MSN Virus Help

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I have picked up an MSN virus somehow... i sends a message to people on my contacts list that if they click it opens a link to a msn blocker application. I have run NOD32 and spyware doctor and it has picked up anything. It keeps signing me out of msn and keeps bugging people in my contacts list so if anyone has some advice please please help!

thanks!

 

I once had an issue where MSN kept loggin me out and sending stuff to people in my sharing folder I uninstalled MSN and reinstalled again and nevr had any issues after that.

That being said I have formatted and reinstalled my pc the other week but that happened about 7 months ago.

 

System restore wont help cause i turned it off to scan. Umm im trying to avoid formatting cause i got all my software for uni on it and i could well spend the weekend setting it all up again

 

yeah tried - its a affecting all users. Reinstalling MSN now but will have to know later if im still affected....

 

Zimbo I got a yahoo messenger virus one I went to trend micro online scanner and it found it and killed it. Avg I'm said to say could not find the bloody thing.

However, bitdefender and Kaspersky Lab have free online scanners too. Here is the google link. I will let you choose.

http://www.google.com/search?hl=en&q=online+virus+scanners

 

this isnt mainmsn is it? Think i've just been hit with the same thing. Although im not entirely sure its worked on my machine.

 

Looks like this might be worse than you think, if its sending out messages akin to:

Hey, isn't this YOU??

then its the same that got sent to me. Speaking to the 'sender' it looks as if they are still sending out messages after having disconnected the machine from the internet. Looks like they are harvesting username/password information, so I would get online and change your password (from a different machine)

For me, I think i have several things in my favour -

1. I have a restore point I can go back to
2. I am running x64 Vista
3. I use Trillian, so msn isnt actually installed on my machine.

When the file ran, it brought up the vista 'this program didnt work correctly' error, and searched for a solution. Checking the system for modified files, nothing seems to have been modified around the time of running.

 

This may have been mentioned before but do you think your user/password may be comprimised. its proberbly logging you out because someone else is logging in. time for a change of password, or abandon the account and create another one

 

err no one is logging.. its the virus and i have changed it. I do a whole lot of scans and im waiting to see if it is still sending those msgs to people on my contact list - otherwise im getting all my stuff togethehr and ill format and start over.

Thanks for all the help guys!

 

Hi All,

Just noticed a few other people having this issue so I thought it might be worth posting my finds. I discovered this at about 3 o'clock today and phoned Sophos straight away to see if it was known. The guy that I got on the phone had apparently been speaking to someone just 30 mins before with the same problem. It would seem that it was released at some time this morning.

it basically puts a file in your windows folder wkssvc.exe and adds it to your startup folder.

if you need help removing I put a post on our forum

http://www.escapestudios.com/forum/showthread.php?t=873

Cheers

-Ben

 

Nope didnt help...

 

Zim

Sounds like Polyglot - spreading reasonably rapidly according to some sources.

Check this out: for details of the worm and this for manual removal instructions. I can't vouch for them personally as I've yet to see any of my test boxes hit with it, but Trend's manual removal instructions are usually spot on - which is odd, because I rank their actual products somewhere between Dr Solomon and a small barking dog for efficiency