What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » WLM Plus! Help » Messenger Plus have a Virus

Pages: (2): « First [ 1 ] 2 » Last »
Messenger Plus have a Virus
Author: Message:
briandgwx
New Member
*


Posts: 4
Reputation: -2
Joined: Jun 2007
O.P. Sad  Messenger Plus have a Virus
I am a Chinese, English not well.

Today, i setup Messenger Plus 4.23.276, at end of setup,  my antivirus software Zonealarm found a Virus.

Virus Name: Trojan.Win32.Obfuscated.en

This virus in the C: Document and setting folder.

:@:@:@:@:@:@:@:@:@:@:@:@:@:@:@:

PLEASE SOLVE THIS PROBLEM!!!!!

This post was edited on 08-10-2007 at 03:32 AM by briandgwx.
08-10-2007 03:17 AM
Profile E-Mail PM Find Quote Report
prashker
Veteran Member
*****


Posts: 5109
Reputation: 104
– / Male / –
Joined: Mar 2005
Status: Away
RE: Messenger Plus have a Virus
This wouldn't be caused by Messenger Plus Live. Are you sure you downloaded it from the official site? msgpluslive.net.
08-10-2007 03:44 AM
Profile PM Find Quote Report
Dane
Non-Elite Member
*****

Avatar
Dont ask to ask, just ASK!

Posts: 1621
Reputation: 52
35 / Male / Flag
Joined: Dec 2002
Status: Away
RE: Messenger Plus have a Virus
The Virus you're describing was not caused by Messenger Plus! Live.

Please rescan your computer with Symantec Online Virus Scanner or McAfee Online Virus Scanner and confirm that you get a detection please.
08-10-2007 03:45 AM
Profile PM Web Find Quote Report
DarryDoo
New Member
*


Posts: 4
59 / Male / Flag
Joined: Oct 2007
RE: Messenger Plus have a Virus
I, too, have experienced this at the end of a Plus! install. Using Avast! antivirus, got the following -- see attachment:

Full file name:  C:\DOCUME~1\Rosalie\LOCALS~1\Temp\msgpl_e138.tmp\spinstall.exe

This PC had an old version of Messenger, which was updated to Messenger Live! after a prompt stating that the updated had to occur to continue. Once Messenger Live! was installed, the Plus! | Compatibility Info link was clicked, which auto-downloaded the version in question. At the end of the Plus! update, the warning popped up.

DIR in the TEMP directory reveals the following:
10/21/2007  05:05 AM            40,960 rtdrvmon.exe
10/21/2007  05:05 AM            49,152 ~DFD88C.tmp
10/21/2007  05:05 AM    <DIR>          msgpl_e138.tmp
10/21/2007  05:01 AM         3,954,000 MsgPlus - Auto Update.exe
10/21/2007  04:54 AM        18,895,728 msg4F.exe

After choosing No Action from Avast!, I received another warning, this time for C:\Program Files\Adverts\uninst.exe, for the same virus.

I promptly deleted the C:\Program Files\Adverts directory, which contained only the UNINST.EXE file.

Note that I chose NOT to install the sponsor.

It would appear that, indeed, there IS a trojan within the Plus! install package -- possibly in the sponsor.

I am currently scanning with Symantec online scanner, will update when results are available.

Cheers
Darren

.jpg File Attachment: trojan.JPG (40.42 KB)
This file has been downloaded 152 time(s).
10-21-2007 09:46 AM
Profile E-Mail PM Find Quote Report
ahmetgns
Veteran Member
*****

Avatar

Posts: 1343
Reputation: 8
39 / Male / Flag
Joined: Dec 2006
RE: Messenger Plus have a Virus
How to uninstall adware-sponsor?

How can I uninstall the sponsor program

quote:
Originally posted in website's FAQs - What does Messenger Plus! Live install on my computer?
For those who choose to give their support by installing the optional sponsor program, the sponsor's uninstallation program is copied in "C:\Program Files\Adverts" and is only used to uninstall the sponsor from Add/Remove Programs.

