MSN VIRUS! in Off Topic

Page: 1 2 3
ID:277174
 
Oct 16 2006, 2:28 am
Ok, beware msn users. There is a big virus going around. I got it last night. I'm going to explain it to you the best I can. I managed to defeat it. Basically, you get it if you click a link going to this website. You may receiver it from one of your friends. It will say something like this: "Look it's a picture of you - www...". Whatever you do don't click that link. It has a .pif file disguised as a .jpg file.

Anyway, now to explain what the virus does. As soon as it gets in it first runs, and after a couple of seconds turns off windows firewall and deletes it. Yep, it deleted mine. Then it uploads tonnes of trogens into your computer. VET Antivirus picked them up thankfully. Then it opens up all your messenger contacts online and sends them that message I told you earlier. It then tries to freeze your computer by running useless programmings like help and support 7 times.

Eventually, I managed to get into safe mode, though it still ran there. I've narrowed it down to 2 files. A file called loadadv455.exe or the actual windows messenger.exe. I think it is the latter. They wipe over your previous version of windowsmessenger.exe with their own version. I also found a trogen called 304.exe sitting in my proecesses a few times as well as about 10 b.exe. Inconspicuous huh? Anyway, I eventually stop this feral pest. And also, I managed to get a lot of evidence on where it came from. I got an ip address of the trogen using netstat. Brillant application. I've also got 2 of their websites.

If you have this virus and need any help ridding yourself of it I think I'm going to write an anti worm. Give me a talk at spell_dime@hotmail.com.

Currently, a friend and I are getting this web server taken down. I can't tell you how, but it is not in a calm and peacful way, so hopefully we will be able to save the rest of the world from this heaven.

ADT_CLONE
#1 Oct 16 2006, 2:33 am
ADT_CLONE wrote:
Currently, a friend and I are getting this web server taken down. I can't tell you how, but it is not in a calm and peacful way

Don't do anything illegal... I recommend talking it to the hosting provider, if you can find them, and politely asking them to take down the site.

Keep in mind it's quite likely that the site itself was not paid for by the virus writer - they may have guessed or cracked (or stolen) an FTP password and uploaded the virus to the website without the website owner's knowledge.


save the rest of the world from this heaven.

"Heaven"? =P
#2 Oct 16 2006, 2:34 am
In response to Crispy (#1)
Crispy wrote:
save the rest of the world from this heaven.

"Heaven"? =P

This is MSN we're talking about here :-P.
#3 Oct 16 2006, 2:36 am
In response to Hazman (#2)
Haha. Good one!
#4 Oct 16 2006, 3:03 am
In response to Crispy (#3)
Sorry, it was heathen, I think. It's some slang. Anyway, I'm not planning on doing anything too illegal. Just checking for the site. My first thoughts was that it was privatly owned, though I may be wrong. Though I checked its contents using the download manager and it a couple of files. I don't really want to give the site here, as it is virus prone. I'm going to investigate this furthur, and see if I can find more about this website,

ADT_CLONE
#5 Oct 16 2006, 4:40 am
With all due respect, these MSN-spread worms have been around for years. They're ancient and if you fell for them you should be pretty ashamed of yourself. =p

The only thing I can say to possibly make things easier is this; owned.
#6 Oct 16 2006, 4:58 am
In response to Elation (#5)
The one your talking about has been around for yonks

"turns off windows firewall and deletes it. Yep, it deleted mine."

Who uses that hunk of junk anyway get a real OS mate..
#7 Oct 16 2006, 6:44 am
In response to A.T.H.K (#6)
A.T.H.K wrote:
Who uses that hunk of junk anyway get a real OS mate..

Windows is a 'real' OS. You shouldn't try to force your opinion on other people. Your opinion is your opinion, and not a fact.

O-matic
#8 Oct 16 2006, 6:47 am
In response to Elation (#5)
It's good to hear the different variations of them, though. They'll do lots of things to fool you. If it delayed its message until after your friend messaged you a few times and sent something like "lol look its a picture of you -- [address]", it'd be pretty convincing.
#9 Oct 16 2006, 6:50 am
In response to Kunark (#8)
On another computer of mine there is a similar virus, "[some random spanish phrase]: www.[some not-working link to an 'photos.zip' file]"...

O-matic
#10 Oct 16 2006, 9:27 am
In response to Kunark (#8)
By then they would've warned you not to click any links though. What they should do is implement smarterchild into their worm so you end up talking to the virus for a few minutes until it tricks you.

It could be like "hey my name is alex ^_~ i am staying round here with ur friend for a bit. do u want to see a picture of me i am a model [link to picture]". Then it makes tubgirl your desktop background.
#11 Oct 16 2006, 9:51 am
In response to A.T.H.K (#6)
For as much as I don't like Windows, it is a real OS. I don't call people stupid for using. I use Windows most of my waking hours. Like I said, I don't like it, but it does work. Yes, that is a flaw in the OS that needs to be fix(I consider IE to be part of the OS).

Switching OSs won't fix problems like these. Period. Although this particular virus worked through a bug in the system, the most powerful viruses actually work through social engineering, something that all OSs are venerable to. Only a password separates a Linux system from total destruction when introduced to a virus. The same can be said for Mac OSX, actually, OSX is probably worse, because I think it, like windows, likes you to work as a user with full system permissions. Considering that most home users will have the root(Admin) password, and it would take little convincing for them to put it in, they would the same problems windows users do. The only thing that makes windows users less save is system bugs/flaws that allow an intruder to run code without much social engineering.
#12 Oct 16 2006, 10:10 am
In response to Elation (#10)
Actually with the MSN viruses, I think they don't know that it sent you a message. It sends you the message without bringing up their message box, or at least with the ones I've seen.
#13 Oct 16 2006, 11:23 am
In response to Elation (#10)
EWWW.

NO.

Would you really do that to someone? Would you?
#14 Oct 16 2006, 11:25 am
In response to Elation (#10)
Unless they didn't know they had the virus. A lot of the people with MSN virii don't even know that they've messaged their friends with a link. Of course, it wasn't actually them, but the virus.
#15 Oct 16 2006, 11:28 am
In response to Danial.Beta (#11)
Actually, some of the more recent releases of OS boot disks sort of guide you through the process of making users with limited abilities. I never understood why, but this seems like a good reason.
#16 Oct 16 2006, 11:39 am
In response to Kunark (#12)
Kunark wrote:
Actually with the MSN viruses, I think they don't know that it sent you a message. It sends you the message without bringing up their message box, or at least with the ones I've seen.

Most people know they have the worm. Look at the original poster, for instance. In my experience (I've never had the worm myself, but I've talked to those that have and seen what happens from my end) it's often fairly obvious- MSN is all glitchy and unresponsive (they are unable to send messages whilst the worm is propogating it's own messages) and people will often warn them once it's died down ("dude, you have the MSN worm").
#17 Oct 16 2006, 1:33 pm
In response to Elation (#16)
i sent an email to my friends warning them but i dont think theyll listen now im wondering should i have sent that message because if it gets to website owners then ill probably get one back with a link full of viruses
#18 Oct 16 2006, 1:36 pm
In response to Upinflames (#17)
oh no not a link full of viruses :(
#19 Oct 16 2006, 1:43 pm
In response to Elation (#18)
I hate viruses why do people make tem for entertainment cause their not funny :(
Page: 1 2 3