What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Skype & Live Messenger » WLM sends out messages and files as soon as I sign on

WLM sends out messages and files as soon as I sign on
Author: Message:
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: WLM sends out messages and files as soon as I sign on
Remember that a virus scanner is not the holy grale. It can only scan and maybe remove the stuff it knows about.

What you're experiencing is a _very_ typical Messenger-"virus". (note the quotes since it isn't a real virus).

Every so called script-kiddy can program such a malicious program and because there are so many of them and all done slightly different, there is no real way to detect them all. Not to mention that each probably needs to be cleaned/removed in a slightly different way (also the reason why you should first try to remove programs and other stuff by the proper official uninstallation instructions before attempting the use of a generic-removal program as that last one will rarely do the proper things).

So it is not surprising that your virus-scanner will not pick it up or can not remove it.

Anyways, yes, the messages and stuff you send via Messenger are caused by it. And that is also how this malicious program spreads: by tricking your Messenger-contacts you've send them something. They click on the link to see "your photo", but they actually download the malicous program.

-

To remove it you need to find out what _exact_ files and programs are run when you run Messenger.

C:windows\system32\ehknfpsgqz.exe is a start, but it would be no surprising at all if there are more files (like copies of that file, a setup, etc) laying around on your hard disk in some other places.

So, before running Messenger, go to your Task Manager (CTRL-ALT-DEL) and list _all_ the processes (process tab) which are running under your Windows account login name (see the 'User Name' column. Tip: you can sort the list by clicking on the column headers).

Then do the same thing while you're running Messenger. Run Messenger and go again to your Task Manager to check the processes. List any process which wasn't running before.

Post both lists here so we can take a quick look***.

*** A very very very good tool to do all this and which will give us all the information we need is Process Explorer:
- Download the above zipfile
- Open the zipfile (in Windows XP you can simply double click on it; or choose 'open' when you downloaded it)
- Double click on procexp.exe to start the program (no need for installing anything)

In Process Explorer
-1-  Go to the menu:   View > Select Column
-2-  Make sure at least the next columns are enabled: Process Name, Description, Company Name, Command Line (<= most important one!)
-3-  Click OK
-4-  Now that you've selected the columns, go to the menu:   File > Save As
       And save the process list to somewhere.
-5-  Start up Messenger (you don't need to close Process Explorer) and store the process list again, under a new name. Thus again:   File > Save As

Now zip those two files together (or add the second list to the first list so you end up with only 1 file) and attach it in a new post in this thread.


Essentially, what you need do next is booting up in Safe Mode, searching your hard disk for the malicious files and remove them manually
.-= A 'frrrrrrrituurrr' for Wacky =-.
02-23-2008 08:24 AM
Profile PM Find Quote Report
« Next Oldest Return to Top Next Newest »

Messages In This Thread
WLM sends out messages and files as soon as I sign on - by deffman on 02-23-2008 at 12:43 AM
RE: WLM sends out messages and files as soon as I sign on - by Sunshine on 02-23-2008 at 01:08 AM
RE: WLM sends out messages and files as soon as I sign on - by deffman on 02-23-2008 at 01:10 AM
RE: WLM sends out messages and files as soon as I sign on - by CookieRevised on 02-23-2008 at 08:24 AM
RE: WLM sends out messages and files as soon as I sign on - by deffman on 02-23-2008 at 08:44 AM
RE: WLM sends out messages and files as soon as I sign on - by deffman on 02-23-2008 at 08:47 AM
RE: WLM sends out messages and files as soon as I sign on - by ahmetgns on 02-26-2008 at 10:05 PM
RE: WLM sends out messages and files as soon as I sign on - by CookieRevised on 02-27-2008 at 01:32 AM


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On