messenger virus send messages automatically
You were searching for "messenger virus send messages automatically". These posts might be of interest:
- No related posts.
Live Messenger Virus: look at my summer pictures
Filed in: Microsoft, Security — July 25th, 2007
To all MSN Messenger or Live Messenger users, DO NOT accept “summer2008.zip” file from your friends! It is a worm virus!
I received strange message from my two MSN friends (both girls) that say “look at my summer pictures http://___.tripod.com/summer2008.zip” (subdomain hidden). I downloaded the zip file and extract. It appears to be an executable .scr file (default file extension for Windows screensaver).
OK, that’s fishy. It should be JPG or some other image formats. Although, SCR is default file extension for screensaver but many virus/worm also use the same extension to cheat the victims. I can confirm that the file is a worm/virus. I deleted the zip file and send a message to alert my friends, but they did not response.
My msn friends kept sending the messages randomly such as:
A photo with me and my best friend :$ !!
look at my sexysummer pictures http://___.tripod.com/summer2008.zip
Look how wasted Paris Hilton is, after she got jailed : (
This is me totaly naked :-O please dont send to anyone else
About “summer2008.zip” virus
After digging the Internet, I found a detail information page about the
summer2008.zip worm or known as IRC-Worm.Win32.Agent.a (Backdoor.Win32.IRCBot.acd) by Kaspersky Anti Virus. The virus sends random messages in different languages such as English and Chinese.
Upon execution of the worm (.scr file), it drops random file name in your Windows folder:
images0XX.zip
photos0XX.zip
albumXX.zip
photoXX.zip
pictures0XX.zip
pictureXX.zip
(XX is random digitals, such as album39.zip, images091.zip.)
How to remove summer2006.zip virus
I suggest you update your anti virus and do a full system virus scan, or ask an expert friend to remove the virus manually. The manual removal instruction is available at C.I.S.R.T. - Chinese Internet Security Response Team
Comments Feed
TrackBack URL
July 26th, 2007 at 1:03 am
I just help my friend to solve it yesterday
Just install the 安全衛士
You can find it at:-
http://www.360safe.com
For more information, please review it in my blog (chinese):-
http://blog.forum-talk.com/2007/07/22/how-to-protect-your-pc-from-adware-and-spyware/
July 27th, 2007 at 12:11 am
I think there’s another one on MSN which goes like “Hey I just saw your picture, you look ugly!”.
After that, the user will send a zip file containing a virus.
July 31st, 2007 at 5:14 pm
[...] ago, I also received another message from other friend. He keep asking me to view his dunno what picture taken with his sister. Luckily I did not receive his [...]
July 31st, 2007 at 9:38 pm
and virus i got yesterday like this…but the message is can u look at my pet today?..
damn frustrated….
hit my colleague too…
August 9th, 2007 at 8:01 pm
my live. msg also detect tis virus
who can help me?
August 9th, 2007 at 8:14 pm
I managed to get rid of this one by doing a system restore to yesterday. Cleared up all my registry files. Haven’t had a problem since. Spread the word!!!!!!!
Beau
August 10th, 2007 at 1:45 am
didn’t know windows system restore can clear up worm/virus. Thanks for the info, Beau Heiner.
August 11th, 2007 at 4:08 pm
Solution for virus of messenger MSN pictures2007.zip or pictures2008.zip
I was looking for about this solution many hours….
I hope it help u….
Spanish:
************Agustín Carrillo 2007*******************
Eliminar el virus pictures2007 del messenger
************Agustín Carrillo 2007*******************
1.- Reinicia tu máquina
2.- Desconéctala de la red
3.- Enciendela y haz clic en el botón de Inicio, luego dale click en “ejecutar”
En el cuadro de diálogo que se abre escribe “regedit” (sin comillas, obviamente) Se abre el editor de registro
4.- Ve al siguiente directorio del registro:
HKEYLOCAL_MACHINESOFTWARE/Microsoft/Windows/CurrentVersion/ShellServiceObjectDelayLoad
5.- Encuentra en el bloque de la derecha la clave Prodigy1
6.- COPIA el valor de la dirección de memoria.
7.- Ve ahora al directorio HKEY_CLASSES_ROOTCLSID. del registro y ahí busca (usa Ctrl+F) el dato de memoria que
copiaste en el paso 6. Si lo encuentras, bórralo. No necesariamente aparecerá.
8.- Ahora ve a c:/windows y busca en ese directorio archivos *.zip, ahí deberás encontrar PictureAlbum2007.zip, bórralo.
ES PROBABLE QUE NO ENCUENTRES ESTE ULTIMO ARCHIVO, NO TE PREOCUPES, sigue con el paso numero 9
9.- Reinicia la computadora en modo seguro o a prueba de fallos
10.- Estando en modo seguro, busca “prodigy” en el directorio c:/windows
11.- Borra el archivo Prodigys323.dll o similar (puede tener otro nombre similar con diferentes números)
12.- Reinicia tu máquina, el virus ha muerto.
