SMB Worm spreading through MSN Messenger

Discussion in 'News' started by SimonV, Sep 27, 2003.

  1. SimonV
    Honorary Member

    SimonV Petabyte Poster Gold Member

    [​IMG]<font size="3">SMB Worm spreading through MSN Messenger</font>

    A new network virus called Worm.Win32.Smbmsn.163840 was discovered two days ago by Asia-based Global Hauri. This worm spreads through MSN Messenger through a file called SMB.EXE. If the user accepts this file, it will send itself to all contacts on his or her contact list. If the user executes it, a DOS prompt will come up for about a second and disappears. This occurs because it unzips a couple of files to the C: root and windows directories. The file also tempers with the registry (see below for details).

    Do NOT accept the file transfer of SMB.EXE (or any other suspicious file) in MSN Messenger!

    An MSN spokesperson said the company is aware of the virus, and that users' best means of protection is to have a desktop anti-virus solution already installed, and to use MSN Messenger 6's anti-virus feature. The feature enables customers to link their desktop anti-virus software to the IM client, automatically scanning incoming files for viruses.

    If you already accepted this SMB.exe file, here's how to remove it manually:

    1) Go to task manager. (Ctrl+alt+del) and select the Process tab.
    2) Click admagic.exe then click End Process
    3) Go to the C: drive and delete smb.exe and admagic.exe.
    4) Go to Windows directory and delete atl.dll, raw32x.dll, sm.dll and uz.exe.
    5) Go to the registry (Start &gt; Run &gt; type "regedit" &gt; click ok) and go to HKEY_LOCAL_MACHINE\SOFTWARE\Micorosoft\Windows\CurrentVersion\Run. Delete the svchost = admagic.exe string value.

    News Source:
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...


    Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.