icex _
Premium
join:2004-05-22
USA
clubs:
 ·Colane Cable
| New virus going around on msn messenger?
People are realy starting to annoy me on msn messenger. Not sure what virus this is or how it got started, but people have been messaging me the following:
`~~{**namehidden**}~~ says:
hey is it really you on this pic msnprofiles.ms.funpic.de/viewimage.php?=someemail@hotmail.com
I deleted » to disable it.
When opened, it asks to run a ms-dos file. Obviously I dident. But if anyone that examins these files can examine it and see what it is so I can help people on my list (hopefully) get rid of it, it'd be appreciated. I'm not sure if its even on anti-virus's or not yet, which is why I'm wondering what it is..
--
Team Discovery |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| you are not alone...and it might be already identifiede as win32polycrypt
this is a good write up but not in English..
»zjari87.wordpress.com/2008/02/03···r-virus/
»m3rlinez.blogspot.com/2007/08/av···ses.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
Seattle206
@cablespeed.com | reply to icex _
I have had this sent to me 4 times today. Id didnt open it but my friends did.
Any threads on how to remove this? |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| There is an MSNCleaner and MSNFIX out there they could try..but since this is a new one..
»forum.hijackthis.de/showthread.php?p=148011
and you can read tips here by others
»squidnews.com/2008/01/23/your-ms···nmsncom/
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
1 edit | reply to icex _
This seems to be the best method so far for info and removal..besides AVG
»www.escapestudios.com/forum/show···hp?t=873
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to icex _
and since it is related to wkssvc.exe..
you can see it removed here in a hijackthis thread..
O23 - Service: Workstation Service Library (Microsoft Locator Service) - Unknown owner - C:\WINDOWS\wkssvc.exe
»gladiator-antivirus.com/forum/in···exe&st=0
wkssvc.exe is called the postcard virus. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.
You can check to see if wkssvc.exe is running in your registry and kill the process. Disable and remove wkssvc.exe immediately.
And just could be that old one..now being delivered a different way using 'social engineer' via MSN and a web site.
»www.trendmicro.com/vinfo/virusen···VSect=Sn
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
ridingstar
@comcast.net
| reply to icex _
The escapestudies.com removal seemed to work pretty well! My friend got this virus, and I was helping him through it (since he wasn't too literate with computers) and everything seems to be working now. No more messages are sending =)
Thanks, Name Game! |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| good going..if you have any other ideas on it..let us know please.
sure would like someone to upload the darn thing to jotti »virusscan.jotti.org/
or
»www.virustotal.com/
and post the screenshot or text file of the results..
to see what AV's detect it..and what they are calling it.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
1 edit | reply to icex _
To date at Virus Total this seems to be the AV's that detect it..and the name given by each.
»www.virustotal.com/analisis/c7df···2fdac982
»www.castlecops.com/p1048914-MD5_···3ad.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to icex _
There is a cleaning tool at this link that works..
»www.sharebigfile.com/en/file/664···exe.html
but then you also must go into the dos prompt “Start>Run>cmd” and run the command “attrib -h -s -r c:\windows\wkssvc.exe” Once that is completed you run the command “del c:\windows\wkssvc.exe” You might have to run “Start>Run>msconfig” as mentioned earlier to make it so the file does not boot when you start your computer, if you have not done that already. That should get rid of the file itself.
»squidnews.com/2008/01/23/your-ms···nmsncom/
and others sum it up this way..
1.)These 3 files need to be removed:
C:\windows\wkssvc.exe
C:\windows\system32\spool.exe
C:\windows\system32\vsconfig.xml (this file was hard, I had to use a special program to unlock)
2.) Repair the hosts file
3.) Remove all references to wkssvc.exe from the registry.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to icex _
Another Live Messenger odyssey into the "hey is it really you on this pic?"
»www.solo-technology.com/blog/200···/virusd/
Buzus.aa
»www.virustotal.com/analisis/0f4c···9ff542bf
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
Sindows 7
join:2006-09-13
Hope, BC |  reply to icex _
»Windows Live Messenger Scam |
|
