TechSpot

MSN virus

By ThaUnknown
Jun 9, 2007
  1. Ok someone sent me a message saying ''are these your pics '' and after clicking the link it downloaded something. Then my friend told me that i send that to him too. Now i everytime i log out of msn it logs me back in. And when i click a link like on yahoo it sends me to an add. I just want to get rid of this.

    and dont send me a link because some links i click close my whole Internet Explorer and i cant stop it.
     
  2. tomrca

    tomrca TS Rookie Posts: 1,000

    hi there. you obviously have have some sort of hijacker
    go TO THIS LOCATION and follow the instructions. don't forget, when you download 'hijackthis', place it in it own folder and change its name to 'analyser.exe''. the path should look like this C\prog files\hijackthis\analyser v_2.exe. after completion of scans post ALL LOGS REQUIRED.

    http://www.techspot.com/vb/topic58138.html if you need to type it in
     
  3. ThaUnknown

    ThaUnknown TS Rookie Topic Starter Posts: 62

    when i go to that link my whole Internet explorer closes man
     
  4. tomrca

    tomrca TS Rookie Posts: 1,000

    have you run your anti-virus programmes yet? windows defender removes some hijackers. try running in safe mode with networking.

    have you tried unistalling msn to see if it still shuts down your IE
     
  5. ThaUnknown

    ThaUnknown TS Rookie Topic Starter Posts: 62

    yea it still does. ill get on my AOL browser.

    Oh no When i try to dl hijackthis the dl closed before i can run or open
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Try doing a system restore to before your problems began.

    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of ThaUnknown only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. ThaUnknown

    ThaUnknown TS Rookie Topic Starter Posts: 62

    ok even on another browzer i cant click any links because it will take me to some supid ad. And i think the thing mabey have deleted my restoration points cause i cant go past yesterday. So what should i do?
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Unfortunately, it looks as though you`re going to have to consider doing a reformat and reinstall.

    Without you posting the requested logfiles, I can`t help you.

    Regards Howard :)

    This thread is for the use of ThaUnknown only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. ThaUnknown

    ThaUnknown TS Rookie Topic Starter Posts: 62

    and how do i do that?
     
  10. tomrca

    tomrca TS Rookie Posts: 1,000

    you will need to change the boot order. start by rebooting. as it reboots press F11 on and off continuously you will then get a box showing the boot order. select the CD/DVD rom your first choice, put disc press ok or save and let it reboot. you then follow on screen instructions. your first instruction will most likely be " PRESS ANY KEY TO BOOT FROM CD" hit any key and you're off.


    if you can get to here:

    http://www.techspot.com/vb/topic53502.html
    http://support.microsoft.com/kb/316941 they may help more
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You need to do the following.

    Diconnect from the net and don`t reconnect, until you have your firewall software installed.

    1 Restart your computer and go to setup usually by pressing the F2 or delete key.

    2 Once you get into setup look for the boot menu and make sure you set it to boot from cd first followed by your hard drive.

    3 Put the Windows xp disk into your cd drive.

    4 Now save your settings and exit setup.

    5 While your computer is booting you will see a message that says "press any key to boot from cd" press any key.

    6 When the welcome to setup screen appears press enter and then press F8 to accept the Microsoft licence agreement.

    7 You will be prompted to repair an installation press the escape key.

    8 Now select the partition that you want to reformat and press the D key to delete it you will be asked to confirm that you want to delete the partition.

    9 Now press C to create a brand new partition you will be asked what size you want the partition to be in mega bytes. If you just press enter then the partition will be the maximum size that you can have. This is perfectly ok if you don`t want to create multiple partitions.

    10 You will now be asked to format the partition select the ntfs file sytem and do a full format.

    11 Once the format is complete setup will continue.

    Your computer will restart during the remaining setup again you will be asked to press any key to boot from cd DO NOT PRESS ANYTHING and setup will continue. Once the setup is complete and you are back in Windows remove the Windows cd from your cd drive.

    Install your firewall software and reconnect to the net. Install whatever drivers you need, then run Windows updates.

    Finally, install whatever programmes/software you want.

    Regards Howard :)
     
  12. mclannahan

    mclannahan TS Rookie

    Hi - You don't need to reformat. It's a vicious little thing but luckily some chap has written a tiny app to get rid of it.

    http://yandao.com/2007/02/02/impfix-remove-the-msn-virus/

    If you have problems downloading it give me a shout and I'll host it or email you.

    On removal you'll be able to run HiJackThis and regedit again too. Everything back to normal.

    Renaming HJT sadly doesn't work for this virus - it's too smart for that!

    Cheers
     
  13. DAY_TRIPPER

    DAY_TRIPPER TS Rookie

    ^^does that work?
     
  14. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I checked it up and this seems like a relatively new fix. There are very few hits in yahoo, and no hits in google. However, judging by the replies from people who used it, it seems to work.

    My only concern is that the author did not provide descriptive information on how his tool runs and what it does in the background, thus it seems a little shady.

    I do recommend that if you do use it, after that please still continue with our preliminary removal instructions and post the required logs because it is highly likely that other nasties were downloaded into your system during the time that you were infected with this virus.

    Regards,
    Your friendly momok =)

    This thread is for the use of ThaUnknown only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. mclannahan

    mclannahan TS Rookie

    Sorry for being vague before - Was just a quick post!

    Yes, this application does work. I spent hours trying to fix my GF's laptop and eventually found this site. I've since done countless virus sweeps since using this tool and all is clean (Sophos, AVG, Panda Online and BitDefender) All report the system clean. Have also run spyware products and utilities and the system seems genuinely 100% fixed and clean.

    I was dubious about the application too but took the laptop off line and within seconds it had found the problem and sorted it.

    Hope this helps to relieve peoples fears! I appreciate that people feel rightly cautious about using a (at present) fairly unknown application to sort their virus problem but with everything - be sensible. Follow the Momok's advice. I was luckily and only had this one issue but no doubt if your security has been comprimised then this MSN virus could just be the tip of the iceberg of your IT issues!!

    Thanks all
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I hope the solution you`ve posted really works and thanks for taking the time to let us know about it.

    I have downloaded the file and had it scanned by Jotti`s. It came back clean, except for BitDefender, which thought it may be malicious, see the Jotti results below.

    Scan taken on 19 Jun 2007 00:24:50 (GMT)
    A-Squared
    Found nothing
    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found Generic.Malware.STk.A0CDD067 (probable variant)
    ClamAV
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found nothing
    F-Secure Anti-Virus
    Found nothing
    Fortinet
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    Panda Antivirus
    Found nothing
    Rising Antivirus
    Found nothing
    VirusBuster
    Found nothing
    VBA32
    Found nothing

    I hope this helps.

    Regards Howard :wave: :wave:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...