SN Users - watch out for an MSN worm
08 December 2007, 11:17 PM
#1
Scooby Regular
Thread Starter
iTrader: (3)
Join Date: Aug 2004
Location: Muppetising life
Posts: 15,449
Likes: 0
Received 0 Likes
on
0 Posts
SN Users - watch out for an MSN worm
There is a worm going around some of our members who like to use MSN.
If you get this worm, it will try to pass it on to all other members in your address book. You will be unaware that you machine is sending messages to your friends, pretending to be you.
The text will be random, but will invite you to look at some pictures. I was caught out as the text just happened to be plausible. The file you will receive will be a .zip file.
Inside the zip will be a "picture". It will be called something along the lines of 420.jpg."your hotmail username".com. So its not really a .jpg. Don't run this file. Nasty things happen if you do.
I do not know what the virus is called, no current virus/malware scanner can detect it to my knowledge. I have been analysing a sample of this file for most of the afternoon. I have tried more than 20 AV scanners, and none currently detect the infection. Scanners I have tried include AVG, Norton, McAfee, NOD32 and a whole bunch of spyware/malware scanners.
Mods: I know this is computer related, however there are many members who use MSN but don't look in our computer related area.
If you do get infected, there are means to remove the infection. They are not easy, and there is no way at the current time to know if you have totally removed it. For me, after playing with it, I just rolled back to an image of my machine from y'day.
Each time the virus attempts to send the virus it changes many things. It changes the name of the .zip and the name of the .com. It also changes the names of the registry keys it hides under, and the names of the files it copies onto your machine.
I used a previous registry backup to compare and contrast while examining things (Winpatrol, it detects and informs of changes). First time the virus tried to hide as a print server, second time a video driver, last time a virus scanner. Shame it decided to call itself norton...I kill files like that on sight as a matter of course
If you get this worm, it will try to pass it on to all other members in your address book. You will be unaware that you machine is sending messages to your friends, pretending to be you.
The text will be random, but will invite you to look at some pictures. I was caught out as the text just happened to be plausible. The file you will receive will be a .zip file.
Inside the zip will be a "picture". It will be called something along the lines of 420.jpg."your hotmail username".com. So its not really a .jpg. Don't run this file. Nasty things happen if you do.
I do not know what the virus is called, no current virus/malware scanner can detect it to my knowledge. I have been analysing a sample of this file for most of the afternoon. I have tried more than 20 AV scanners, and none currently detect the infection. Scanners I have tried include AVG, Norton, McAfee, NOD32 and a whole bunch of spyware/malware scanners.
Mods: I know this is computer related, however there are many members who use MSN but don't look in our computer related area.
If you do get infected, there are means to remove the infection. They are not easy, and there is no way at the current time to know if you have totally removed it. For me, after playing with it, I just rolled back to an image of my machine from y'day.
Each time the virus attempts to send the virus it changes many things. It changes the name of the .zip and the name of the .com. It also changes the names of the registry keys it hides under, and the names of the files it copies onto your machine.
I used a previous registry backup to compare and contrast while examining things (Winpatrol, it detects and informs of changes). First time the virus tried to hide as a print server, second time a video driver, last time a virus scanner. Shame it decided to call itself norton...I kill files like that on sight as a matter of course
08 December 2007, 11:52 PM
#7
Scooby Regular
Join Date: Jun 2003
Posts: 48,539
Likes: 0
Received 0 Likes
on
0 Posts
Someone just told me that I sent them my baby cousin's pic (????) and they were trying to open it. I shouted " DON'T!!! I NEVER sent you any baby cousin's pic, and I never asked for your permission to put your pic on Myspace! I don't even visit Myspace FFS!"
My apologies to my fistful contacts if they have received any random rabbitting from me on MSN, it was actually dpb
LOL only joking, Duncan!
This virus needs sorting. Any MSN whizkids here to tell me how to handle it?
I am so close to breaking this fecking laptop! 
Last edited by Turbohot; 08 December 2007 at 11:58 PM.
Trending Topics
09 December 2007, 12:02 AM
#8
Scooby Regular
Join Date: Dec 2002
Location: Couch Spud
Posts: 9,277
Likes: 0
Received 0 Likes
on
0 Posts
I am one of the infected ones
Someone just told me that I sent them my baby cousin's pic (????) and they were trying to open it. I shouted " DON'T!!! I NEVER sent you any baby cousin's pic, and I never asked for your permission to put your pic on Myspace! I don't even visit Myspace FFS!"
