Shoutbox

Need HELP! Computer expert and can't remove link-sending virus from friend's MSN! - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Skype & Live Messenger (/forumdisplay.php?fid=10)
+----- Thread: Need HELP! Computer expert and can't remove link-sending virus from friend's MSN! (/showthread.php?tid=81166)
Need HELP! Computer expert and can't remove link-sending virus from friend's MSN! by Falcon4 on 01-24-2008 at 09:04 AM

GAH!! I can't find anyone online (through the use of countless creative Google searches) that has the same problem!

I first encountered this problem when someone I didn't even know started sending me stupid links, like:

quote:
http://google.com ;)
ALWAYS followed by a wink. I blocked the user, but blocking them didn't help - I got the message, complimented with "You cannot send or receive messages from (blah) because you've blocked him/her". Somehow this guy was also in my contact list, so I removed them. I set my options to disallow anyone not in my contact list. Still, the messages came. I complained to Microsoft, and after several useless replies like "here's how to remove spyware" and "use virus protection!" and crap like that, I finally got an admission of "we're working on the problem". The messages stopped for a while. Later, they came up again, from the same user, but with different links - this time, instead of the same link over and over again (www dot free-offers-your-clicks dot com - DON'T go there, I didn't), it was a random link with a totally random subject-matter in the domain (hot chicks, deals, etc). ALWAYS followed by that ";)", which I'm starting to despise.

Finally, after another run-around with Microsoft, probably finally banning the user, I had silence. Until one of my best friends, whom I know personally in town, sent me the SAME kind of link.
[Image: L_omfgwtflolbbq.png.png]
Immediately after sending links, he gets signed out. The only thing he notices is that he gets signed out a lot.

I got on his computer and tried Process Explorer. There are no unrecognizable processes. The process tree is clean, all legitimate processes. Now, I've had a virus problem before (on another computer) in the form of a rootkit that embedded itself in the OS as a ".sys" file loaded during initial startup, that was a pain in the royal ass to remove. That one was just as bad - it was a mail worm that flooded my network with SMTP connections. Keep in mind, though, that none of these computers are MINE - mine is squeaky clean (no knocking on wood necessary. :P). But I've had to remove things like that in the past, along with many other deep-rooted variants like DLL hooks, regenerating and security-protected EXEs, etc... no such thing here. All the files in the Windows/System32 folder were created at an explainable time and I don't see any gibberish names. I did a search on all files created in the past few days (since I started getting the messages) and found nothing.

Obviously there's something, but what? This thing is majorly tricky and it's spreading itself to whoever is on his list (talk about embarrassing). I'm not dumb enough to click the link, but that's because I had prior experience with a dumb-looking link first (free-offers-your-clicks? why would I click that?). Now it's understandable why that first person never stopped sending me those links... he didn't even know how to take it off!

Any ideas? What the hell IS this thing? We're both open to Remote Assistance (which still works, and as best as I can tell, is clean), so you can, yourself, poke around and help fix the problem... but I really need to clean this thing out and we're not looking forward to a reformat. Again. :(

edit: Through a little more creative Googling, I finally found other people with a similar problem. They claim their friends log in, when they're not (really), send a link-with-a-wink, and sign out. That would explain why my friend gets logged out - he's being logged in somewhere else. Could my friend have had his password stolen like a retard? I don't think he's that idiotic. Is there a way a program (again, a virus/trojan) could decode MSN's saved password and send it? And wouldn't MSN say "You've been signed out because you signed in at another location"? That could also explain why their messages get around a specific block: it's using some kind of MSN hax. :(
RE: Need HELP! Computer expert and can't remove link-sending virus from friend's MSN! by Underlord on 01-24-2008 at 11:05 AM

Tell your friend to change his password.
http://www.tg007.net/forum/index.php?showtopic=92...threaded&pid=59066

RE: Need HELP! Computer expert and can't remove link-sending virus from friend's MSN! by Falcon4 on 01-24-2008 at 12:24 PM

You rule. I just let my friend know, to the fanfare of... "ok". Gotta love enthusiasm for problem solving.

Thanks!! Hopefully this topic can catch a few Googlers desperately trying to solve this annoying problem. :)