messenger virus? HELP please - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Skype & Live Messenger (/forumdisplay.php?fid=10)
+----- Thread: messenger virus? HELP please (/showthread.php?tid=52086)
messenger virus? HELP please by tmlfan4eva on 10-22-2005 at 10:32 PM
Someone online today IMd me and said "Hey is this really you? http://messengertools.org/contactinfo.exe" or something like that, I downloaded it and opened it opened up a chat window with every person online and said that that person had just said to me. I can't go on msn now because it'll just do it again, also when I'm on the internet, it will open up the find option (control+F) and paste "www.messengertools.org/msn.php?session=gGvc1040&user=$msnaddy" into it. I've ran anti-virus,spyware,ad-aware scans and nothing came up. Someone please help me!
RE: messenger virus? HELP please by matty on 10-23-2005 at 01:01 AM
DON'T BOTHER DOWNLOADING THE FILES, I ALREADY HAVE
What you want to do is press CTRL+ALT+DEL
Click on the Processes Tab (Windows 2000/XP+ Only)
Post a screenshot (or type the items in the list). This way we can tell you which one to end and what to do after that. For the time being don't sign into MSN Messenger just yet. Wait until this is all cleared up ok?
Also you posted in the wrong forum. This should be in MSN/Windows Messenger not MsgPlus! Help and Support. This has nothing to do with Messenger Plus!.
Matty
RE: messenger virus? HELP please by tmlfan4eva on 10-23-2005 at 01:07 AM
Sorry for posting in the wrong forum, I'm sure a mod or someone will move it sooner or later. I can't go into the processes menu normally (control+alt+delete) but I still can show you a screenshot of the processes. Keep in mind I already deleted svshost.exe (temporarily disabled the virus)
![[Image: msnvirus4gg.th.jpg]](http://img463.imageshack.us/img463/7207/msnvirus4gg.jpg)
RE: messenger virus? HELP please by matty on 10-23-2005 at 01:11 AM
Download this program Autoruns from SysInternals
Look for svshost.exe and right click on it and select Delete.
RE: messenger virus? HELP please by tmlfan4eva on 10-23-2005 at 01:19 AM
I <3 you 
RE: messenger virus? HELP please by matty on 10-23-2005 at 01:44 AM
quote:Now as well you want to delete this folder "C:\Windows\system32\cfwkattrgt"
Originally posted by tmlfan4eva
I <3 you
When you originally ran the contactinfo.exe file it created that folder and copied itself as "svshost.exe" to be run.
You may not see the folder so to show it click on Tools > Folder Options > View > Show hidden files and folders.
RE: messenger virus? HELP please by SikStyles on 10-23-2005 at 02:39 AM
and for the note tmlfan4eva if someone says look at this picture or refers to a picture and the URL has an .exe at the end of it then dont open it because picture files dont end with .exe's they usually end in .jpeg .gif .png .bmp
.exe are executables which you have to run (viruses/trojans/bad stuff can be in there)
RE: messenger virus? HELP please by tmlfan4eva on 10-23-2005 at 11:21 PM
Yeah I know, it was stupid but oh well...I've learned from my mistake. About deleting C:\Windows\system32\cfwkattrgt there was no file like that after I showed the hidden files. So I guess its totaly gone? Thanks for the help Matty, much appreciated.