My apologies to my fistful contacts if they have received any random rabbitting from me on MSN, it was actually dpb
LOL only joking, Duncan!
This virus needs sorting. Any MSN whizkids here to tell me how to handle it? I am so close to breaking this fecking laptop!
Someone just told me that I sent them my baby cousin's pic (????) and they were trying to open it. I shouted " DON'T!!! I NEVER sent you any baby cousin's pic, and I never asked for your permission to put your pic on Myspace! I don't even visit Myspace FFS!"
My apologies to my fistful contacts if they have received any random rabbitting from me on MSN, it was actually dpb
LOL only joking, Duncan!
This virus needs sorting. Any MSN whizkids here to tell me how to handle it?
I am so close to breaking this fecking laptop! You only asked me twice TH , it hasn't happened since though
I have no idea how you can get rid of it though
09 December 2007, 12:14 AM
#9
Scooby Regular
Thread Starter
iTrader: (3)
Join Date: Aug 2004
Location: Muppetising life
Posts: 15,449
Likes: 0
Received 0 Likes
on
0 Posts
I believe the answer for removal is here:
MSN Hijacked by .com file wrapped up inside .zip - Tech Support Guy Forums
However, it is not for the faint of heart It will take you a while to work through all of that. Even when you are done, there is no guarantee there is nothing left.
I am hoping someone will analyze the files I sent to get a quick fix for the issue.
MSN Hijacked by .com file wrapped up inside .zip - Tech Support Guy Forums
However, it is not for the faint of heart
It will take you a while to work through all of that. Even when you are done, there is no guarantee there is nothing left.I am hoping someone will analyze the files I sent to get a quick fix for the issue.
09 December 2007, 12:18 AM
#10
Scooby Regular
Join Date: Jun 2003
Posts: 48,539
Likes: 0
Received 0 Likes
on
0 Posts
Bleddy pain in the @rse it is I have found a PC doctor in my village newsletter. I shall give him a call tomorrow.
09 December 2007, 12:25 AM
#11
Scooby Regular
Join Date: Dec 2002
Location: Couch Spud
Posts: 9,277
Likes: 0
Received 0 Likes
on
0 Posts
Oh dear, I dont think I have sent anything out, when I got the messages from you there wasn't any files attached, but I do have MSN setup to virus check any files first
09 December 2007, 01:44 AM
#14
Scooby Regular
Join Date: May 2004
Location: Ascended to the next level
Posts: 7,498
Likes: 0
Received 0 Likes
on
0 Posts
09 December 2007, 01:41 PM
#20
yes we dont 
anyway back on topic, thanks for the heads up. I wonder how prevalent this is,because I havent seen any information on the virus boards as of yet , symantec dont seem to have it on theirs etc ??
Last edited by SwissTony; 09 December 2007 at 01:45 PM.
09 December 2007, 03:13 PM
#22
Its an old issue to be fair.. its being making its way around for a while !
MSN Messenger Virus Removal, MSN Virus, Happy-Messaging.com
MSN Messenger Virus Removal, MSN Virus, Happy-Messaging.com
09 December 2007, 05:11 PM
#25
Scooby Regular
8 years with no virus protection whatsoever and still running fine
It really is so simple I can't understand why MS find protecting you guys so difficult. Any downloaded file is checked by the OS and if it detects an application or installer you are warned and asked if you want to continue. On opening the file, if it contains either you get another warning before you authorise using your admin ID and PW. Any app which utilises key OS protocols requires authorisation on its first activation, after that, if you've still not realised that that JPEG called 'Britney DP Creampie' isn't what it seems then you deserve all the trouble it brings TBH.
