Thread: Msn Virus

I just had one of my friends send me a message saying "HOLY SHIT!!! You have to look at this!!" and a link to some site. Curious, I clicked. Now, first warning, it is a page with only my email address and a download bar on it. Second warning, the internet download blocker thing detected something and blocked it, and DO I want to allow it? "YES!" I scream with unbeilavable stupidity, as I click allow and grant access to many a evil software....... So it downloads my so called "profile" and then my msn freaks out on a very extreme level and sends the same message to all of my online contacts. Oh xrap! Yup, the ball has dropped and my feeble little mind has connected two and two. It's a virus. So I quickly tell everyone I can to not go to that link, time is of the essance!!! Contacts I havent even talked to for years are assailing me with a bombardment of questions!!! "WTF DUDE!!!????" "OH SHHNAP Whats this???" "HAHAHAHA IM DUMB *CLICK*" I try to explain when my computer sends out another hellish wave of this foul internet spawn! I quickly shut down msn, and going over my choices, open up task manager and obliterate anything suspicious. I fear the possibilities of restarting my computer, so I start AVG, guardian of the pure and too cheap to buy real protection. And so it is that I came unto this site. With AVG detecting on errors so far, as suspected, and after some google research returning results I didn't understand. Please help me...


Also, on a simaler note, I had 3817 viruses about a week ago but they are gone now...

My advice is...

Don't be stupid.

Originally Posted by Adanac

And so it is that I came unto this site. With AVG detecting on errors so far, as suspected, and after some google research returning results I didn't understand.
Also, on a simaler note, I had 3817 viruses about a week ago but they are gone now...
[/b]

Umm, looks like you've been here a couple months. Judging by that it just seems like you're posting this everywhere you can find, right? Lol.

In any case there are seriously a lot of ways to remove this, it would also be a good idea to get a HijackThis log cleaned up. Tech Support Guy is a great forum, the people there really know what they're talking about..post it there if you haven't already.

Search for a solution on Google. It solves all problems.

Press ctrl-alt-delete and go to "processes". Google the names of all of the processes, starting with the ones that use the most memory and CPU power.
Eventually you'll find the one that's causing it, and Googling it should bring up fixes.
Other than that, download and install Lavasoft Adaware and Spybot Search & Destroy. Both are good antivirus programs that are entirely free. If you've got Norton or McAffee, toss them. They suck, they waste memory and CPU, and they don't catch as much as free alternatives do.
AVG's okay, but don't rely on it's virus scan capabilities too much, as it doesn't catch everything (In fact, I have AVG and keep it running, but I never use it's scan. All I keep it around for is its running process detection).

And yeah, stop being stupid. It helps.

I use Avast and that works pretty well.

One thing to remember is, if your computer wants to block it... let it. either that or look up the site first. Some people have to learn that the hard way, others just do it to be extra cautious... either way, it can save you alot of trouble in long run.

Alright I'll try all of these.

Go to http://www.sarc.com

You should not say yes to security messages like "Do you want to basically install something that this site says it should?". That's the obvious moral, but I think you realised that.

Now that you actually have the virus it doesn't sound like a very smart or subtle one and should (you'd think) be easily removed. But I know these can be quite persistent from some recounts and some people even attack me on MSN with such messages. I've never yet clicked one myself.

A good idea may be to take a screenshot of your entire 'processes' tab in Task Manager, if you're on XP or Vista, and if there's any particular process that's out of place it can be identified quite easily by us and then you'll know what to search on the internet for better instructions.

<div align="center"></div>
This is what I see. It&#39;s relatively obvious from each description that&#39;s available what each process is - yes, I would swear to Firefox having the world&#39;s biggest memory leak - and I know none of them are trojans or otherwise.