I doubt you installed sponsor :)

500th post :)
10-21-2007 10:00 AM
Profile PM Web Find Quote Report
Spunky
Former Super Mod
*****

Avatar

Posts: 3658
Reputation: 61
36 / Male / Flag
Joined: Aug 2006
RE: Messenger Plus have a Virus
spinstall.exe is associated with CiD. Are you 100% positive you didn't install the sponsor? If you didn't, it is quite possible that the un\install program was copied to the directory during installation of MP!L without any intent of ever being used
<Eljay> "Problems encountered: shit blew up" :zippy:
10-21-2007 10:07 AM
Profile PM Find Quote Report
Patchou
Messenger Plus! Creator
*****

Avatar

Posts: 8607
Reputation: 201
43 / Male / Flag
Joined: Apr 2002
RE: Messenger Plus have a Virus
The file that was detected is not a trojan but the program used to install/uninstall the sponsor. It can be extracted for two reasons only: the sponsor was accepted during the installation of Plus! Live or the sponsor was installed with a previous version of Messenger Plus! (3.xx) so the setup re-extracts the uninstaller to make sure it will be able to remove the sponsor when Messenger Plus! Live is uninstalled.

If you didn't accept to install the sponsor, then the only reason for this will be a previous installation from a previous version of Plus!. Of course, in that case, nothing is installed, the program is extracted only for future uninstallation. If the sponsor had already been removed by a third party program on your system, then don't worry about the uninstaller being deleted by your anti-virus, it probably won't be needed anymore (although it is never recommended to delete anything from yoru computer, sponsor or not, by using a third party program when an uninstaller is provided).
[Image: signature2.gif]
10-21-2007 04:43 PM
Profile PM Web Find Quote Report
DarryDoo
New Member
*


Posts: 4
59 / Male / Flag
Joined: Oct 2007
RE: RE: Messenger Plus have a Virus
quote:
Originally posted by Patchou
The file that was detected is not a trojan
Then why do several anti-virus utilities detect it as such? ^o)

quote:
but the program used to install/uninstall the sponsor. It can be extracted for two reasons only: the sponsor was accepted during the installation of Plus! Live
It was not.

quote:
or the sponsor was installed with a previous version of Messenger Plus! (3.xx) so the setup re-extracts the uninstaller to make sure it will be able to remove the sponsor when Messenger Plus! Live is uninstalled.
I'm fairly certain that the sponsor was not previously installed. But not 100%.

quote:
If you didn't accept to install the sponsor, then the only reason for this will be a previous installation from a previous version of Plus!. Of course, in that case, nothing is installed, the program is extracted only for future uninstallation. If the sponsor had already been removed by a third party program on your system, then don't worry about the uninstaller being deleted by your anti-virus, it probably won't be needed anymore (although it is never recommended to delete anything from yoru computer, sponsor or not, by using a third party program when an uninstaller is provided).


Is there a switch to simply extract all files in the EXE? I'd like to do more testing on these files. FWIW, the online scanners that Dane mentioned DO NOT scan inside compressed files, so of course nothing would be detected by them.
10-22-2007 04:30 PM
Profile E-Mail PM Find Quote Report
vaccination
Veteran Member
*****

Avatar

Posts: 2513
Reputation: 43
32 / Male / –
Joined: Apr 2005
RE: Messenger Plus have a Virus
quote:
Originally posted by DarryDoo
   
quote:
Originally posted by Patchou

    The file that was detected is not a trojan

Then why do several anti-virus utilities detect it as such? (Smilie)
Because anti-viruses aren't always right.
[Image: jumbled.png]
10-22-2007 05:51 PM
Profile PM Find Quote Report
dexluther
Junior Member
**


Posts: 23
Joined: Jun 2007
RE: RE: Messenger Plus have a Virus
quote:
Originally posted by vaccination
quote:
Originally posted by DarryDoo
   
quote:
Originally posted by Patchou

    The file that was detected is not a trojan

Then why do several anti-virus utilities detect it as such? (Smilie)
Because anti-viruses aren't always right.



Didn't that Microsoft one-care what-ya-ma-call it auto-update use to detect Plus itself as a malicious program? I think that would be proof enough that they aren't always right.
10-23-2007 08:42 AM
Profile E-Mail PM Find Quote Report
Pages: (2): « First [ 1 ] 2 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On