"Photo.zip" virus (Probably not the first...) - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Skype & Live Messenger (/forumdisplay.php?fid=10)
+----- Thread: "Photo.zip" virus (Probably not the first...) (/showthread.php?tid=78917)
"Photo.zip" virus (Probably not the first...) by SeanW on 11-10-2007 at 08:11 AM
Hey there.
I was wondering if anyone could help me out. The other day I got an IM from one of my friends about pictures of a computer they wanted and sent me a zip file. The when I open it, nothing happens. Then the next thing I know I get IMs left and right saying "I can't open the picture" or "Yeah that's a virus" or "You have a homepage? Why do you have pictures of me?" and so on.
So it's about this time that I say "Aww hell! I got a virus!" Now usually I scan Norton and nip the bugger in the bud, but not this time. Oh no. I tried spyware removers, uninstalling and re-installing and the thing won't go away.
I'm probably not the first person to ask about this, but how the junk to I get rid of this thing?
RE: "Photo.zip" virus (Probably not the first...) by Dane on 11-10-2007 at 08:36 AM
quote:
Originally posted by SeanW
Hey there.
I was wondering if anyone could help me out. The other day I got an IM from one of my friends about pictures of a computer they wanted and sent me a zip file. The when I open it, nothing happens. Then the next thing I know I get IMs left and right saying "I can't open the picture" or "Yeah that's a virus" or "You have a homepage? Why do you have pictures of me?" and so on.
So it's about this time that I say "Aww hell! I got a virus!" Now usually I scan Norton and nip the bugger in the bud, but not this time. Oh no. I tried spyware removers, uninstalling and re-installing and the thing won't go away.
I'm probably not the first person to ask about this, but how the junk to I get rid of this thing?
Please submit a sample of the virus to virus-trapper@msgpluszone.com if you still have the original file...ill take a look at it and help you fix it up and git R done.
RE: RE: "Photo.zip" virus (Probably not the first...) by SeanW on 11-11-2007 at 12:51 AM
quote:
Originally posted by Dane
quote:
Originally posted by SeanW
Hey there.
I was wondering if anyone could help me out. The other day I got an IM from one of my friends about pictures of a computer they wanted and sent me a zip file. The when I open it, nothing happens. Then the next thing I know I get IMs left and right saying "I can't open the picture" or "Yeah that's a virus" or "You have a homepage? Why do you have pictures of me?" and so on.
So it's about this time that I say "Aww hell! I got a virus!" Now usually I scan Norton and nip the bugger in the bud, but not this time. Oh no. I tried spyware removers, uninstalling and re-installing and the thing won't go away.
I'm probably not the first person to ask about this, but how the junk to I get rid of this thing?
Please submit a sample of the virus to virus-trapper@msgpluszone.com if you still have the original file...ill take a look at it and help you fix it up and git R done.
Unfortunatly I don't have the file that the virus was held in. I deleted it, but I'm still having people on my contacts getting bombarded with the same message thate duped me.
RE: "Photo.zip" virus (Probably not the first...) by Chris4 on 11-11-2007 at 01:22 AM
quote:
Originally posted by http://www.bigblueball.com/forums/msn-windows-live-messenger-support/39945-photo-album-zip.html#post217085
* Go to My Received Files in My Documents folder. Delete (Shift + Delete) the Photo Album.zip folder and its contents.
* Go to C:\Windows. Delete the Photo Album.zip folder.
* In C:\Windows\System, find the rdfhost.dll or rdshost.dll files. Delete them.
* Go to Start > Run. Type regedit to open the Registry. Navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
rdshost {5344BB88-3DE1-409F-8307-C85923A1F4DD} Delete this key (right-click and click on Delete)
* Navigate to HKCR\CLSID\{5344BB88-3DE1-409F-8307-C85923A1F4DD} Delete this key.
* Reboot your computer.
RE: "Photo.zip" virus (Probably not the first...) by stupidboy on 11-13-2007 at 11:48 AM
hi gurus, i tried the step above... but maybe the file im receiving not the photo.zip , im receiving image29.zip,
but i believe the way of removing it should be the same right?
so wish you can give more info on how to remove it.
RE: "Photo.zip" virus (Probably not the first...) by stupidboy on 11-16-2007 at 02:26 AM
i sent a sample file to the email you mention, i wish you can find the solution for this virus.
please HELP
RE: "Photo.zip" virus (Probably not the first...) by Dane on 11-16-2007 at 03:31 AM
Hello,
I have received the email, unfortunatly nothing was attached for me to scan/test. However, based on the file name and infection vector, I preliminarily would guess you have Backdoor.Win32.IRCBot.apd, Discovered on November 11th, 2007. Protection is currently available for this threat by Kaspersky AntiVirus. However, to ensure a 100% diagnosis, I do need the file.
Thanks.
RE: "Photo.zip" virus (Probably not the first...) by Eddie on 11-16-2007 at 06:48 AM
Use this...http://safety.live.com, i gave that to my friend and it apparently fixed the problem 
RE: RE: "Photo.zip" virus (Probably not the first...) by stupidboy on 11-16-2007 at 02:52 PM
quote:
Originally posted by Dane
Hello,
I have received the email, unfortunatly nothing was attached for me to scan/test. However, based on the file name and infection vector, I preliminarily would guess you have Backdoor.Win32.IRCBot.apd, Discovered on November 11th, 2007. Protection is currently available for this threat by Kaspersky AntiVirus. However, to ensure a 100% diagnosis, I do need the file.
Thanks.
hi, thanks for the reply, i guess u r right... it should be the Backdoor.Win32.IRCBot.apd, but how should i removed it if i dun have Kaspersky Antivirus? I do have NOD32.
i tried MSNCLEANER, IMPFIX and CCLEANER... seems not working at all... after few reboots.... it will start sending again.