| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 83264 | 2007-09-25 22:07:00 | Unexpected zip files Offered MSN Messenger | zqwerty (97) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 594964 | 2007-09-25 22:07:00 | We have a person who whilst using Messenger will be asked if they want to see pictures and believing that this is still the person they were communicating with they said yes "accept" where-upon a file that could not be opened arrived on the computer, subsequently it was realized that this file was not sent by the friend, now the same message is being sent from the newly compromised computer!!!!!!! Any advice/information appreciated. |
zqwerty (97) | ||
| 594965 | 2007-09-25 22:27:00 | Sounds like the computer in question does not have an up-to-date anti-virus installed. That should be the first mission, then do all the usual with Spybot, Adaware, etc etc. | FoxyMX (5) | ||
| 594966 | 2007-09-25 22:32:00 | Already has Spybot, and used it (10 suspect files found) but at the time of the acceptance download no warning was given. Also has Nortons Anti Virus and Firewall which is up to date. |
zqwerty (97) | ||
| 594967 | 2007-09-25 22:46:00 | Already has Spybot, and used it (10 suspect files found) but at the time of the acceptance download no warning was given. No warning was given by what? Nortons or Spybot? I would have used Avast Home or pro, at least both of these have an IM option, and may have detected the worm (I would say this is what it is), earlier, while it was being transferred / sent. And would have given u the option to delete it / terminate it. See if trojan remover picks anything up. Update it scan then select all options under the utilities menu. |
Speedy Gonzales (78) | ||
| 594968 | 2007-09-25 23:31:00 | No warning from either Nortons or Spybot. See a similar thing happening here Speedy: forums.techarena.in |
zqwerty (97) | ||
| 594969 | 2007-09-25 23:52:00 | here is a link: re- anecdotes of people that have encountered similar problems using live chat on windows messenger . www.eggheadcafe.com |
zqwerty (97) | ||
| 594970 | 2007-09-25 23:52:00 | Spybot wouldnt detect it, as this isnt a virus scanner. You would have to run it, and delete the entries belonging to this worm (if they come up). Teatimer may have picked it up, if it detected something was being written to the registry (I dont know, I dont use Spybot). It'll be some kind of MSN worm / trojan. And nortons I think wouldnt detect whats in a file, until you've downloaded it, then selected it then scanned it. |
Speedy Gonzales (78) | ||
| 594971 | 2007-09-26 00:09:00 | this apparent worm virus has several calling cards which are familiar in that the message sounds like something that your friend would say...ie..."hey, check out these cool new picts i have"...... Here is another link to a blog discussing similar messenger virus problems. blog.zurka.us |
zqwerty (97) | ||
| 594972 | 2007-09-26 00:24:00 | There's a lot of them, this isnt new. ie: Backdoor.MSNMaker - a trojan Cyrex MSN Trojan FakeMSN - password stealer MSN Cookies - pw stealer MSN Cookies 2.5 MSNCrasher MSNFaker MSNFurax MSNGhostToolz MSNKamuflao MSN LogThief MSNMessengerHack MSN Password Stealer 2.0 MSN.PWS.gen MSNRat MSNSpider MSNSpy 2.0 MSN Trojan 5.1 Worm.Sinmsn - hits Korean version Bropia - about 9 variants - this could be what this person has been hit with. |
Speedy Gonzales (78) | ||
| 594973 | 2007-09-26 01:58:00 | Ok will try the batch file suggested in the last link I posted when next at the infected computer. | zqwerty (97) | ||
| 1 2 | |||||