If AVG or otherwise has identified the virus, searching for it on the internet almost always finds you a solution. Often by Microsoft itself or otherwise: just don&#39;t go and download ANOTHER virus in the process, y&#39;hear?

it&#39;s quite easy to hide things from the windows build in process viewer

Use Sysinternals one instead
http://download.sysinternals.com/Fil...ssExplorer.zip

but to be honest,
there&#39;s nought like having another machine (that you know is clean)
and plug your hard-disk into that, and scan it *

scanning a hard-disk from an OS installed on that same disk is not 100% guaranteed to pick up everything


* you can also, if you wish, use a boot CD of some kind
and virus scan from that
there&#39;s a couple about, but I forgot their names

it&#39;s quite easy to hide things from the windows build in process viewer[/b]

Sure it is, but I&#39;ve never seen a trojan do that yet. They&#39;re all pathetic excuses for trojans. That said Process Explorer is always handy to have around. So I&#39;d get it anyway.

(That or I haven&#39;t seen them because they&#39;re hidden, har har).

...Privoxy, eh Kaniaz? Do you use it with TOR, and isn&#39;t that slow on dial up? And why do you have AOL processes running? I mean, you make fun of me for using Linux, but AOL&#39;s, well, the root of all stupid.
Anyway. Back on topic...

Normally, I&#39;d say that stupid should hurt, but in this case it looks like it already has. So, have you installed/ran some of those antivirus programs?

No, I don&#39;t use Tor. It&#39;s just a decent proxy that I run for other reasons (and not for my own use).

I have AOL processes running because it&#39;s not me that pays the bills and, consequently, it&#39;s not my choice of ISP. If it wasn&#39;t for the piece of shit AOL client which wastes CPU all the time doing just about fuck all, I&#39;d say that AOL was actually rather good with their 56k pricing and service.

Alright, problem sloved guys. It was disguising itself as SVCHOST.exe. Thanks for your help.

Pricing, maybe, service, HELL NO. We used to use them at our house until my mom got sick of the advertisements and all the crap their service reps gave her.
Anyway, that does suck that you&#39;re stuck with your parent&#39;s choice of ISP. Have you scoped out your neighborhood for unsecured WiFi?

Originally Posted by Adanac

Alright, problem sloved guys. It was disguising itself as SVCHOST.exe. Thanks for your help.
[/b]

SVCHOST.exe is also a Windows file you can&#39;t miss, so be careful.

Originally Posted by TweaK

SVCHOST.exe is also a Windows file you can&#39;t miss, so be careful.
[/b]

Yeah I know, but this one was running under OWNER.

Have you scoped out your neighborhood for unsecured WiFi?[/b]

Haha, you bet. We don&#39;t live in a built up area (the nearest house is pretty far away), so it&#39;s not an option. Not that I&#39;d probably consider it anyway.

I almost fell for that virus. When it popped up from a contact I hadn&#39;t spoken with in a long time, I was like "Wtf??"

I seem to have a natural adversion to sudden links that pop up on me, so I was one of the lucky ones that avoided infection.

People over here fall for it all the time, even though the original message is in English and coming from a Dutch guy/girl (to another Dutch person), yet they click it and are completely astonished when it turns out to be a virus. But it seemed to be so legitimate&#33;

Follow ataraxis advice. You probably knew that place was not good going to, but you let your curiousity get the upper hand over your rationality.

And if it is a really bad virus, reinstall Windows/Linux (assuming you have a cd for it).

And if you do happen to reinstall your O.S. keep in mind of the following that "WILL" occur. Here are some...

FUN FACTS

• Your Favorites folder will be back to the Operating System defaults.
  
• Any saved passwords will no longer be stored on your machine.
  
• Your browser homepage will be back to the default homepage.
  
• Your computer&#39;s Desktop settings including the screen resolution will be reset to the default settings.
  
• Your computer documents won’t be in the My Documents folder; they will be in the Recovered Data folder. This folder will have the same directory structure that your data had prior to the reinstallation.

Originally Posted by Ne

• Your computer documents won’t be in the My Documents folder; they will be in the Recovered Data folder. This folder will have the same directory structure that your data had prior to the reinstallation.

[/b]

Not if you reformat.

All I can say is "Perhaps" but reformatting doesn&#39;t guarantee anything.