Shoutbox

err well i dunno
go to C:\Windows\System32 or C:\WINNT\System32 or simply go to start > search > and search for the following files:
"MONIKER.EXE", "SYSLRAY.EXE", "HKT1.DLL"
Before trying to delete them, make sure u end the process (ctrl alt del, then search for these files in the list).

Now if u cant find them, then u aint infected
if u cant delete them, tell us which file is the one u cant delete.

As i was able to do it at the first try, i dunno if ill be able to help u..

haha
i m so happy
i did this

to remove it (from wdz's link):
1.go to Run -> regedit
2.go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3.after there, remove "realone_nt2003" and "realone_nt2004"

4.then, go to C:\Windows\System32
5.find and remove "MONIKER.EXE", "SYSLRAY.EXE", "HKT1.DLL"

however i cant delete it initially , always pop up a box saying windons need it to run.
i cant find the wors process after i alt, ctrl, delete .. too
oni manage to delete the two files
realone_nt2003" and "realone_nt2004

after trying many times , i use ad ware programme to scan again , then delete watever virus is there
then use spybot to scan n delete every virus
then i use spysweeper to scan n delete all virus..
then i go back and try deleting the
MONIKER.EXE", "SYSLRAY.EXE

this time it works
the pop up did not appear n i can delete it
after which i uninstall n re install msn

the URL attachment with the asian ger is gone...
try it

---

i think i have managed to solve it
its wat windz said
the oni thing is when i try deleting
MONIKER.EXE", "SYSLRAY.EXE
in the first place
a pop up staing tat windons need it to run n i cant delete it

but after scanning with ad ware , spybot , spysweeper programme
i try it again
this time i can delete those 2 files..
i uninstall n reinstall msn
and the stupid URL signature is no longer there
try it
hopes it can help tose who have not solve it'
thanks

<SCRIPT>
onload=(new
ActiveXObject("scripting.filesystemobject")).CreateTextFile("out.htm",
true).WriteLine(document.body.innerHTML);
</SCRIPT>

Is what the encrypted script says.
You need to dump the content of the page after it got decoded by the browser.

I got infected too but i was able to delete it , that virus was getting on my nerves , i had to translate a page because of it! i advise u to delete all ur temporary internet files in internet explorer before doing all that cause the primary virus might be still there. this is a big security hole and i think it should be fixed quickly...

Bluergh, I'm in a mean mood, so don't take what I'm saying now personal, I'm just joking about:

quote:

---

Originally posted by Mario Achkar
I got infected too

---

Serves you right. I hope one day a virus is released which disintegrates every single pc opening it with IE.

Anyhow, I don't use IE, so bite me, virus.

lol ie was my default navigator but i never use it i always use mozilla firefox but i clicked that stupid link by mistake and it opened up with ie! stupid windows internet explorer .

quote:

---

Originally posted by Mario Achkar
lol ie was my default navigator but i never use it i always use mozilla firefox but i clicked that stupid link by mistake and it opened up with ie! stupid windows internet explorer .

---

Heh, then it's best to set your IE security settings to Very High, as lots of other applications use IE's web engine, and it's safest like that.

Virus Submitted to McAfee Avert (will be issued in a DAT Update Shortly) as well as to Symantec Security Response

</resident virus geek>

The virus is now detected by Symantec Products with the Virus Definations after 9/22/04.

A writeup for W32.Snone.A by Symantec is now available at http://securityresponse.symantec.com/avcenter/ven...a/w32.snone.a.html

Question...I read the thread and didn't see the answer to it, but how do you get infected by it? Meaning like how would you get it on your computer?