quick! see this picture http://... new virus - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Skype & Live Messenger (/forumdisplay.php?fid=10)
+----- Thread: quick! see this picture http://... new virus (/showthread.php?tid=42246)
quick! see this picture http://... new virus by Fredzz on 04-08-2005 at 07:26 PM
quick! see this picture - http:/***t/~readjackson/wtf.scr
Damn stupid things! Is it fashion now to get virus on msn?? 
EDIT: Oh and btw, dont click on it!
RE: quick! see this picture http://... new virus by user27089 on 04-08-2005 at 07:28 PM
It's an old virus...
Its been around about the same time as w32.bropia... I think its the same virus in fact, just in a different form 
...
anway...
quote:
Originally posted by site
Upon executing the downloaded file, two popups would appear which both contain banners hosted on an Angelfire site, along with setting the same AIM away message as mentioned before. Also, if one were to attempt to open either task manager or regedit on the infected machine, the windows would stay open for a mere second, and instantly close.
The installed executable could be named one of two things; either YAHOOMSG.exe, or NETSTATT.EXE, both saved in your %winroot%\system32 folder. To find out which variant you have, I'd recommend closing everything related to AIM and Yahoo Messenger, running Hijackthis, and removing EVERYTHING labeled [Yahoo Messenger] in HJT.
After you check the files and remove them, wait 10 seconds and have it scan again. Any file(s) which reappear on your list labeled as [Yahoo Messenger] is your culprit file (I have seen it labeled either "YAHOOMSG.EXE" or "NETSTATT.EXE", but your results may very).
To remove this file for good, boot Windows into safe mode, select Start/Run and type "cmd" (without quotes) into the new dialog box and hit "Ok". A DOS-like console box will open. In the box, type:
cd\ **ENTER**
cd %systemroot%\system32 **ENTER**
DEL *the filename found* **ENTER**
Note - **ENTER** = press the Enter key on your keyboard.
Once you have done this, reboot the machine back into normal mode. Run HJT again, and check and remove the infected file from the list (if the file starts reappearing in the HJT log, go back into safe mode and repeat the steps above being sure you haven't received any errors) AND the "AIM Button" .
Assuming you have followed these steps correctly, you should now be rid of the problem. If not (or you cannot find the files causing it) please post your HJT log.
Edit: Other files found which may be the cause of the problem (as taken from a HJT log):
[AOL Messenger] HQSNPFLH.EXE
[Microsoft Gina V Encryption] MSGINAV.EXE
RE: quick! see this picture http://... new virus by Fredzz on 04-08-2005 at 07:29 PM
Thanks for the info Traxor 
Nice variables of this little sucker 