Most home users need a web browser, email client, image, music and movie manipulation and convenient storage, and personal contact and diary control. All this ships with every new Mac, and almost every other task the home user could ever need to do is easy and available. If you really need to have an environment exactly like your workplace then fair enough, but in the same vein do you decorate your home to look like your office too ? Why not try something different, you never know, you might like it, being fast, efficient, reliable, productive, easy and pleasing to use, safe, and even stylish. I use both in my work and choose Mac, most whom use other systems don't do so by choice
BOT - Have fun with your worms
It really is so simple I can't understand why MS find protecting you guys so difficult. Any downloaded file is checked by the OS and if it detects an application or installer you are warned and asked if you want to continue. On opening the file, if it contains either you get another warning before you authorise using your admin ID and PW. Any app which utilises key OS protocols requires authorisation on its first activation, after that, if you've still not realised that that JPEG called 'Britney DP Creampie' isn't what it seems then you deserve all the trouble it brings TBH.
Most home users need a web browser, email client, image, music and movie manipulation and convenient storage, and personal contact and diary control. All this ships with every new Mac, and almost every other task the home user could ever need to do is easy and available. If you really need to have an environment exactly like your workplace then fair enough, but in the same vein do you decorate your home to look like your office too ? Why not try something different, you never know, you might like it, being fast, efficient, reliable, productive, easy and pleasing to use, safe, and even stylish. I use both in my work and choose Mac, most whom use other systems don't do so by choice
BOT - Have fun with your worms
09 December 2007, 05:41 PM
#26
Scooby Regular
Join Date: Jul 2002
Location: Under your bonnet
Posts: 9,173
Likes: 0
Received 0 Likes
on
0 Posts
If iTunes is anything to go by I'll never get a Mac, God awful bit of software.
(having only recently been brought kicking and screaming to it because of my iPod)
(having only recently been brought kicking and screaming to it because of my iPod)
09 December 2007, 05:58 PM
#27
Scooby Regular
Thread Starter
iTrader: (3)
Join Date: Aug 2004
Location: Muppetising life
Posts: 15,449
Likes: 0
Received 0 Likes
on
0 Posts
Its an old issue to be fair.. its being making its way around for a while !
MSN Messenger Virus Removal, MSN Virus, Happy-Messaging.com
MSN Messenger Virus Removal, MSN Virus, Happy-Messaging.com
As for Apples, when 80%+ don't use them people cannot be bothered to write viruses for them. Just not enough profit to bother with
09 December 2007, 06:36 PM
#28
8 years with no virus protection whatsoever and still running fine
It really is so simple I can't understand why MS find protecting you guys so difficult. Any downloaded file is checked by the OS and if it detects an application or installer you are warned and asked if you want to continue. On opening the file, if it contains either you get another warning before you authorise using your admin ID and PW. Any app which utilises key OS protocols requires authorisation on its first activation, after that, if you've still not realised that that JPEG called 'Britney DP Creampie' isn't what it seems then you deserve all the trouble it brings TBH.
Most home users need a web browser, email client, image, music and movie manipulation and convenient storage, and personal contact and diary control. All this ships with every new Mac, and almost every other task the home user could ever need to do is easy and available. If you really need to have an environment exactly like your workplace then fair enough, but in the same vein do you decorate your home to look like your office too ? Why not try something different, you never know, you might like it, being fast, efficient, reliable, productive, easy and pleasing to use, safe, and even stylish. I use both in my work and choose Mac, most whom use other systems don't do so by choice
BOT - Have fun with your worms
It really is so simple I can't understand why MS find protecting you guys so difficult. Any downloaded file is checked by the OS and if it detects an application or installer you are warned and asked if you want to continue. On opening the file, if it contains either you get another warning before you authorise using your admin ID and PW. Any app which utilises key OS protocols requires authorisation on its first activation, after that, if you've still not realised that that JPEG called 'Britney DP Creampie' isn't what it seems then you deserve all the trouble it brings TBH.
Most home users need a web browser, email client, image, music and movie manipulation and convenient storage, and personal contact and diary control. All this ships with every new Mac, and almost every other task the home user could ever need to do is easy and available. If you really need to have an environment exactly like your workplace then fair enough, but in the same vein do you decorate your home to look like your office too ? Why not try something different, you never know, you might like it, being fast, efficient, reliable, productive, easy and pleasing to use, safe, and even stylish. I use both in my work and choose Mac, most whom use other systems don't do so by choice
BOT - Have fun with your worms
I have no protection on my PC... been like this since 98.. never had a single issue.Oh and I'm sure Vista comes with basically all the stuff you just listed !
