Shoutbox

I am a Chinese, English not well.

Today, i setup Messenger Plus 4.23.276, at end of setup,  my antivirus software Zonealarm found a Virus.

Virus Name: Trojan.Win32.Obfuscated.en

This virus in the C: Document and setting folder.

:

PLEASE SOLVE THIS PROBLEM!!!!!

This wouldn't be caused by Messenger Plus Live. Are you sure you downloaded it from the official site? msgpluslive.net.

The Virus you're describing was not caused by Messenger Plus! Live.

Please rescan your computer with Symantec Online Virus Scanner or McAfee Online Virus Scanner and confirm that you get a detection please.

I, too, have experienced this at the end of a Plus! install. Using Avast! antivirus, got the following -- see attachment:

Full file name:  C:\DOCUME~1\Rosalie\LOCALS~1\Temp\msgpl_e138.tmp\spinstall.exe

This PC had an old version of Messenger, which was updated to Messenger Live! after a prompt stating that the updated had to occur to continue. Once Messenger Live! was installed, the Plus! | Compatibility Info link was clicked, which auto-downloaded the version in question. At the end of the Plus! update, the warning popped up.

DIR in the TEMP directory reveals the following:
10/21/2007  05:05 AM            40,960 rtdrvmon.exe
10/21/2007  05:05 AM            49,152 ~DFD88C.tmp
10/21/2007  05:05 AM    <DIR>          msgpl_e138.tmp
10/21/2007  05:01 AM         3,954,000 MsgPlus - Auto Update.exe
10/21/2007  04:54 AM        18,895,728 msg4F.exe

After choosing No Action from Avast!, I received another warning, this time for C:\Program Files\Adverts\uninst.exe, for the same virus.

I promptly deleted the C:\Program Files\Adverts directory, which contained only the UNINST.EXE file.

Note that I chose NOT to install the sponsor.

It would appear that, indeed, there IS a trojan within the Plus! install package -- possibly in the sponsor.

I am currently scanning with Symantec online scanner, will update when results are available.

Cheers
Darren

How to uninstall adware-sponsor?

How can I uninstall the sponsor program

quote:

---

Originally posted in website's FAQs - What does Messenger Plus! Live install on my computer?
For those who choose to give their support by installing the optional sponsor program, the sponsor's uninstallation program is copied in "C:\Program Files\Adverts" and is only used to uninstall the sponsor from Add/Remove Programs.

---

I doubt you installed sponsor

500th post

spinstall.exe is associated with CiD. Are you 100% positive you didn't install the sponsor? If you didn't, it is quite possible that the un\install program was copied to the directory during installation of MP!L without any intent of ever being used

The file that was detected is not a trojan but the program used to install/uninstall the sponsor. It can be extracted for two reasons only: the sponsor was accepted during the installation of Plus! Live or the sponsor was installed with a previous version of Messenger Plus! (3.xx) so the setup re-extracts the uninstaller to make sure it will be able to remove the sponsor when Messenger Plus! Live is uninstalled.

If you didn't accept to install the sponsor, then the only reason for this will be a previous installation from a previous version of Plus!. Of course, in that case, nothing is installed, the program is extracted only for future uninstallation. If the sponsor had already been removed by a third party program on your system, then don't worry about the uninstaller being deleted by your anti-virus, it probably won't be needed anymore (although it is never recommended to delete anything from yoru computer, sponsor or not, by using a third party program when an uninstaller is provided).

quote:

---

Originally posted by Patchou
The file that was detected is not a trojan

---

Then why do several anti-virus utilities detect it as such?

quote:

---

but the program used to install/uninstall the sponsor. It can be extracted for two reasons only: the sponsor was accepted during the installation of Plus! Live

---

It was not.

quote:

---

or the sponsor was installed with a previous version of Messenger Plus! (3.xx) so the setup re-extracts the uninstaller to make sure it will be able to remove the sponsor when Messenger Plus! Live is uninstalled.

---

I'm fairly certain that the sponsor was not previously installed. But not 100%.

quote:

---

If you didn't accept to install the sponsor, then the only reason for this will be a previous installation from a previous version of Plus!. Of course, in that case, nothing is installed, the program is extracted only for future uninstallation. If the sponsor had already been removed by a third party program on your system, then don't worry about the uninstaller being deleted by your anti-virus, it probably won't be needed anymore (although it is never recommended to delete anything from yoru computer, sponsor or not, by using a third party program when an uninstaller is provided).

---

Is there a switch to simply extract all files in the EXE? I'd like to do more testing on these files. FWIW, the online scanners that Dane mentioned DO NOT scan inside compressed files, so of course nothing would be detected by them.

quote:

---

Originally posted by DarryDoo
   

quote:

---

Originally posted by Patchou

    The file that was detected is not a trojan

---

Then why do several anti-virus utilities detect it as such? (Smilie)

---

Because anti-viruses aren't always right.

quote:

---

Originally posted by vaccination

quote:

---

Originally posted by DarryDoo
   

quote:

---

Originally posted by Patchou

    The file that was detected is not a trojan

---

Then why do several anti-virus utilities detect it as such? (Smilie)

---

Because anti-viruses aren't always right.

---

Didn't that Microsoft one-care what-ya-ma-call it auto-update use to detect Plus itself as a malicious program? I think that would be proof enough that they aren't always right.