omg.pif
^^^^^^^ another form here I CHANGED THE NAME SLIGHTLY DONT STRESS PPLS
RE: Virus on MSN by got_banned on 03-07-2005 at 10:53 AM
So even just clicking on the link will send the virus to your computer? I used the virus removal tool and said the virus couldn't be detected...
RE: Virus on MSN by haydos on 03-07-2005 at 10:59 AM
No if you click on my link above you will not get the virus. The link above is SIMILAR to the link but i edited the tt from the http and another bit.
Clicking on the link takes you to a site. How do you think the information from the site gets to your computer?? It downloads...
RE: Virus on MSN by got_banned on 03-07-2005 at 11:08 AM
Sorry, i'm half-awake. Just making sure...
Does clicking on the original link (not the one that was posted above my first post) send the virus?
RE: Virus on MSN by haydos on 03-07-2005 at 11:13 AM
Thats ok, didnt mean 2 sound rude
As far as i know it will send the virus because to access the page your computer has to download certain files (if somebody can explain this better/correct me please do so)
RE: Virus on MSN by got_banned on 03-07-2005 at 11:29 AM
A .pif would need to be downloaded wouldn't it? I don't think it could be executed without the website's information just being passed on to your computer. As I said before, I used the virus remover tool and had nothing detected and no one has gotten the link from me.
RE: Virus on MSN by haydos on 03-07-2005 at 11:36 AM
Some variations arent detected by the removal tool. And the removal tool just worked for a friend of mine on the hp://home.earthlink.net/gallery10/omg.pif version so if you have that one give the removal tool from mess.be a try
RE: RE: Virus on MSN by got_banned on 03-07-2005 at 11:39 AM
quote:
Originally posted by Dash
quote:
Originally posted by got_banned
So even just clicking on the link will send the virus to your computer? I used the virus removal tool and said the virus couldn't be detected...
me to
Did people on your msn lists get a link from you?
RE: Virus on MSN by haydos on 03-07-2005 at 11:43 AM
That is how the virus spreads. It sends the link to the virus to all of the contacts on your list.
You may also want to see this thread: http://shoutbox.menthix.net/showthread.php?tid=39645
RE: RE: Virus on MSN by got_banned on 03-07-2005 at 11:45 AM
quote:
Originally posted by Dash
quote:
Originally posted by got_banned
Did people on your msn lists get a link from you?
suprisingly, no
I guess we don't have the virus?
RE: Virus on MSN by vincerooney on 03-07-2005 at 12:50 PM
1) If you clicked on the link then you have it in all certainty.
2) Any knowledge on the cure for this version of bropia? On mess.be it says theres a new virus coming around and gives the unhelpful advice 'keep your virus log uptodate'
Do we actually have a specific virus removal for the latest bropia worm?
This is obviously why some of the removal tools arent finding this newest worm.
Its a good thing i never clicked on the link but im annoyed as hell at all the crap im being sent.
RE: Virus on MSN by lynsey on 03-07-2005 at 03:22 PM
If your problem is the same as what I was trying to solve, I have been advised that it may be the Kelvir virus, and to download ClamAV from http://prdownloads.sourceforge.net/clamwin/clamwi...setup.exe?download which will remove it. Still have ClavAV finishing a scan, and it has found something, so might be worth a go for you too.
RE: Virus on MSN by ShawnZ on 03-08-2005 at 09:52 PM
When you click the link, it has to download first does it not? Unless ie thinks its a link and opens it automaticcily, you should be fine. Theres no possible way there can be code on a webpage thats executed unless its an activex object (and bropia isnt.) So - it should open a file download window, and THATS the virus. Click run on that and youll be screwed.
RE: RE: Virus on MSN by ZrednaZ on 03-08-2005 at 10:09 PM
quote:... which I unfortunately hadn't predicted when I clicked the link.
Originally posted by vincerooney
1) If you clicked on the link then you have it in all certainty.
After receiving the link from several infected contacts (who would then ask me what this virus was doing to their comptuer), I decided to update my virus definitions, download the file and scan it in order to read about it in Symantec's online virus encyclopedia. Of course I hadn't intended to execute the file, but to my horror it seemed to execute itself, and Norton remained idle.
Seems that Symantec didn't release virus definitions for this virus until March 6th, which explains why I was infected (at least partially; it didn't spread via messenger). However, I was able to remove the virus the day after using fully updated definitions... It discovered 4-5 infected files.
RE: Virus on MSN by Dane on 03-08-2005 at 10:37 PM
Erm, this isnt the bropia virus, in case you havent noticed . It is W32.Kelvir.A@mm (Symantec Security Response - W32.Kelvir.A@mm). The second link that was posted is W32.Kelvir.B@mm (Symantec Security Response - W32.Kelvir.B@mm). Any users of Symantecs Norton AntiVirus, Norton Internet Security, Norton SystemWorks are already protected. Symantec issued RapidRelease Emergency Virus Definitions on March 6th, 2005 at about 5PM Central Standard Time to prevent this threat.
There are 2 varients besides these, W32.Kelvir.C@mm (Symantec Security Response - W32.Kelvir.C@mm) and W32.Kelvir.D@mm (Symantec Security Response - W32.Kelvir.D@mm - Removal Tool for W32.Kelvir.D@mm).
If you cant tell, these viruses are coming out very fast, so fast in fact that Symantec has had to issue Emergency Virus Definitions for 2 or 3 of these varients.
RE: Virus on MSN by jren207 on 03-08-2005 at 11:07 PM
quote:
Originally posted by Dane
If you cant tell, these viruses are coming out very fast, so fast in fact that Symantec has had to issue Emergency Virus Definitions for 2 or 3 of these varients.
i wondered why i kept getting a "your virus definitions are now up to date" pop-up more times than usual...
RE: Virus on MSN by razor_sparks on 03-08-2005 at 11:32 PM
This notice is off of the MSNBC Tech & Gadgets: Virus & Security page:
"Instant message worm attacks increasing
Experts warn users to be wary of links sent over IM"
http://www.msnbc.msn.com/id/6448213/did/7120241/?GT1=6305
Please be sure your antivirus definitions and software are installed and up-to-date.
RE: Virus on MSN by Dane on 03-09-2005 at 09:40 PM
Viruses are on the rise for MSN Messenger, actually, MSN Messenger is becoming the primary medium it seems for viruses. That article says as much.