What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » WLM Plus! Help » MSN worms and the liking.

MSN worms and the liking.
Author: Message:
Amendir
New Member
*


Posts: 4
Joined: Dec 2005
O.P. MSN worms and the liking.
Hey people.

I seem to have caught a worm. How I don't really know. I guess it wasn't really me catching the worm, since I borrowed this computer from a friend.
Anyway...

The problem is the classic one: Some 10 chat screens are opened randomly and a short text including a link is pasted. And frankly it's starting to bug me very much.

The text being displayed is:
"Look at me"

Then the link being posted is (I've broken it so no one, no matter how stupid, can catch the worm):
"h**p://importz.t35.com/mypictures.php"

Just removed the two "t"'s in "http://".

If anyone has a solution on how to remove this hell of a worm, please let me know. And I would like a very "straight to the bone" answer, not that I should go buy some antivirus software... I simply won't do that.

Someone must know how to remove this worm manually?
12-23-2005 10:54 AM
Profile E-Mail PM Find Quote Report
user27089
Disabled Account


Posts: 6321
Joined: Nov 2003
Status: Away
RE: MSN worms and the liking.
Sounds like you have w32.bropia worm, you can download the removal tool from the following link: Symantec Website.
12-23-2005 10:58 AM
Profile PM Find Quote Report
Amendir
New Member
*


Posts: 4
Joined: Dec 2005
O.P. RE: MSN worms and the liking.
Checking that out ASAP.

And by ASAP I mean I'm running the tool as we speak.
Nope, wasn't the w32.bropia worm...

One of your dudes from the IRC help channel told me the link was dead anyway... It still just bugs me to hell with all those windows popping up all the time...

This post was edited on 12-23-2005 at 04:57 PM by WDZ.
12-23-2005 11:04 AM
Profile E-Mail PM Find Quote Report
segosa
Community's Choice
*****


Posts: 1407
Reputation: 92
Joined: Feb 2003
RE: MSN worms and the liking.
Yeah, that was me. Okay, download HijackThis ( http://www.merijn.org/files/hijackthis.zip ) and post the log here. Then maybe I or someone else could take a look at it and spot the virus.
The previous sentence is false. The following sentence is true.
12-23-2005 12:26 PM
Profile PM Find Quote Report
Amendir
New Member
*


Posts: 4
Joined: Dec 2005
O.P. RE: MSN worms and the liking.
Right, here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 15:32:57, on 23-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\head891238.exe
E:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Fast.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ESBENW~1\LOCALS~1\Temp\Rar$EX00.110\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
F3 - REG:win.ini: load=C:\\yay.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [eTunnel] C:\head891238.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.13R] C:\head891238.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msdev control] msdevctrl.exe
O4 - HKCU\..\RunServices: [msdev control] msdevctrl.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: bw+0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8D6AD090-01EA-4E91-B6C0-74BBE59ADA39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

12-23-2005 02:33 PM
Profile E-Mail PM Find Quote Report
segosa
Community's Choice
*****


Posts: 1407
Reputation: 92
Joined: Feb 2003
RE: MSN worms and the liking.
As far as I can see the virus is the following file: C:\head891238.exe

Press CTRL+ALT+DEL to bring up the task manager. Find the process 'head891238.exe' and terminate it. Then open up HijackThis, have it scan, and remove the following items:

code:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: load=C:\\yay.exe
O4 - HKLM\..\Run: [eTunnel] C:\head891238.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.13R] C:\head891238.exe


Make sure that the process is terminated before you remove it with HijackThis otherwise the startup entry will most likely be automatically restored.

Now you need to delete the file itself. Easiest way would be to go to C:\ and delete head891238.exe if you can see it. Problem is that its attributes are probably set to hidden. If that is the case, go to Start => Run and type 'cmd', then in the black window that appears type:

code:
del C:\head891238.exe


It should delete, and that should, in theory, be the end of your msn worm problems.

By the way, I can see you have MyWebSearch (adware) installed. You might want to remove that, either by checking whether it will let you do so in Add/Remove programs, or by using Spybot S&D or Ad-Aware.

EDIT: You might want to repeat the steps that you took to delete C:\head891238.exe, instead for the file C:\yay.exe (although it might not exist, in that case then it doesn't matter).

This post was edited on 12-23-2005 at 03:23 PM by segosa.
The previous sentence is false. The following sentence is true.
12-23-2005 03:16 PM
Profile PM Find Quote Report
Amendir
New Member
*


Posts: 4
Joined: Dec 2005
O.P. RE: MSN worms and the liking.
Thanks a bunch.

This computer is really fucked up, I wonder what my mate has been doing with it :D

All steps are completed with succes. Thank you and have a merry Christmas.
12-23-2005 07:51 PM
Profile E-Mail PM Find Quote Report
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On