1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MSN Virus Help

Discussion in 'Computer Security' started by zimbo, Jan 23, 2008.

  1. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    I have picked up an MSN virus somehow... i sends a message to people on my contacts list that if they click it opens a link to a msn blocker application. I have run NOD32 and spyware doctor and it has picked up anything. It keeps signing me out of msn and keeps bugging people in my contacts list so if anyone has some advice please please help!

    thanks!
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  2. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    297
    319
    Try a system restore in safe mode to a time before the virus kicked in. Sometimes this can get you outta jail. :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  3. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    I once had an issue where MSN kept loggin me out and sending stuff to people in my sharing folder I uninstalled MSN and reinstalled again and nevr had any issues after that.

    That being said I have formatted and reinstalled my pc the other week but that happened about 7 months ago.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  4. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    System restore wont help cause i turned it off to scan. Umm im trying to avoid formatting cause i got all my software for uni on it and i could well spend the weekend setting it all up again :(
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  5. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    297
    319
    Ack well, probably best to try a system restore before you remove them. A virus doesnt mean it will automatically infect all your sys restore points.

    Have you logged in as a different user and tried MSN? If all is ok then at least you know the virus is lurking in your user profile.

    Failing that a uninstall and reinstall of MSN as GBL suggested might help as well. 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  6. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    yeah tried - its a affecting all users. Reinstalling MSN now but will have to know later if im still affected....
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  7. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,282
    73
    152

    Zimbo I got a yahoo messenger virus one I went to trend micro online scanner and it found it and killed it. Avg I'm said to say could not find the bloody thing. :cry:

    However, bitdefender and Kaspersky Lab have free online scanners too. Here is the google link. I will let you choose.

    http://www.google.com/search?hl=en&q=online+virus+scanners
     
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  8. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    171
    211
    this isnt mainmsn is it? Think i've just been hit with the same thing. Although im not entirely sure its worked on my machine.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  9. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    171
    211
    Looks like this might be worse than you think, if its sending out messages akin to:

    Hey, isn't this YOU??

    then its the same that got sent to me. Speaking to the 'sender' it looks as if they are still sending out messages after having disconnected the machine from the internet. Looks like they are harvesting username/password information, so I would get online and change your password (from a different machine)

    For me, I think i have several things in my favour -

    1. I have a restore point I can go back to
    2. I am running x64 Vista
    3. I use Trillian, so msn isnt actually installed on my machine.

    When the file ran, it brought up the vista 'this program didnt work correctly' error, and searched for a solution. Checking the system for modified files, nothing seems to have been modified around the time of running.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  10. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    297
    319
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  11. dales

    dales Gigabyte Poster

    1,998
    46
    97
    This may have been mentioned before but do you think your user/password may be comprimised. its proberbly logging you out because someone else is logging in. time for a change of password, or abandon the account and create another one
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  12. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    err no one is logging.. its the virus and i have changed it. I do a whole lot of scans and im waiting to see if it is still sending those msgs to people on my contact list - otherwise im getting all my stuff togethehr and ill format and start over.

    Thanks for all the help guys!
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  13. corbezier

    corbezier New Member

    1
    0
    1
    Hi All,

    Just noticed a few other people having this issue so I thought it might be worth posting my finds. I discovered this at about 3 o'clock today and phoned Sophos straight away to see if it was known. The guy that I got on the phone had apparently been speaking to someone just 30 mins before with the same problem. It would seem that it was released at some time this morning.

    it basically puts a file in your windows folder wkssvc.exe and adds it to your startup folder.

    if you need help removing I put a post on our forum

    http://www.escapestudios.com/forum/showthread.php?t=873

    Cheers

    -Ben
     
  14. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    Nope didnt help... :(
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  15. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    297
    319
    Have you tried hijackthis and checked to see if there is anything unusual running in the background?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  16. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Zim

    Sounds like Polyglot - spreading reasonably rapidly according to some sources.

    Check this out: for details of the worm and this for manual removal instructions. I can't vouch for them personally as I've yet to see any of my test boxes hit with it, but Trend's manual removal instructions are usually spot on - which is odd, because I rank their actual products somewhere between Dr Solomon and a small barking dog for efficiency :biggrin
     
    Certifications: A few
    WIP: None - f*** 'em

Share This Page

Loading...