Transcribed for the image impaired ...
this really looks like you :S http://mymsngallery.my.funpic.de /viewimage.php?=*********@hotmail.comInitially I clicked the link thinking it was just something off of an MSN profile I messed around with - then of course it would look like me. Instead Messenger prompted me to decide whether to "Run" this thing or not. Wha - huh? Wait a minute here ...
Thankfully this is where good sense kicks in and you click Cancel, or you're immediately aware of how close you came to installing a virus and yet intrigued as to what its purpose was ... and you click Save. Do not, under any circumstance, ever click Run unless you absolutely know exactly what the heck you're running. That's the quickest ticket to a dead machine or worse: a zombie!
Anyway, I haven't been able to find out the name or purpose of this virus, but I can tell you one thing:
Do not, under any circumstance, visit any URL that contains funpic.de
Holy hell, this person's infected computer just messaged me again ...
Transcribed ...
Hey it's really your PIC ? :) http://mymsngallery.my.funpic.de /viewimage.php?=*********@hotmail.comLet the blocking of contacts for quarantine commence!
16 comments:
Er... you might want to edit out your email address in those pics ;)
err... yea "snowy" globin lol.
Well anyways, I'm the IT guy here at my office and it started jumping from one contact to the other then soon enough, 3 of our users started spamming everyone. Those 3 clicked on the link but did not download it but they're still spamming. Anyone know anything about this issue? This started an hour ago as well.
There's a story behind the little ice goblin, but that's for another time. I thought about removing that address, but decided it wasn't necessary since I don't use it and it's in an image; I'm just concerned about spam/scraper bots.
Then out of the blue someone I don't know wants me to add them to Messenger and I suddenly regretted not pixelating! Luckily and strangely it was just someone who wanted to thank me for writing this post.
You never know, but feel free to sign me up for some spam. I can never have to much of that stuff!
I got the same thing. Unfortunately my common sense didn't kick in and I clicked "Run". Immediately the keyboard and mouse quite working and I could see that some windows were flashing by, opening and closing faster than you could even tell what app it was. Death-by-Power button time.
Turns the virus was sending the same link to my MSN contacts. Thankfully none of the five or so people that go sent the message from my account we so stupid as to click the link as I was. Symantec Endpoint Protection detected a "Trojan Horse" in a .bat file in the root of C and nuked it, but not before something else was done. I found a wkssvc.exe file in my C:\Windows\ folder which appears to be a rootkit, or part of another virus, or maybe both. It was the only file modified on my system after I got the message at 2/7/08 4:58:36 PM Central time but before I pulled the power. I'm pretty sure that SEP prevented anything else from happening, but you can never know for sure if a rootkit is hiding something. I guess I'll be formatting and doing a lot of re-installing this weekend.
Andy
Hi all.
I've been infected with this malicious virus as well. After reading the previous comment, I went on to delete the file wkssvc.exe in the c/windows directory manually, but found it was running in processes under task manager. So I closed the process and subsequently deleted the file. And it hasn't bothered me since - I tried shutting down and starting messenger and it still works fine. It might reappear though after a reboot, but I guess I'll know later :).
i got this but i dont know how to get rid of it! my computer continues to restart over and over even trying ot move into safe mode. How do i stop this?
Thanks for the info... I clicked on "Run" before I really even knew what I was doing - and instantly regretted it. However, none of the tell-tale signs of infection have appeared (i.e., no wkssvc.exe running according to Task Manager, no random windows opening, nothing messed up in my Host file). Do you have to restart or reboot before it shows? Or would it have shown up immediately?
Hi, one of my contacts on msn keft this link on the converstation tab saying "this really looks like you" and then a face. I thought this was actually my friends writing so I instantly clicked it, thinking this was actually true. Then i had doubts when it stated run save or cancel but I was naiive enough to click run and then my internet is now saying page cannot be displayed. I keep doing security scans and it keeps finding the so called problem. So I click fix now and the internet works for a short amount of time then goes back of again. This is not ideal to have to run a ten minute scan just to access the internet. Can please someone help me
I had the same problem, internet would work for like 15 seconds, I bought a new ethernet card, and I can use the internet again, but my computer is still running really bad, and now and then my msn sends out the link. I changed my name to dont accept anything from me, I have a virus. Only one of my friends that got the link accepted it. Hopefully I can get rid of it after reading the info here. Much appreciated.
I got this, also thinking it was a friend writing. while I'm scepitc about the whole 'no anti-virus can detect it' things I've been hearing, I am owrried. Each time it sends out the message I have to close and restart MSN. Also, I can't find the wkssvc.exe file - only a wkssvc.dll file. I am not a very technical person - can someone please tell me if this is the right file, and how to get rid of this stupid virus?!
-Kit
PS: this website is also very helpful... (http) squidnews.com/2008/01/23/your-msn-contacts-may-be-sending-you-viruses-mainmsncom/
I got this, also thinking it was a friend writing. while I'm scepitc about the whole 'no anti-virus can detect it' things I've been hearing, I am owrried. Each time it sends out the message I have to close and restart MSN. Also, I can't find the wkssvc.exe file - only a wkssvc.dll file. I am not a very technical person - can someone please tell me if this is the right file, and how to get rid of this stupid virus?!
-Kit
PS: this website is also very helpful... (http) squidnews.com/2008/01/23/your-msn-contacts-may-be-sending-you-viruses-mainmsncom/
Kay some knowlage on what I Do know. I got it and because this person knew what I looked like and knew I was paranoid about my pic on the intenet I belived them. They didn't know they had sent it so I said thanks but they never got that. Their computer restarted.
I tried to delete it and so appaled found it spearing, tell people on your addis about it even if you haven't had it. Send them a link here. It can help.
It didn't get infected but wouldn't delte. So i deleted all the folders it was in and whiped it clean out. If anyone else knows more of what this does pease say because I have loads of addies and they keep getting it. Sadly my friend just got it again now! DDDD=
There is an AIM virus, probably the same one, which does something similar. This page has more details on it and what it does:
http://dynatech.blogspot.com /2005/04/aim-virus.html
I've gotten enough questions about this to where I'm actively seeking a solution I can tell people about. If you know how to fix this virus, please let me know. My current recommendation is this:
1. Reboot in Safe Mode: Press F8 repeatedly after your computer starts up and you'll get a menu to run Windows in Safe Mode.
2. Launch your Anti-Virus Scanner and perform a full system scan. Since you're in Safe Mode, many things (hopefully the virus) won't have started so it should be able to catch it. If you don't have such a program, try AVG Free from Grisoft or avast! Both are completely free to use for non-commercial use and have worked well for me.
3. Delete \WINDOWS\minimsg.exe if it exists.
4. Reboot and pray.
OMG I had the same problem!!! I got this msg, and I clicked it, and it came to that site that asked me to download that file!!! I did, and them when I clicked it, nothing happened!! PHEW!!! Thank God for Macs... =)
Lol sorry I couldn't help it, was just passing by, trying to help a friend solve the same problem u had, haha cheers anyway =)
I just got that virus today, unfortunately I wasn't thinking and clicked the link. And with everything I don't remember if I had hit run/accept. I ran Windows Defender but it didn't detect anything. I've also uninstalled the Windows Live Messenger (MSN). Is there anything I can do to make sure I don't have it? I've done the ctrl-alt-delete and looked under processes for IM-Names and I've searched my local drive for a live.messenger. but I haven't found anything like it. Any ideas on what to do?
Go run windows safe mode and go to your system32 folder and remove wuamguard.exe, MSN_0333452.exe that should kill the virus but there can be more.
Post a Comment