login | register | shoutbox

 What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Skype & Live Messenger » quick! see this picture http://... new virus

quick! see this picture http://... new virus
Author: Message:
Fredzz
Full Member
***

Avatar

Posts: 409
Reputation: 12
37 / Male / –
Joined: Apr 2004
Status: Away
O.P. Roll Eyes  quick! see this picture http://... new virus
quick! see this picture - http:/***t/~readjackson/wtf.scr


Damn stupid things! Is it fashion now to get virus on msn?? :@


EDIT: Oh and btw, dont click on it!

This post was edited on 04-08-2005 at 07:28 PM by Fredzz.
Fredzz rox00rz
04-08-2005 07:26 PM
Profile E-Mail PM Find Quote Report
user27089
Disabled Account


Posts: 6321
Joined: Nov 2003
Status: Away
RE: quick! see this picture http://... new virus
It's an old virus...

Its been around about the same time as w32.bropia... I think its the same virus in fact, just in a different form :s...

anway...

quote:
Originally posted by site

Upon executing the downloaded file, two popups would appear which both contain banners hosted on an Angelfire site, along with setting the same AIM away message as mentioned before. Also, if one were to attempt to open either task manager or regedit on the infected machine, the windows would stay open for a mere second, and instantly close.

The installed executable could be named one of two things; either YAHOOMSG.exe, or NETSTATT.EXE, both saved in your %winroot%\system32 folder. To find out which variant you have, I'd recommend closing everything related to AIM and Yahoo Messenger, running Hijackthis, and removing EVERYTHING labeled [Yahoo Messenger] in HJT.

After you check the files and remove them, wait 10 seconds and have it scan again. Any file(s) which reappear on your list labeled as [Yahoo Messenger] is your culprit file (I have seen it labeled either "YAHOOMSG.EXE" or "NETSTATT.EXE", but your results may very).

To remove this file for good, boot Windows into safe mode, select Start/Run and type "cmd" (without quotes) into the new dialog box and hit "Ok". A DOS-like console box will open. In the box, type:

cd\ **ENTER**
cd %systemroot%\system32 **ENTER**
DEL *the filename found* **ENTER**

Note - **ENTER** = press the Enter key on your keyboard.

Once you have done this, reboot the machine back into normal mode. Run HJT again, and check and remove the infected file from the list (if the file starts reappearing in the HJT log, go back into safe mode and repeat the steps above being sure you haven't received any errors) AND the "AIM Button" .

Assuming you have followed these steps correctly, you should now be rid of the problem. If not (or you cannot find the files causing it) please post your HJT log.

Edit: Other files found which may be the cause of the problem (as taken from a HJT log):

[AOL Messenger] HQSNPFLH.EXE
[Microsoft Gina V Encryption] MSGINAV.EXE
04-08-2005 07:28 PM
Profile PM Find Quote Report
Fredzz
Full Member
***

Avatar

Posts: 409
Reputation: 12
37 / Male / –
Joined: Apr 2004
Status: Away
O.P. RE: quick! see this picture http://... new virus
Thanks for the info Traxor (Y) Nice variables of this little sucker :P
Fredzz rox00rz
04-08-2005 07:29 PM
Profile E-Mail PM Find Quote Report
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts 		HTML is Off
myCode is On
Smilies are On
[img] Code is On