English:
1. Force your pc to shut down. Press restart button or power off button if shut down doesnt work.
2. Plug out ur telephone line.
3. Turn on ur computer and go to Run: regedit
4. Go to HKEYLOCAL_MACHINESOFTWARE
MicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad
5. Find the key “Prodigy1″. Note down the value under Data, then delete “Prodigy1″.
6. Go to HKEY_CLASSES_ROOTCLSID. Find the value u’ve jot down in #3 n if u find it, delete.
7. Go to C:Windows. Search for *.zip and PictureAlbum2007.zip should show. Delete it.
8. Restart your comp. Before it reaches windows, press F8 & restart comp in safe mode.
9. When in safe mode, go to C:Windows. Search for prodigy. Delete Prodigys323.dll or sthg similar.
10. Restart your computer normally! Voila!! YAY!!
August 20th, 2007 at 11:11 pm
today someone sent a zipped picture 2 me … it’s a huge virus…fortunatly i didn’t receved it…
the messages under pictures were : ” is that ur mamma in the picture ? ” and ” look @ my boyfriend…isn’t he the cutest ?”
August 23rd, 2007 at 2:43 am
Trend Micro’s Antivirus worked for mua, you have 30 days trial so download the bugger, install it and run the Scan. After you’re done, uninstalled the Antivirus or let it expire in 30 days time.
It’s a Trojan actually. It spams whoever on your MSN who’s online, you can see glimpses of the lil’ CMD popping up now and then.
September 23rd, 2007 at 8:52 pm
i also used the system restore and it worked …. i am not sure if the virus is completely removed but it is now inactive.
October 13th, 2007 at 2:49 am
there is an msn messenger virus/trojan that i receive from my friend. it says “look
this man is really funny.” it then asks one to download a zip file.
i tried system restore on my friend’s comp but it hasnt worked.
i have deleted the zip files from the comp… so the attachment doesnt come but the prompt keeps on happening.
how do i get rid of this prompt/virus to download files?
October 13th, 2007 at 4:20 am
Try to scan the infected computer using updated antivirus
October 14th, 2007 at 6:06 am
i get two at the same time, called image46.zip. it says is a funny picture from myspace, then later it sends it saying heis edited it. i almost opened it, until my trusty AVG dived in front of me.
December 14th, 2007 at 4:43 am
A girl just sent me a file and a message as soon as i logged on - “have you ever see this picture i took of myself?” the file was called “Photo_261.zip” i noticed it was a zip file and thought that was weird an the fact that i never speak to this girl… after reading various threads/websites I realised its a worm virus and i think its wat corrupted my hardrive about a month ago (it didnt cost me shit as it was under warrenty) NEVER accept a message like this ALWAYS ask them about it if they dont answer decline it no matter what it says —- even if it says NUDEPICOFME.zip —-DONT ACCEPT IT!
December 17th, 2007 at 12:07 pm
how do you get rid of the one that sends a free link to everyone online and logs in and out all by itself? there is a bunch of people who have it and they aren’t on the computer but this virus logs in and out on it all by itself
December 17th, 2007 at 12:10 pm
it says and looks like you get free emoticons but you end up with this thing logging in and out for you and sending everyone online this stupid link
December 17th, 2007 at 5:32 pm
@pipes: we have to notify our friends whose PC have been infected and ask them remove the virus..
March 3rd, 2008 at 6:13 pm
Having been on the recieving end of the files, not having contracted the sequentially transmitted datagrams, it would be safe to say “do not open any files recieved through MSN”, zip or not.
April 16th, 2008 at 2:20 pm
I was a victim who adcidentally click a zip file called “Our Photo Joiner” via MSN Messenger.
I try below steps to cure my pc:-
1) Use ATF Cleaner in SafeMode to clear all temp files
2) Run anti-spyware full scan
3) Run anti-virus full scan
Done!
So far no more IE windows pop-up & pc lack…
Jam [ jamemails.blogspot.com ]
April 18th, 2008 at 12:35 pm
Hi. Is there any possible way someone who INTENTIONALLY sent me a picture of someone I know, who did tell me they were sending me a picture could have sent me this virus by accident without knowing because someone sent it to them and they didn’t know and passed it on?
I found a backdoor trojan on my computer and I suspect my friend’s ex-girlfriend (she wasn’t ever even really his “girlfriend” anyway, lol). She and her friend have already hacked his Myspace account (and changed all his login info and refused to give it back to me. he is really mad about it too!) which I was looking after for him with his permission as per his own request, so I know they may have knowledge of how to do this. He says she is obsessed with him and from things she’s said to me, I believe him, so her attacking and spying on my computer isn’t something I would put past her (she showed me a picture of him thru MSN messenger, which now that I think of it, was rather odd to do, so it seems suspicious), but I’m not sure if it’s her that did it, or if she did, if it was by accident, or even if one of my friends sent it to me by accident with pictures they sent (if that can happen?), because I never received anything specifically like what you described “hey, view my new summer pictures”, etc.
October 10th, 2008 at 9:18 am
Hi there,
my co-workers had similar MSN virus and I get rid of it in this way:
1) go to infected users profile
go to key HKEY_LOCAL_MACHINE - SOFTWARE - MICROSOFT - WINDOWS - CurrentVersion - Run
2) enable hidden files. if you can’t see them or dont know how to display them download free commander
3) go to \Application Data\Microsoft and at the and there are two files with different names (evey infected computer has unique names)
4) copy those names into notepad and run taskbar ctrl+shift+esc
5) locate the file in Process tab end kill it (there is only one usually)
6) delete both files
7) go to start-run and type regedit
and find the file. The path is usually C:\windows\system32\.exe
delete the key, close regedit
9) run free commander and press alt+f7 - that will run search. search in C: drive for those two files (no exe) and delete everything.
VOILA! you dont need to restart your pc…