"Photo.zip" virus (Probably not the first...) |
Author: |
Message: |
SeanW
New Member
Posts: 2
Joined: Nov 2007
|
O.P. "Photo.zip" virus (Probably not the first...)
Hey there.
I was wondering if anyone could help me out. The other day I got an IM from one of my friends about pictures of a computer they wanted and sent me a zip file. The when I open it, nothing happens. Then the next thing I know I get IMs left and right saying "I can't open the picture" or "Yeah that's a virus" or "You have a homepage? Why do you have pictures of me?" and so on.
So it's about this time that I say "Aww hell! I got a virus!" Now usually I scan Norton and nip the bugger in the bud, but not this time. Oh no. I tried spyware removers, uninstalling and re-installing and the thing won't go away.
I'm probably not the first person to ask about this, but how the junk to I get rid of this thing?
|
|
11-10-2007 08:11 AM |
|
|
Dane
Non-Elite Member
Dont ask to ask, just ASK!
Posts: 1621 Reputation: 52
35 / /
Joined: Dec 2002
Status: Away
|
RE: "Photo.zip" virus (Probably not the first...)
quote: Originally posted by SeanW
Hey there.
I was wondering if anyone could help me out. The other day I got an IM from one of my friends about pictures of a computer they wanted and sent me a zip file. The when I open it, nothing happens. Then the next thing I know I get IMs left and right saying "I can't open the picture" or "Yeah that's a virus" or "You have a homepage? Why do you have pictures of me?" and so on.
So it's about this time that I say "Aww hell! I got a virus!" Now usually I scan Norton and nip the bugger in the bud, but not this time. Oh no. I tried spyware removers, uninstalling and re-installing and the thing won't go away.
I'm probably not the first person to ask about this, but how the junk to I get rid of this thing?
Please submit a sample of the virus to virus-trapper@msgpluszone.com if you still have the original file...ill take a look at it and help you fix it up and git R done.
|
|
11-10-2007 08:36 AM |
|
|
SeanW
New Member
Posts: 2
Joined: Nov 2007
|
O.P. RE: RE: "Photo.zip" virus (Probably not the first...)
quote: Originally posted by Dane
quote: Originally posted by SeanW
Hey there.
I was wondering if anyone could help me out. The other day I got an IM from one of my friends about pictures of a computer they wanted and sent me a zip file. The when I open it, nothing happens. Then the next thing I know I get IMs left and right saying "I can't open the picture" or "Yeah that's a virus" or "You have a homepage? Why do you have pictures of me?" and so on.
So it's about this time that I say "Aww hell! I got a virus!" Now usually I scan Norton and nip the bugger in the bud, but not this time. Oh no. I tried spyware removers, uninstalling and re-installing and the thing won't go away.
I'm probably not the first person to ask about this, but how the junk to I get rid of this thing?
Please submit a sample of the virus to virus-trapper@msgpluszone.com if you still have the original file...ill take a look at it and help you fix it up and git R done.
Unfortunatly I don't have the file that the virus was held in. I deleted it, but I'm still having people on my contacts getting bombarded with the same message thate duped me.
|
|
11-11-2007 12:51 AM |
|
|
Chris4
Elite Member
Posts: 4461 Reputation: 84
33 / /
Joined: Dec 2004
|
RE: "Photo.zip" virus (Probably not the first...)
quote: Originally posted by http://www.bigblueball.com/forums/msn-windows-live-messenger-support/39945-photo-album-zip.html#post217085
* Go to My Received Files in My Documents folder. Delete (Shift + Delete) the Photo Album.zip folder and its contents.
* Go to C:\Windows. Delete the Photo Album.zip folder.
* In C:\Windows\System, find the rdfhost.dll or rdshost.dll files. Delete them.
* Go to Start > Run. Type regedit to open the Registry. Navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
rdshost {5344BB88-3DE1-409F-8307-C85923A1F4DD} Delete this key (right-click and click on Delete)
* Navigate to HKCR\CLSID\{5344BB88-3DE1-409F-8307-C85923A1F4DD} Delete this key.
* Reboot your computer.
|
|
11-11-2007 01:22 AM |
|
|
stupidboy
New Member
Posts: 3
Joined: Nov 2007
|
RE: "Photo.zip" virus (Probably not the first...)
hi gurus, i tried the step above... but maybe the file im receiving not the photo.zip , im receiving image29.zip,
but i believe the way of removing it should be the same right?
so wish you can give more info on how to remove it.
|
|
11-13-2007 11:48 AM |
|
|
stupidboy
New Member
Posts: 3
Joined: Nov 2007
|
RE: "Photo.zip" virus (Probably not the first...)
i sent a sample file to the email you mention, i wish you can find the solution for this virus.
please HELP
|
|
11-16-2007 02:26 AM |
|
|
Dane
Non-Elite Member
Dont ask to ask, just ASK!
Posts: 1621 Reputation: 52
35 / /
Joined: Dec 2002
Status: Away
|
RE: "Photo.zip" virus (Probably not the first...)
Hello,
I have received the email, unfortunatly nothing was attached for me to scan/test. However, based on the file name and infection vector, I preliminarily would guess you have Backdoor.Win32.IRCBot.apd, Discovered on November 11th, 2007. Protection is currently available for this threat by Kaspersky AntiVirus. However, to ensure a 100% diagnosis, I do need the file.
Thanks.
|
|
11-16-2007 03:31 AM |
|
|
Eddie
Veteran Member
Posts: 2078 Reputation: 30
32 / /
Joined: Oct 2005
Status: Away
|
RE: "Photo.zip" virus (Probably not the first...)
Use this...http://safety.live.com, i gave that to my friend and it apparently fixed the problem
...there used to be a signature here
|
|
11-16-2007 06:48 AM |
|
|
stupidboy
New Member
Posts: 3
Joined: Nov 2007
|
RE: RE: "Photo.zip" virus (Probably not the first...)
quote: Originally posted by Dane
Hello,
I have received the email, unfortunatly nothing was attached for me to scan/test. However, based on the file name and infection vector, I preliminarily would guess you have Backdoor.Win32.IRCBot.apd, Discovered on November 11th, 2007. Protection is currently available for this threat by Kaspersky AntiVirus. However, to ensure a 100% diagnosis, I do need the file.
Thanks.
hi, thanks for the reply, i guess u r right... it should be the Backdoor.Win32.IRCBot.apd, but how should i removed it if i dun have Kaspersky Antivirus? I do have NOD32.
i tried MSNCLEANER, IMPFIX and CCLEANER... seems not working at all... after few reboots.... it will start sending again.
|
|
11-16-2007 02:52 PM |
|
|
|