What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Skype & Live Messenger » Weird Chinese link

Pages: (3): « First [ 1 ] 2 3 » Last »
Weird Chinese link
Author: Message:
BooGhost
Veteran Member
*****

Avatar


Posts: 3186
Reputation: 10
37 / Male / Flag
Joined: May 2003
O.P. Weird Chinese link
OK, here (Peru) some ppl has got infected by a weird virus/worm that makes them send a sentence at the end of each message they send by MSN.

The weird chinese sentecnce is:
&#22914;&#26524;&#24744;&#23490;&#23518;&#12289;&#31354;&#34395;...<link here>&#32005;&#34966;&#35222;&#35258;.&#24433;&#38899;&#22899;&#20778;

(Chinese symbols not displayed, view screeny)

Translation:
If you lonely, are void...<link here> red sleeve vision The video and music female is superior

If you open the link you'll get infected

i tried but nothing happend i told Chrono, and he got it.


DO NOT OPEN IT

the link is "http://www.xf2s.com/msn/wode.jpg" i have advertised you, don't blame me if you get it too :P

i downloaded the image it's a text:

<html>
<iframe src="news.htm" width="0" height="0" frameborder="0"></iframe>
<center><img src="1.jpg"></center>
<html>

i downloaded then http://www.xf2s.com/msn/1.jpg

it's a real image

i don't really get it..... so if anybody wants to take a look..... tell me if you get any info on how to take it off and how it works :p

here a screeny of Chrono infected:

[Image: attachment.php?pid=306948]

.jpg File Attachment: weird.jpg (134.94 KB)
This file has been downloaded 1010 time(s).

This post was edited on 09-14-2004 at 04:33 AM by BooGhost.
09-14-2004 04:32 AM
Profile E-Mail PM Find Quote Report
WDZ
Former Admin
*****

Avatar

Posts: 7106
Reputation: 107
– / Male / Flag
Joined: Mar 2002
RE: Weird Chinese link
¬_¬

http://forums.happy-messaging.com/discus/messages/35/3014.html
09-14-2004 04:36 AM
Profile PM Web Find Quote Report
BooGhost
Veteran Member
*****

Avatar


Posts: 3186
Reputation: 10
37 / Male / Flag
Joined: May 2003
O.P. RE: Weird Chinese link
wait.... wich one of them is the solution, i guess the second one?
09-14-2004 04:40 AM
Profile E-Mail PM Find Quote Report
WDZ
Former Admin
*****

Avatar

Posts: 7106
Reputation: 107
– / Male / Flag
Joined: Mar 2002
RE: Weird Chinese link
I dunno what the fix is. The virus sounded interesting, so I did some searching and found that. :p

I don't think there's anything dodgy about 1.jpg, but news.htm has its source encoded... :dodgy:

<!--The page is protected by HTMLShip XP(Unregistered Version)-->
09-14-2004 04:44 AM
Profile PM Web Find Quote Report
BooGhost
Veteran Member
*****

Avatar


Posts: 3186
Reputation: 10
37 / Male / Flag
Joined: May 2003
O.P. RE: Weird Chinese link
ye i saw that too...... i thought it was L337 writing (j/k)

but i mean how can it do so much stuff....... weird... :dodgy: me wants to make one to........

09-14-2004 04:46 AM
Profile E-Mail PM Find Quote Report
Chrono
forum admin
*******

Avatar
;o

Posts: 6022
Reputation: 116
39 / Male / Flag
Joined: Apr 2002
Status: Away
RE: Weird Chinese link
well yeah, kinda annoying as the infected guy (in this case, me :P) wont notice it. i didnt receive the messages in chineese.

WDZ's link contains the solution :P

How to remove it (from wdz's link):
1.go to Run -> regedit
2.go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3.after there, remove "realone_nt2003" and "realone_nt2004"

4.then, go to C:\Windows\System32
5.find and remove "MONIKER.EXE", "SYSLRAY.EXE", "HKT1.DLL"
- (is sys"L"ray, not sys"T"ray, becarefull)
- (if u cannot remove moniker.exe or syslray.exe, u ctrl+alt+del, go to process, u end the process of this two)



it says u have to uninstall/reinstall msn, but i didnt do that :P
[Image: wdz_discrate.png]
09-14-2004 04:53 AM
Profile PM Web Find Quote Report
Mnjul
forum super mod
******

Avatar
plz wub me

Posts: 5396
Reputation: 58
– / Other / Flag
Joined: Nov 2002
Status: Away
RE: Weird Chinese link
Thanks DZ and Chrono for providing such solution...now I can finally help my friends ;)

BooGhost, the Chinese characters are about porn. It's a ...eh, a shame , that it seems to be developed in Taiwan ... 8-)
09-14-2004 09:29 AM
Profile PM Web Find Quote Report
jexx
New Member
*


Posts: 5
Joined: Sep 2004
RE: Weird Chinese link
hi chrono ,

i tired ur methid
but until the last stage , the two files cant be delte cos it says windons need it to run..
then i tried alt+ctrl , elete ..i cant find process.
pls advice again

thanks
09-17-2004 08:26 PM
Profile E-Mail PM Find Quote Report
Chrono
forum admin
*******

Avatar
;o

Posts: 6022
Reputation: 116
39 / Male / Flag
Joined: Apr 2002
Status: Away
RE: Weird Chinese link
quote:
Originally posted by jexx

i tired ur methid
but until the last stage , the two files cant be delte cos it says windons need it to run..
then i tried alt+ctrl , elete ..i cant find process.
pls advice again

thanks
are u sure u are trying to delete sysLray and not sysTray??
[Image: wdz_discrate.png]
09-17-2004 09:58 PM
Profile PM Web Find Quote Report
jexx
New Member
*


Posts: 5
Joined: Sep 2004
RE: Weird Chinese link
yes ....i follow everything
but when i delete them  .. a pop up will say cant delete it  windon need it to run..
i ctrl alt delete
but cant see them inside nor the word process
pls help


i aredi delete the  "realone_nt2003" and "realone_nt2004"

but then stuck there
the later part all cant
pls advice asap
09-17-2004 10:18 PM
Profile E-Mail PM Find Quote Report
Pages: (3): « First [ 1 ] 2 3 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On