|
Urgent! For those using MSN Messenger (pg. 2)
|
View this Thread in Original format
| Lira |
Erm... what exactly does the virus do? (there are different ways of harming a computer)
I rarely use MSN, I'm just curious. |
|
|
| TigerClaw |
| quote: | Originally posted by Lira
Erm... what exactly does the virus do? (there are different ways of harming a computer)
I rarely use MSN, I'm just curious. |
What it basically does, It sends a url to all the people in your contacts on MSN Messenger with a url linking to a handcuffs.pif file, Its a file that looks like an MS Dos type of file, You should not download and execute the file whats so ever, Otherwise it will infect your computer and your MSN will send the url to other members of your contact, Thats why I urge everybody to scan there system if there using MSN Messenger. |
|
|
| {b.s.e.} |
| quote: | Originally posted by TigerClaw
What it basically does, It sends a url to all the people in your contacts on MSN Messenger with a url linking to a handcuffs.pif file, Its a file that looks like an MS Dos type of file, You should not download and execute the file whats so ever, Otherwise it will infect your computer and your MSN will send the url to other members of your contact, Thats why I urge everybody to scan there system if there using MSN Messenger. |
yes.. but what effects does the virus have on a system? |
|
|
| UWM |
| So basically all it does is sends itself to other people? |
|
|
| Lira |
| quote: | Originally posted by TigerClaw
What it basically does, It sends a url to all the people in your contacts on MSN Messenger with a url linking to a handcuffs.pif file, Its a file that looks like an MS Dos type of file, You should not download and execute the file whats so ever, Otherwise it will infect your computer and your MSN will send the url to other members of your contact, Thats why I urge everybody to scan there system if there using MSN Messenger. |
I guess I asked the wrong question - what happens if you're infected other than spreading the virus to your contacts? Does it format your computer? Does it cause random restarts? Etc... |
|
|
| TigerClaw |
| quote: | Originally posted by Lira
I guess I asked the wrong question - what happens if you're infected other than spreading the virus to your contacts? Does it format your computer? Does it cause random restarts? Etc... |
Nope, But it will continue to spread by forcing your MSN to message your contacts with the link, Which is why I urge you all to remove it. |
|
|
| Lira |
| quote: | Originally posted by TigerClaw
Nope, But it will continue to spread by forcing your MSN to message your contacts with the link, Which is why I urge you all to remove it. |
That's like HPV then... everybody passes it on but it hardly causes problems?
Meh, I thought it actually did something :( |
|
|
| UWM |
| quote: | Originally posted by Lira
That's like HPV then... everybody passes it on but it hardly causes problems?
Meh, I thought it actually did something :/ |
I was as confused as you were. |
|
|
| TigerClaw |
| There are 3 different veriations of the virus, here, here, and here. |
|
|
| TigerClaw |
| If the remover detected the virus and removed it, Please reply here with the results if it worked? |
|
|
| Lira |
ROFLOL, has anyone got the W32.Bropia.J variant?
| quote: | When W32.Bropia.J is executed, it performs the following actions:
1. Searches for the following files:
* %System%\adaware.exe
* %System%\VB6.EXE.exe
* %System%\lexplore.exe
* %System%\Win32.exe
Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
2. Drops and executes the following file, if the above files are not present on the compromised computer:
C:\cz.exe
Note: The dropped file is detected as a variant of W32.Spybot.Worm.
3. W32.Spybot.Worm copies itself to %System%\winhost.exe and deletes C:\cz.exe.
4. Adds the value:
"win32" = "winhost.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\OLE
so the W32.Spybot.Worm variant is executed when Windows starts.
5. Copies itself to the C drive using one of the following file names:
* LOL.scr
* Webcam.pif
* bedroom-thongs.pif
* naked_drunk.pif
* LMAO.pif
* ROFL.pif
* underware.pif
* Hot.pif
* new_webcam.pif
6. Copies itself as %System%\msnus.exe.
7. Drops the file C:\sexy.jpg and opens it in a browser window, displaying the following image of a fried chicken:
8. Monitors for any change in the status of MSN Messenger contacts.
9. Propagates by sending commands to MSN Messenger prompting the program to send a copy of the worm to the contacts listed.
10. Sets audio levels to zero.
|
Bestest worm ever :stongue:
I wonder if any of my contacts has got this :p |
|
|
|
|
