What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Skype & Live Messenger » Spreading Virus

Pages: (4): « First [ 1 ] 2 3 4 » Last »
Spreading Virus
Author: Message:
lavey92
Junior Member
**


Posts: 16
Joined: Jun 2010
O.P. Spreading Virus
Hi there (I had Put this in a different forum section as well not sure which one fits its criteria appropriately)

Well I accidentally clicked on a link and it installed a worm or something onto my system and it is constantly sending out links to all my contacts on msn messenger.

the link that my friends are receiving is "h t tp://img..image-bucket.us/imgs/DCSwhd...jpg"

(Made it so you cant click on it)

Can anyone please help me with this, I have used spy-bot search and destroy as well as ESET Nod 32 and they have not detected the virus!

Any help is greatly appreciated!!
Thanks.

This post was edited on 06-29-2010 at 04:29 PM by lavey92.
06-29-2010 04:29 PM
Profile E-Mail PM Find Quote Report
djdannyp
Elite Member
*****

Avatar
Danny <3 Sarah

Posts: 3546
Reputation: 31
38 / Male / Flag
Joined: Mar 2006
RE: Spreading Virus
Do the links get sent out when you're signed in?  Or when you're offline?
[Image: 1ftt0hpk-signature.png]
AutoStatus Script || Facebook Status Script
5425 days, 19 hours, 15 minutes, 41 seconds ago
06-29-2010 06:03 PM
Profile E-Mail PM Find Quote Report
lavey92
Junior Member
**


Posts: 16
Joined: Jun 2010
O.P. RE: Spreading Virus
I'm only aware of whilst signed in.
Thanks :)
06-29-2010 06:08 PM
Profile E-Mail PM Find Quote Report
Chris4
Elite Member
*****

Avatar

Posts: 4461
Reputation: 84
33 / Male / Flag
Joined: Dec 2004
RE: Spreading Virus
Go to Start > (in XP click Run) > Type msconfig and press enter. Click the Startup tab.
These are some of the basic processes that run when Windows starts.
Look for any startup items that look suspicious, uncheck them and click OK. Restart your PC when asked.

Once restarted, run Windows Live Messenger and see if the problem continues.

If it does, download AutoRuns. This is a more advanced list and includes everything which runs at startup.
Again, look for anything suspicious which you don't recognise, uncheck them, save, and restart.

If you're unsure about the startup items, you can screenshot[?] them and post it here, we'll take a look.
Twitter: @ChrisLozeau
06-29-2010 06:35 PM
Profile PM Find Quote Report
Chrissy
Senior Member
****

Avatar

Posts: 850
Reputation: 5
29 / Male / Flag
Joined: Nov 2009
RE: Spreading Virus
Here's what I would do (I know you've done a few).

Start your computer and scan it for Viruses. Please make sure your Anti-Virus software is up to date.

Now scan for malware. (Use: http://www.malwarebytes.org - Free.)
> Make sure you clean all infections.

Change your Windows Live Password & Secret question. (Live Password Change.

Then make sure Windows Live Messenger is set not remember your password.

Restart & Sign-In.

---

Avoid clicking on dodgy link sent by contacts, don't give any personal details to websites that are not live.com. Block checkers and smiley websites than want your password are fake.

Always scan all files received by your contacts, even if your close to them. You can tell if they're telling you about something you did and your WLM ID is in the link.

---

Good Luck ;)
06-29-2010 10:38 PM
Profile E-Mail PM Web Find Quote Report
lavey92
Junior Member
**


Posts: 16
Joined: Jun 2010
O.P. RE: Spreading Virus
Thanks for the replies!
Chrissy - I've already run malwarebytes and it was also unsuccessful. I also changed my password and I think it is still sending (Not exactly sure yet). Edit: It is continually sending out said link.

Chris- went into the msconfig startup menu and there were no out of the ordinary autoruns there. So I downloaded the reccomended and theres so much stuff on there that I have no Idea about, so I posted some screenshots here (Sorry if they are too small or too big, tell me and i will host it at photobucket, but this was quicker)

[Image: tsmx1j8S.jpeg]

[Image: x8Se8cj1.jpeg]

[Image: OqqkNo3R.jpeg]

[Image: 61bjjD8s.jpeg]

[Image: sqaUjvIm.jpeg]

[Image: 87BHKRYU.jpeg]

Ok That is all the of the stuff that is in autorun!
Thanks again your help has been very great!


This post was edited on 06-30-2010 at 07:40 AM by lavey92.
06-30-2010 03:51 AM
Profile E-Mail PM Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
RE: Spreading Virus
In the first and the last screenshot there is an application from "Malware Farms" which looks suspicious. Make sure you don't just disable the startup entry, but browse to the folder where it's located and delete the file and everything associated with it.
Finish the problem
Menthix.net | Contact Me
06-30-2010 09:12 AM
Profile E-Mail PM Web Find Quote Report
lavey92
Junior Member
**


Posts: 16
Joined: Jun 2010
O.P. RE: Spreading Virus
Ok will do this, I will keep you all informed of my progress!

Thanks!

This post was edited on 07-01-2010 at 02:40 AM by lavey92.
06-30-2010 09:18 AM
Profile E-Mail PM Find Quote Report
lavey92
Junior Member
**


Posts: 16
Joined: Jun 2010
O.P. RE: Spreading Virus
I Cannot seem to locate the file within the appdata\roaming, however when I type in hvex.exe into search, it comes up with the file, and I click open file location and it isn't in there. So I attempted to delete the file through the searcher, and it says that it cannot be deleted due to it being used elsewhere. I have closed every application and ended every proccess possible (without affecting windows) and it still doesn't let me delete it. Any suggestions?
Thanks
07-01-2010 02:40 AM
Profile E-Mail PM Find Quote Report
Chris4
Elite Member
*****

Avatar

Posts: 4461
Reputation: 84
33 / Male / Flag
Joined: Dec 2004
RE: Spreading Virus
quote:
Originally posted by lavey92
it says that it cannot be deleted due to it being used elsewhere
Ok here's what you need to do to delete the file...

Press CTRL+SHIFT+ESC to bring up Task Manager.

On the Processes tab, find explorer.exe and click End Process.

Now go to File > New Task. Enter cmd and press OK. This will bring up the Command Prompt.

In the Command Prompt you need to type cd (standing for change directory) and a space, followed by the folder location of the suspicious file, so C:\users\david\appdata\roaming... (see what the rest of the file's location is in AutoRuns). Then press enter.

The prompt should now say the folder you entered, meaning you're "inside" that folder. You can now type del and a space, followed by the file, to delete it. Optionally, so you know it's worked, add a space and /p on the end which will prompt "Delete (Y/N)?" in which you type y and press enter.

Here's an example of me deleting an example.txt file in my Firefox's AppData:

[Image: examplecmd.png]

Once the file is deleted, in Task Manager you can go to File > New Task, enter explorer and press enter, which will open Windows up again.

This post was edited on 07-01-2010 at 03:54 AM by Chris4.
Twitter: @ChrisLozeau
07-01-2010 03:28 AM
Profile PM Find Quote Report
Pages: (4): « First [ 1 ] 2 3 4 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On